Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up French and Dutch police have boasted of infiltrating and killing off encrypted chat service EncroChat, alleging it was used by organised crime gangs to plot murders, sell drugs, launder criminal profits and more. The encrypted chat platform is alleged by British, French and Dutch law enforcement agencies to have been used by …
Use OpenPGP or other good encryption program on a standalone computer (no network access) for the encryption and decryption. Transfer the encrypted messages by USB stick (or even floppy disk!!!) to and from a computer with network access.
For immediate communications use codes (not ciphers) on throwaway phones. (Codes are agreed words/phrases that mean something different to their normal meaning - examples "Alas Babylon" (from the book of the same name - means a nuclear attack is in progress) "Jean has a long mustache" (WW2 message to the French resistance - D-Day tomorrow)).
> Transfer the encrypted messages by USB stick
That sort of defeats the point of an encrypted text chat app. If you're going to exchange information in person ( ie: talk face to face ) then there's no point in this service.
And any system which requires users to remember codes is inherently weak.
eg:
"Hello Mr Legitimate Businessman, please send me some more 'rugs' as my customers have snorted them all"
Oh, rather than typing them in, I see, that does make sense.
To elaborate on that for this particular use case, I wonder if this would work:
Two devices - a non-networked IO device for entering and reading messages and a communications device for transmission only.
Enter your "more drugs plz" message into your input device and select the PGP key and address of the recipient to encrypt it with. Input device creates a QR code with the full message, recipient address, etc. Comms device scans the QR code and sends the message.
Incoming messages handled in reverse - QR shown on the comms device and scanned, decrypted and displayed by the other [IO] device.
It has the convenience that non-technical users could follow, limited attack surface of only a QR code scanner, the network attached device doesn't have any private data at all and both devices are prescribed ( ie: you can't use an insecure PC to create the message )
Both devices would have to have cameras although they could have physical covers. Properly insulated software should make it pretty much impossible for a network attack.
What do you think? Can you make any improvements?
Two devices - a non-networked IO device for entering and reading messages and a communications device for transmission only.
Basically, this is the way encryption devices such as the Enigma, Fialka and Typex work, where you encrypt or decrypt the message airgapped from the comms method.
Although that means that you still have to fully trust the crypto device, as you don't want to leak a plaintext segment of the outgoing message, and its QR reader needs to be fully isolated from the OS otherwise a malicious incoming message could still compromise the device. But that's not just with QR codes; any data transfer method between the crypto and comms devices opens an attack surface. With an Enigma you can't really compromise the machine itself so any attack should target the reader of the received message, but software-based systems will quite likely have _some_ weakness allowing them to be compromised.
We have encryption with perfect forward secrecy (so even the encrypted text and the stolen-afterwards private key does not reveal what the message contained).
Any criminal who's just paying a French company for a "secure phone", the same as his mate's "secure phone" is the low-hanging fruit of those who are communicating secretly and don't wish the police to know about it.
Using a non-networked computer does not protect you from having your messages recorded by a hardware keylogger. If you become a "person of interest," a small keylogger can be installed inside most computer keyboards in 5 minutes. Maybe by someone posing as a gas safety inspector to gain access to your home while you are out. Such keyloggers act as a hidden wifi hotspot while powered, which can then transfer your last few thousand keystrokes to anyone within wi-fi range over the following few days/weeks/months.
Which can be thwarted by keeping that offline machine inside a Faraday cage, running off a car battery that you disconnect from its charger when in use. And of course you religiously sweep the room.
Still not perfect, but a few more hurdles between you and your adversaries.
> British, French and Dutch law enforcement agencies to have been used by around 60,000 people
> British police claims that all 10,000 of EncroChat's UK users were criminals
but only ...
> 746 arrests. I.e. about 1 in 15 UK users.
We know that all reports of "cyber crime" are bigged-up. Both in extent and sophistication. Is that the case here, too?
60,000 users each paying £1500 per 6 months, comes out at £180 million a year to the owners of this network.
If that is the true value of a covert mobile phone network, I cannot imagine that it will be down for long (esp. given what the operators will have learned from this). Nor that such networks do not operate elsewhere. In other parts of the world.
Should we expect further reports of other "busts" in other countries - the USA being an obvious one. Or are those networks just better run and can avoid detection.
"> British police claims that all 10,000 of EncroChat's UK users were criminals
but only ...
> 746 arrests. I.e. about 1 in 15 UK users.
We know that all reports of "cyber crime" are bigged-up. Both in extent and sophistication. Is that the case here, too?"
Hmm, a few things;
1) It looks like the crims were awash with cash, so maybe it was not that uncommon for a 'user' to have more than one phone even at £3k a pop?
2) The Met police chief said operations are ongoing, so they probably expect to arrest more people.
3) In some cases, even having decrypted the messages, there may still not be sufficient evidence to make an arrest.
4) We know that criminal gangs are often Global these days. So the wealth of intel recovered from the millions of encrypted messages should give the cops info about other possible networks in use. Expect more busts in the future and not just in Europe.
And finally, let's be happy that a bunch of nasty individuals are hopefully going to be taken out of circulation for quite a while and that should mean there are fewer victims as a result :)
Well done to our police forces!
1) It looks like the crims were awash with cash, so maybe it was not that uncommon for a 'user' to have more than one phone even at £3k a pop?
The drug cartels at least aren't really short of money indeed, given that they treat second-hand Learjets and such as consumables[0], and have "submarines"[1] built. So a couple thousand quid per phone appears to be just loose change.
[0] to be consumed by fire that is, after the cargo has been unloaded.
[1] not actually capable of diving, but they resemble one; a fully submerged cylindrical hull with a small canopy protruding above the water surface.
> We know that all reports of "cyber crime" are bigged-up. Both in extent and sophistication.
I'm reminded of the reports of the way the Police report the "street value" of seized drugs. They assume that the entire weight will be sold in the smallest possible denominations (smaller measures usually costing more per gram than larger ones).
> Should we expect further reports of other "busts" in other countries - the USA being an obvious one. Or are those networks just better run and can avoid detection.
Already happened to some limited extent - https://www.extremetech.com/mobile/265465-phantom-secure-ceo-busted-selling-super-secure-smartphones-drug-cartels
At 1000,eu for the device, followed by 3,000 eu per year subscription, you have to have a fairly big budget for privacy.
The product was hardly being marketed as a 'mainstream' solution.
Chances are that all (or almost) all the phones were for criminal purposes. Whether or not every single one had messages linking connecting an owner to a chargeable crime is another matter. Perhaps its easier to go for the low hanging fruit?
The British police generally consider everyone not a policeman to be a criminal.
Though they are not above massaging the law on occasion.
An acquaintance, some years ago,was on jury service, one case was a yoof who had been caught for a series of car thefts, the charges included ( can't remember the exact number) something like 280 similar offences (commited over a relatively short period) to be taken into consideration.
The beak looked up at the defendant and the arresting cop and remarked that the defendant had been a very busy boy and that the police were lucky to have cleared their unsolved car thefts with by catching such a prodigious car thief.
Joker: "Do you have your criminal chat app?"
Riddle: "It's on my criminal mobile phone."
Joker: "Excellent"
Batman: "Not so fast!"
Both: "BATMAN!" (cue shocked Pikachu gif faces)
Batman "Yes, and the Bat-Computer has been decoding everything you've been saying"
Joker: "But how did you break our top-level criminal encryption?"
Batman: "Well, to be honest... it was a bit rubbish."
So according to the (possibly misleading) available info, this was a bust led by the French, but the UK NCA claim to have "developed the tools" for this.
Why are the NCA doing this? We already have spy agencies, funded in the billions pa. WTF are they doing then? I thought that the reason we throw money at them was so they could catch crims/peados/touriststerrorists?
If I were the NCA I'd be holding my hand out for the other TLA's funding.
It would be a very interesting committee meeting if the TLAs were asked to present a return on investment case.
>Why are the NCA doing this?
Well given we know that the NCA and GCHQ along with other agencies work together on things, I suspect having the NCA say "they did it" helps to coverup and divert awkward questions being asked of the European agencies and their investigations of European nationals given European laws.
So I expect the French got an anonymous tip off - from the NSA - that enabled them to look in the right place to find the EncroChat services located in France.
Aside: If you are interested in such matters, I recommend watching Deep Web - The Hunt for Dread Pirate Roberts.
From a dutch news channel ( https://www.nu.nl/binnenland/6061836/justitie-kon-live-meekijken-met-communicatie-criminelen-na-kraken-encrochat.html ): <translated>"The Dutch justice system has also been able to read more than twenty million messages live before they were encrypted by the users and EncroChat. The company is one of the largest providers of encrypted digital communication internationally.
According to the judiciary, there are ten thousand users in the Netherlands whose reports concerned "unprecedentedly large numbers of serious crimes". As a result, the police say they have prevented liquidations, kidnapping plans have been thwarted, as have intended torture of individuals.
It is painful to note that officials seem to have been bribed at important - logistics - locations."
At least "our" Mocro-mafia can be diminished for a while. And moreover some of the corrupt officials can be dealt with.
If as alleged by British, French and Dutch law enforcement agencies EncroChat has been used by around 60,000 people, then 746 arrests makes 0.012 of users to be criminals. If as the British police claim, there are 10,000 EncroChat's UK users, then 746 arrests makes 0.074 of the users to be criminals.
I wonder what percentage of Gmail are criminals? I wonder if freedom itself will be criminalized. Then 100% of users will be criminals.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
