EncroChat
EncroChat was a Europe-based communications network and service provider allegedly used by organized crime members to plan criminal activities. Police infiltrated the network between at least March and June 2020 during a Europe-wide investigation. An unidentified source associated with EncroChat announced on the night of 12–13 June 2020 that the company would cease operations because of the police operation.[1][2]
Industry | Computer software |
---|---|
Founded | 2016 |
Defunct | June 2020 |
Area served | Worldwide |
Website | encrochat |
The service had around 60,000 subscribers at the time of its closure.[3][4] At least 1,000 arrests have been made across Europe as of 22 December 2020.[5]
Background
EncroChat handsets emerged in 2016 as a replacement for a previously disabled end-to-end encrypted service.[6] The company had revealed on 31 December 2015 the Version 115 of EncroChat OS, which appears to be the first public release of their operating system.[7] The earliest version of the company's website archived by the Wayback Machine dates back to 23 September 2015.[8]
According to a May 2019 report by the Gloucester Citizen, EncroChat was originally developed for "celebrities who feared their phone conversations were being hacked".[9] In the 2015 murder of English mobster Paul Massey, the killers used a similar service providing encrypted BlackBerry phones based on PGP. After the Dutch and Canadian police compromised their server in 2016, EncroChat turned into a popular alternative among criminals for its security-oriented services in 2017–2018.[10][11]
Through a marketing strategy of "relentless online advertising",[12] EncroChat rapidly expanded during its four and a half years of existence, benefiting from the closure of its competitors PGP Safe and Ennetcom.[13] The network eventually reached an estimated 60,000 total subscribers at the time of its closure in June 2020.[3][4] According to the French National Gendarmerie, 90 percent of subscribers were criminals, and the British National Crime Agency (NCA) said it found no evidence of non-criminals using it.[2]
EncroChat first came to the attention of the media when it was revealed that high-profile criminals Mark Fellows and Steven Boyle had been using the encrypted devices to communicate between each other during the May 2018 gangland murder of John Kinsella in Rainhill.[14][9][15] The service resurfaced in the media during the summer of 2020 after law enforcement announced that they had infiltrated the encrypted network and investigative journalist Joseph Cox, who had been reviewing EncroChat for months, published an exposé in Vice Motherboard.[16][1]
Functionalities and services
Homescreen of EncroChat OS | |
Developer | EncroChat |
---|---|
OS family | Unix-like (Linux) |
Working state | Discontinued |
Source model | Based on Open source Android |
Initial release | 31 December 2015 |
Platforms | BQ Aquaris X2 and others |
Official website | encrochat |
The EncroChat service was available for handsets called "carbon units", whose GPS, camera and microphone functions were disabled by the company for privacy reasons.[1][17] Devices were sold with pre-installed applications, including EncroChat, an OTR-based messaging app which routed conversations through a central server based in France, EncroTalk, a ZRTP-based voice call service, and EncroNotes, which allowed users to write encrypted private notes.[18] They generally used modified Android devices, with some models based on the BQ Aquaris X2 phone hardware,[9][1] others on Samsung devices,[17] and sometimes on non-Android BlackBerry mobile phones.[13] Devices with EncroChat were able to boot in two modes. When only the power button was pressed to turn the handset on, they booted into a dummy Android home screen. But when the handset was switched on by pressing the power button together with the volume button, the phone booted to a secret, encrypted partition which facilitated secret communication via EncroChat's French servers.[11] A "panic button" feature was available, where a certain PIN inputted to the device via the unlock screen would erase all data on the phone.[1][19] According to journalist Jurre van Bergen, the IP of EncroChat's server points to French web hosting company OVH.[18] EncroChat's SIM provider was the Dutch telecommunications firm KPN.[1]
EncroChat devices were particularly popular in Europe, although they were also sold in the Middle East and elsewhere in the world. One source told Vice Motherboard that they became the "industry standard" among criminals.[1] They were reported in July 2020 to cost €1,000 (£900) each, then €1,500 (£1,350) for a six-month contract to use EncroChat's solution.[2][20] EncroChat's website says that the firm had resellers in Amsterdam, Rotterdam, Madrid or Dubai, although Cox describes EncroChat as a "highly secretive" firm which "does not operate like a normal technology company."[1] The phones were reportedly bought via a physical transaction which "looked like a drug deal",[1] and at least one case involves an ex-military operative selling devices in Northern Ireland.[21]
Infiltration
The EncroChat encrypted messaging service and the related customized phones were discovered by the French National Gendarmerie in 2017 when conducting operations against organized crime gangs.[2][22] At the time of the Fellows and Boyle trial in December 2018, the NCA struggled to crack the lock screen passcode, as anything was wiped out after a set number of attempts.[9][11]
The investigation accelerated in early 2019 after receiving EU funding.[2] Intelligence and technical collaboration between the NCA, the National Gendarmerie and Dutch police culminated in gaining access to messages after the National Gendarmerie put a "technical tool" on EncroChat's servers in France.[20][22][1] The malware allowed them to read messages before they were sent and record lock screen passwords. EncroChat estimated that around 50 percent of devices in Europe were affected in June 2020.[1][16] The National Gendarmerie formed a special unit to investigate the hacked information on 15 March 2020, then signed an agreement with the Dutch Police to form a joint investigation team (JIT) on April 10, co-operating through Eurojust with the support of Europol.[2]
The data was distributed by the JIT to other European partners, including the UK, Sweden and Norway.[23] The NCA began to receive information about the content of messages on 1 April 2020,[2] then started to build data analysis technology to automatically "identify and locate offenders by analysing millions of messages and hundreds of thousands of images".[24] The chief of the Dutch National Police Force, Jannine van den Berg, compared the malware to "sitting at the table where criminals were chatting among themselves".[4] In May 2020, the wipe feature was disabled at distance by law enforcement in some units. The company initially tried to push an update in response to what was initially regarded as a bug, but the devices were struck again by malware altering lock screen passwords.[1][16]
On the night of 12–13 June, once EncroChat suspected the infiltration by law enforcement had occurred,[2] users received a secret message reading as:
Today, we had our domain seized illegally by government entities(s). They repurposed our domain to launch an attack to compromise the carbon units. ... Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. ... You are advises [sic] to power off and physically dispose your device immediately.[1][16]
A few days later, an "email address long associated with EncroChat" informed Vice Motherboard that the service was shutting down permanently "following several attacks carried out by a foreign organization that seems to originate in the UK"; Cox publicly disclosed excerpts of the email on 22 June.[25] Europol and the National Crime Agency refused to comment at the time.[1] The identity of the persons in charge of EncroChat has not been revealed as of 3 July 2020.[26]
Impact
European joint investigation team
The Europol-supported JIT, code named Emma 95 in France and 26Lemont in the Netherlands, allowed the gathering in real time of millions of messages between suspects. Information was also shared with law enforcement in several countries that were not participating in the JIT, including the UK, Sweden and Norway.[16][23]
The Dutch police arrested more than 100 suspects and seized more than 8 tonnes of cocaine, around 1.2 tonnes of crystal meth, 19 synthetic drug laboratories, dozens of guns and luxury cars, and around €20 million in cash.[1][27][4] On 22 June in a property in Rotterdam, authorities found police uniforms, stolen vehicles, 25 firearms and 25kg of drugs in a different property.[27] On 22 June 2020, the Dutch police also discovered a "torture chamber" in a warehouse near the town of Wouwse Plantage about 7.15 km east of Bergen op Zoom. The facility, which was still under construction when discovered, consisted of seven cells made out of sound-proofed shipping containers; torture tools were found including a dentist's chair, hedge cutters, scalpels and pliers. The place was nicknamed by criminals the "treatment room" or the "ebi", in reference to Extra Beveiligde Inrichting (EBI), a Dutch maximum security prison.[3][27][28]
EncroChat probes in Ireland have left criminals scrambling for cover.[29] €1.1 million worth of cocaine was seized in an Amsterdam flat, and €5.5 million of cannabis in a trailer in County Wexford, both belonging to Irish gangs.[30] Prominent Irish gang boss Daniel Kinahan was reported to have fled his "safe-haven" of Dubai on 9 July 2020.[31]
Arrests have also occurred in Sweden.[30] French authorities have declined to disclose information publicly about the arrests at the time.[16][4]
Operation Venetic
Operation Venetic is a British national response initiated by the National Crime Agency (NCA). In June 2020, EncroChat had 10,000 users in the UK alone.[30][20] As a result of the infiltration of the network, UK police arrested 746 individuals, including major crime bosses, intercepted two tonnes of drugs (with a street value at the time in excess of £100 million), seized £54 million in cash, as well as weapons, including submachine guns, handguns, grenades, an AK-47 assault rifle, and more than 1,800 rounds of ammunition.[20][32] More than 28 million tablets of the sedative Etizolam were found in a factory in Rochester, Kent.[33][30] Additionally, 354 kg of cocaine were seized by the Eastern unit in Essex and East Anglia, and 233 kg of the same drug by the West Midlands unit. Police Scotland seized 164 kg of cocaine, £200,000 of cannabis and £750,000 in cash in several busts. In May 2020, police found two suitcases containing £1.1 million in Sheffield.[30]
Four people have been charged by the NCA with conspiracy to murder as of 8 July 2020. British police claim to have prevented up to 200 gangland killings, although Vice News notes that "the number of homicides linked to high level organised crime—as opposed to street gangs—in this county is relatively low."[30] Two corrupt law enforcement officers were also arrested as a result of the operation.[33]
On 22 December 2020 Thomas Maher was jailed for 14 years and 8 months at Liverpool Crown Court.[34][35][36] He had pleaded guilty to four counts of conspiracy to commit a crime at an earlier hearing.[34][35][36] He was involved in conspiracies to smuggle about £1.5 million (€1.6m) of cocaine from the Netherlands to Ireland as well as laundering about ₤1 million (€1.09m) in cash between Ireland and the Netherlands.[34][35][36] He had used EncroChat phones using the aliases "Satirical" and "Snacker" though the two phones he used were not recovered.[34][35][36]
Operation Eternal
Operation Eternal, the London Metropolitan Police arm of the EncroChat operation, described itself as "the most significant operation the Metropolitan Police Service has ever launched against serious and organised crime". Around 1,400 EncroChat users were based in London at the time of its closure in June 2020. The Metropolitan Police seized more than £13.4 million in cash, 16 firearms, more than 500 rounds of ammunition, 620 kg of Class A drugs, and arrested 171 people.[37] 113 of them have been charged as of 8 July 2020; 88 face charges of conspiracy to supply Class A drugs, and 16 have been charged with firearms offences.[30]
In September 2020 nine people were arrested after raids in Brighton, Portslade, Kent and London linked to Operation Eternal.[38] Three men were arrested in Brighton and Portslade, five men and a woman in Kent and London.[38] They were arrested for a variety of charges, including conspiracy to supply cocaine.[38] 10 kilos of class A drugs and £60,000 were seized.[38]
Similar cases
The Canada-based company Phantom Secure, which started as a legitimate firm selling modified mobile phones,[1] provided "secure communications to high-level drug traffickers and other criminal organization leaders" according to a 2018 FBI takedown announcement.[39] Its CEO, Vincent Ramos, was sentenced in 2019 to a nine-year prison sentence after telling undercover agents that he created the device to help drug traffickers. Customers included members of the Sinaloa Cartel,[40] and the FBI reportedly asked Ramos to plant a backdoor in Phantom Secure's encrypted network, which he refused to do.[41]
The secure mobile phone company MPC was revealed in 2019 to have been created by Scottish criminals James and Barrie Gillespie. Christopher Hughes, a former employee of the company, is wanted by Dutch police for the murder of criminal turned blogger Martin Kok in December 2016.[42]
References
- Cox, Joseph (2 July 2020). "How Police Secretly Took Over a Global Phone Network for Organised Crime". Vice Motherboard.
- Wright, Robert (2 July 2020). "Hundreds arrested across Europe as French police crack encrypted network". The Financial Times.
- Staff (7 July 2020). "Six arrested after 'Dutch torture chambers' found". BBC News.
- Kennedy, Rachael (2 July 2020). "EU authorities penetrate phone network in huge organised crime sting". Euronews.
- Symonds, Tom (22 December 2020). "British haulier ran Europe-wide drug ring from living room". BBC News. BBC News. Retrieved 22 December 2020.
- Evans, Martin (2 July 2020). "Hundreds of gangsters arrested as police crack criminals' private messaging network". The Daily Telegraph.
- Wayback Machine (31 December 2015). "Encrochat News". EncroChat.network.
- Wayback Machine (23 September 2015). "EncroChat proudly releases the new standard for privacy". EncroChat.network.
- Hughes, Janet (21 May 2019). "The £3,000 a year encrypted mobiles with kill pills used by gangs". Gloucester Citizen.
- Hamilton, Fiona (3 July 2020). "Encrochat breach will make criminals wary". The Times. ISSN 0140-0460.
- Scheerhout, John (9 July 2020). "The 'secret server' used in killing of John Kinsella and what it says about guns". Manchester Evening News.
- Cook, James (2 July 2020). "How EncroChat became the go-to messaging service for gangsters". The Daily Telegraph.
- Staff (3 July 2020). "Cinq questions sur EncroChat, ce réseau de téléphonie chiffrée, utilisé par le crime organisé, et démantelé par la police". France Info.
- Staff (26 November 2018). "Underworld duo 'murdered in gangland feud'". BBC News.
- Hamilton, Fiona (2 July 2020). "Hundreds of arrests as police crack phone network used by crime bosses". The Times. ISSN 0140-0460.
His trial was told the hits were co-ordinated using Encrochat on a device which cost £1,500 for a six-month contract and was sold on websites visited by those engaged in crime.
- Cox, Kate (2 July 2020). "Police infiltrate encrypted phones, arrest hundreds in organized crime bust". Ars Technica.
- Cook, James (2 July 2020). "How EncroChat became the go-to messaging service for gangsters". The Daily Telegraph.
- Kallenborn, Gilbert (3 July 2020). "Comment les gendarmes ont siphonné EncroChat, la messagerie chiffrée des criminels". 01net.
- Corfield, Gareth (2 July 2020). "Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up". The Register.
- Shaw, Danny (2 July 2020). "Hundreds arrested as crime chat network cracked". BBC News.
- Barnes, Ciaran (29 June 2020). "King con ex-soldier Johnny Swales 'sold encoded phones to crime gangs'". Belfast Telegraph. ISSN 0307-1235.
- Staff (2 July 2020). "EncroChat: What it is, who was running it, and how did criminals get their encrypted phones?". Sky News.
- Staff (2 July 2020). "Dismantling of an Encrypted Network Sends Shockwaves Through Organised Crime Groups Across Europe". Europol.
- Corfield, Gareth (2 July 2020). "Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up". The Register.
- Cox, Joseph (22 June 2020). "Encrypted Phone Network Says It's Shutting Down After Police Hack". Vice Motherboard.
- Greig, Finlay (3 July 2020). "Encrochat: the top-secret network explained after the NCA helped hack phones of major crime figures and made arrests". Edinburgh News.
- AP (7 July 2020). "Dutch Police Arrest 6 Men, Uncover Makeshift Torture Chamber". The New York Times. ISSN 0362-4331.
- AP (7 July 2020). "Dutch arrests after discovery of 'torture chamber' in sea containers". The Guardian. ISSN 0261-3077.
- Feehan, Conor; Schiller, Robin; Foy, Ken (8 July 2020). "Daniel Kinahan's mother-in-law's funeral held in Dublin in absence of the self-exiled gang leader". Irish Independent.
- Daly, Max (8 July 2020). "What the EncroChat Busts Tell Us About Organised Crime in Europe". Vice News.
- Foy, Ken; Feehan, Conor (9 July 2020). "Gardai probe reports that hunted mob boss Kinahan has fled his safe-haven of Dubai". The Herald.
- Reynolds, Emma. "Hundreds arrested after police infiltrate secret criminal phone network". CNN.
- Dodd, Vikram (2 July 2020). "Hundreds arrested as UK organised crime network is cracked". The Guardian. London.
- Barlow, Eleanor (22 December 2020). "Wealthy Irish haulage boss jailed for 14 years over cash and drugs transportation". Irish Examiner. PA. Retrieved 22 December 2020.
- Symonds, Tom (22 December 2020). "UK haulier ran Europe-wide drug ring from living room". BBC News. Retrieved 22 December 2020.
- "Irish haulage boss jailed in UK over transportation of cocaine and cash across Europe". TheJournal.ie. Press Association. 22 December 2020. Retrieved 22 December 2020.
- Staff (2 July 2020). "Murder plots foiled and some of London's most dangerous criminals arrested in joint operation". Metropolitan Police.
- Wadsworth, Jo (23 September 2020). "Three held after Brighton drugs raids based on encrypted message intelligence". Brighton & Hove news. Retrieved 24 September 2020.
- Staff (16 March 2018). "International Criminal Communication Service Dismantled: Phantom Secure Helped Drug Traffickers, Organized Crime Worldwide". Federal Bureau of Investigation.
- Lamoureux, Mack; Cox, Joseph (29 May 2019). "CEO Who Sold Encrypted Phones to the Sinaloa Cartel Sentenced to Nine Years". Vice Motherboard.
- Cox, Joseph (18 September 2019). "The FBI Tried to Plant a Backdoor in an Encrypted Phone Network". Vice Motherboard.
A third source told Motherboard "He never gave law enforcement a backdoor into Phantom Secure. He did not do that." When pressed on whether the FBI still asked for access, the source, who worked directly on the case, said, "Basically that's all I want to say. He did not give law enforcement a backdoor into Phantom Secure." ... One of the sources said Ramos did not have the technical knowledge to implement a backdoor though, and so the FBI asked Ramos to lure another Phantom member who could. Ramos declined, the source said.
- Cox, Joseph (24 October 2019). "Encrypted Phone Company Helped Plan Crime Blogger's Murder, Cops and Source Say". Vice Motherboard.