Crypto phones promise super secure communication – that makes them popular with criminals. In a secret campaign, investigators have now infiltrated Encrochat and arrested hundreds of suspects.
It is rare for a supplier to recommend that customers throw away their product. Encrochat cell phone owners received a message on June 13 asking them to do so. “Our domain was illegally confiscated by government entities,” wrote Encrochat’s creators, who sell advertised phones as particularly secure. “We advise you to turn off your device and remove it physically.” As of Thursday, it has been clear that Encrochat’s business has ended, and that of hundreds of drug dealers and violent criminals as well.
In an extraordinary secret operation, the French and Dutch police hacked the network, from which nothing was supposed to escape. So the investigators became the all-seeing eye. According to their own statements, they were able to read millions of messages on Encrochat and gradually arrest suspects over weeks. Because, according to the European judicial authority Eurojust, many of Encrochat’s customers are involved in organized crime. They had trusted the security of encrypted messages and calls on the specially prepared phones. But the supposedly secret channel has become a trap. The service hack led to a rarely seen wave of arrests across Europe.
In France, the Netherlands and other countries, police officers arrested hundreds of suspects involved in alleged crimes that were initiated via Encrochat. Investigators record according to Eurojust: 19 drug laboratories were excavated, thousands of kilos of cocaine, crystal meth and other drugs were confiscated. Several crimes were prevented, including attempted murder and the transport of drugs. In the Netherlands, cash of almost 20 million euros has been confiscated, it is said.
British authorities have described the operation as the largest investigative operation in its history. In the UK alone, there were 746 arrests, the National Crime Agency and the Association of British Police Authorities said. 54 million pounds (almost 60 million euros), 77 firearms and more than two tons of drugs have been seized. Encrochat had 60,000 users worldwide, including 10,000 in the UK alone.
The infiltration of the central technology by the police is a hard blow to the credibility of all providers of crypto phones – specially adapted Blackberry or Android phones that advertise with particularly strong protection against eavesdropping. Parts for ordinary smartphone functions such as camera, microphone or GPS were in Encrochat’s research by Vice according to removed. Because every additional ability is another possible target for hackers. Encrochat’s phones cost $ 1000, a six-month service contract cost another $ 1500, and 24-hour customer service was promised.
The encrypted programs for chats and calls were secured separately on the phone and ran on a second operating system. Messages sent could also be deleted, including on the chat partner’s phone. Customers should also be able to “clean” the device in one fell swoop with a “kill” code in order to blur traces.
Police authorities are investing more and more in ways to crack encryption or – as in the case of server takeover at Encrochat – to bypass it. IT experts who campaign for civil rights therefore speak of a “crypto war”, a war against encryption, which many countries are waging. Innocent users of the services hacked by the police or secret service also suffer from it and can suddenly be monitored. Eurojust emphasizes that the police carried out the surveillance with judicial permission. In addition, Encrochat was used almost exclusively for illegal business, money laundering and plot to murder rival criminals. That would differentiate the provider from the encrypted apps for the mass market such as Whatsapp, Signal or Telegram.
Signal and Telegram are booming, the Encrochat story is over. The website is no longer accessible, the operator has stopped the operation.
How exactly the police became a hacker remains unknown. In the warning to its users, the Encrochat providers spoke vaguely of “malware” that authorities had used. Not only the perpetrators rely on confidentiality, Eurojust also says on request: “The technical aspects of this case fall under national confidentiality.”