> Due to the level of sophistication of the attack, and the malware code, we can no longer guarantee the security of your device.
This text caused a lot of aggravation, worries, and sleepless nights. No one wants to hear the security of their device has been compromised by a malware attack. The good news is that the actual victims of this malware attack were almost exclusively criminals. The bad news is that the message was sent out by a provider called EncroChat, which had previously billed itself as private as an in-person conversation in a soundproof room.
EncroChat provides customers with secure messaging and cryptophones. Their cryptophones run on the OTR operating system. Short for Off-The-Record, OTR is a cryptographic protocol that provides both authentication and end-to-end encryption for instant messaging. This protocol ensures that session keys will not be compromised even if the private key of the server is compromised. Even when a server is seized, the conversations cannot be decrypted or lead back to the participants.
EncroChat, a company based in the Netherlands, advertises their services as safer than safe, stating that no messages are saved on their servers, which are located “offshore.” But at some point, Dutch law enforcement figured out the EncroChat servers were located in France and got to work, hoping to catch criminals in the act.
Decryption specialists that had been involved in the Ennetcom (Canada) and PGP Safe (Costa Rica) cases were consulted and managed to access the EncroChat systems—their method of access is still unknown to the public. When asked how they managed to follow conversations on EncroChat, Netherlands' Team High Tech Crime chose not to answer. They may have hopes to use the method again in the future with another service.
Based on the information disclosed by EncroChat, it is likely that law enforcement agencies managed to install software on the servers that provided the phones with updates or delivered malware to the phones in another form. Either way, infecting devices allowed them to see the unencrypted messages. In essence, with enough infected devices, law enforcement was able to follow conversations in real time.
The warning that EncroChat sent out said:
> They repurposed our domains to launch an attack to comprise carbon units. With control of our domain they managed to launch a malware campaign against the carbon to weaken its security.
Another clue supporting this takeaway was the fact that some users complained that the wipe function no longer worked, an indication that the malware was active at the device level.
Hundreds of arrests have already been made in the UK, the Netherlands, France, the Middle East, and a few other countries. On top of that, law enforcement has millions of chat messages that can lead to more arrests or serve as evidence in upcoming lawsuits. International drug traffickers have been hit especially hard by the service going bust.
But law enforcement's move to access encrypted conversations sets up a dangerous precedent. Likely, the police had to act immediately on information that was potentially life threatening. However, without knowledge on how or why they breached the EncroChat system, their actions made encrypted chat users and operators suspicious about a possible leak. A criminal in the UK was confronted with an EncroChat message dating back to the end of 2019, so law enforcement agencies must have been monitoring the service for many months before users found out the system was compromised.
The EncroChat system was well organized and had gained a lot of trusting users over the years. Criminals felt secure enough to chat freely about everything: names of customers, drug deliveries, and even assassinations. And their trust was understandable, given what EncroChat had to offer:
EncroChat users paid hefty fees for this service— thousands of dollars per year, per device. The exorbitant fees may explain why the majority of the EncroChat clientele could be found on the wrong side of the law. Other parties that might have a vested interest in keeping their chat messages secret include government parties, journalists, security professionals, or lawyers. However, there are cheaper, if somewhat less sophisticated, alternatives for legitimate secret-keeping that law enforcement does not target.
After law enforcement agencies had taken down or compromised other providers, many European criminals flocked to EncroChat. An estimate by the French police indicated that 90 percent of the EncroChat users were engaged in criminal activity. However, of the 60,000 EncroChat end users, only 800 were arrested.
Dutch law enforcement's ability to breach EncroChat supports our point that the police don’t need built-in backdoors to catch criminals. Governments have asked for both means of observing data in transit, as well as retrieving data at rest on devices of interest. Looking at this case, we doubt that criminals would have chatted so freely about their activities had they known there was a backdoor—or even the capability of a backdoor—somewhere in the system.
But providing law enforcement with free access into platforms of their choosing is a slippery slope. For one, hacking into a secure platform puts all users' information in jeopardy. Despite the intel on criminal activity in EncroChat, there are still legitimate users whose private messages are now compromised. In addition, where should law enforcement draw the line? How many other encryption platforms will they compromise before users have nowhere to turn? And at what point will law enforcement make an assumption of guilt just because someone is using encrypted chat?
Time and again law enforcement agencies have demonstrated that even if they can’t keep up with every new security development, at some point they catch up and find a way around it. And when they do, the harvest is huge. In this case, police departments will have years of investigating ahead of them if they plan to follow up on the millions of messages they intercepted. They may also find that because of their means of access, many data points may be inadmissible in court.
Thankfully, breaking encryption is not easy, especially when the encryption routine is without flaw. And these flaws will be a rare find when it comes to algorithms with track records like PGP and OTR. Finding a way to break the encryption will depend on a flaw in the implementation. Or finding a way to intercept messages before the encryption on the sender's end or after the encryption on the receiver's end.
Our hope is that law enforcement exhaust all other avenues of reconnaissance and investigation before moving to put the privacy of an entire platform of users in jeopardy. For now, legitimate users of end-to-end encryption programs needn't worry about their company secrets or other confidential whisperings getting out. But for the potentially thousands of criminal EncroChat users that haven't been arrested yet—time to worry.
The post EncroChat system eavesdropped on by law enforcement appeared first on Malwarebytes Labs.