E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

2020-07-03T15:10:30
ID THREATPOST:8B2555D0928CF8366EE589C1DA5172AB
Type threatpost
Reporter Elizabeth Montalbano
Modified 2020-07-03T15:10:30

Description

European law-enforcement officials have shut down an encrypted Android-based communications platform used exclusively by criminals to plot murders, traffic illegal drugs, commit money laundering and plan other organized crimes.

An international law-enforcement team from the France and the Netherlands cracked the encryption of EncroChat, a secure mobile messaging service that was “one of the largest providers of encrypted communications,” according to the U.K.’s National Crime Agency (NCA).

U.K. officials had been investigating the platform and nefarious activities of the criminals using it since 2016 through Operation Venetic, working alongside international law-enforcement agencies to share technical expertise and intelligence.

Two months ago investigators in France and the Netherlands cracked the network’s encryption, allowing law enforcement to listen in to criminal communications about selling and trafficking drugs, laundering money and murdering rivals, authorities said.

“The infiltration of this command-and-control communication platform for the U.K.’s criminal marketplace is like having an inside person in every top organized crime group in the country,” NCA director of investigations Nikki Holland said in a statement. “This is the broadest- and deepest-ever U.K. operation into serious organized crime.

More than one murder was disrupted as a result, authorities said.

“A specialist NCA team, working closely with policing partners, has prevented rival gangs carrying out kidnappings and executions on the U.K.’s streets by successfully mitigating over 200 threats to life,” according to the NCA.

The resulting collaborative E.U. operation ended this week with 746 arrests, and the seizure of £54 million (US$67 million) in cash, 77 firearms and more than two tons of illegal drugs, according to the NCA. Police also seized more than 1,800 rounds of ammunition, upwards of 28 million Etizolam pills (street Valium) from an illicit laboratory, 55 “high-value cars” and 73 luxury watches, officials said.

Little is known about who is behind EncroChat, but officials said it was solely used by criminals to plan illegal activity. The service’s owners apparently became aware of the criminal investigation last month, informing an estimated 60,000 users with a message warning them to get rid of their EncroChat devices because their servers—operating out of France — had been “seized illegally by government entities,” according to the NCA.

The service relied on EncroChat devices, which came with pre-loaded apps for instant messaging as well as the ability to make secure internet calls, with no other “conventional smartphone” functionality, U.K. officials said. The devices cost about around £1,500 (US$1,872) for a six-month contract, which included a kill code that could wipe them remotely.

A published report in Vice Motherboard extensively details how authorities cracked EncroChat’s encryption and intercepted criminal communications to take down a major communications pipeline for criminal activity.

Criminals describe EncroChat phones as modified Android devices, including some models that use “BQ Aquaris X2,” an Android handset released in 2018 by a Spanish electronics company, according to leaked documents cited in the report.

To turn the phones into secure messaging devices, Encrochat installed its own encrypted messaging programs onto the basic device. The service would remove the GPS, camera and microphone functionality from the device and route messages through Encrochat’s own servers to ensure secure communications, according to the report.

Unique to EncroChat device was a service that a user could execute using a PIN to wipe the device if it was compromised. Devices also could run two operating systems side by side to hide nefarious activities, according to the report. If a user wanted the device to appear like a typical smartphone, they could boot it into a regular Android OS. To use the encrypted service, they would switch the device over to the EncroChat system.

Purchasing an EncroChat phone also was not a straightforward affair, with criminals describing back-alley deals with otherwise legitimate vendors to procure devices, according to the report.

Once law enforcement cracked EncroChat’s encryption, investigators basically had an unobstructed view into the activities of organized criminals, who believed they were communicating securely only with their collaborators.

Messages intercepted by authorities outlined clearly how criminal gangs allegedly directed members to procure money from customers, how to launder it safely, where to hide drugs, and when and how murders against rivals would be committed, according to the report.

The resulting arrests spanned a number of E.U. countries and the U.K., with authorities currently detaining alleged criminals in the United Kingdom, the Netherlands, Norway, Spain and Sweden.

BEC and enterprise email fraud is surging, but DMARC can help – if it’s done right. On July 15 at 2 p.m. ET, join Valimail Global Technical Director Steve Whittle and Threatpost for a FREE webinar, “DMARC: 7 Common Business Email Mistakes.” This technical “best practices” session will cover constructing, configuring, and managing email authentication protocols to ensure your organization is protected. Click here to register for this Threatpost webinar, sponsored by Valimail.