How Police Secretly Took Over a Global Phone Network for Organized Crime (vice.com) 87
Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. From a report: Something wasn't right. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym. Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Motherboard from sources in and around the criminal world.
Maybe it was a coincidence, but in the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of another drug gang. A few days later, law enforcement seized millions of dollars worth of illegal drugs in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously. "[The police] all over it aren't they," the dealer wrote in one of the messages obtained by Motherboard. "My heads still baffled how they got on all my guys." Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.
Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.
Maybe it was a coincidence, but in the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of another drug gang. A few days later, law enforcement seized millions of dollars worth of illegal drugs in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously. "[The police] all over it aren't they," the dealer wrote in one of the messages obtained by Motherboard. "My heads still baffled how they got on all my guys." Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.
Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.
So, privacy is dead, and encryption is a mirage? (Score:2)
That's pretty old news.
Re: So, privacy is dead, and encryption is a mirag (Score:2)
That's what they want you to think.
No really, what would you tell the public if your job was to spy on everyone?
It's a real easy game too, with vocal people acting like flopping soccer players on the slightest pressure, nowadays. *stares at you* :D
Re: So, privacy is dead, and encryption is a mirag (Score:5, Insightful)
IF it was my job to spy on people, I would always tell them that encryption is perfect and can be trusted at all times, I might even create a company to sell encryption devices...
Re: (Score:2, Troll)
You're assuming their goal is to actually spy on people and collect information. If that was the case, they would keep a low profile and avoid blabbing to the press as they did in TFA.
But their real goal is to continue to receive funding, collect their salaries, and eventually retire will a nice government pension. That only requires the illusion of success.
Re: So, privacy is dead, and encryption is a mirag (Score:4, Interesting)
I think the only reason all this is in the open now, is because the criminal gangs realised what was happening, because the police had arrested too many to keep it quiet - or had enough messages to keep them busy arresting perps for the next ten years.
Re: So, privacy is dead, and encryption is a mira (Score:2)
Re: So, privacy is dead, and encryption is a mirag (Score:3)
Oh, and remember: It's literally so rare, it's news.
In reality, most criminals *aren't* caught. Cop/military/spy TV shows literally are deals with the police/.../... to portray them in a non-ridiculing manner: https://youtu.be/YYUjc-v5LUs [youtu.be]
Re: So, privacy is dead, and encryption is a mira (Score:2)
In reality, most criminals *aren't* caught. Cop/military/spy TV shows literally are deals with the police/.../... to portray them in a non-ridiculing manner: https://youtu.be/YYUjc-v5LUs [youtu.be]
Well yeah, no shit. A show which only showed cops failing to find a suspect would be pretty boring. Just like an ER show which only showed doctors failing to save a patient would be pretty boring.
Great hack. (Score:4, Insightful)
Reminds me of Stuxnet.
People keep asking me why I use Signal for my messaging. What do you have to hide they say? Nothing at all - just want to protect my privacy. This is vastly different from anonymity. If I was a person of interest to a government agency - my privacy would be out of the window regardless. There is always a way. I prefer to be out of the dragnet of hoovering my personal messages though.
Re: (Score:2)
Re: (Score:2)
Signal does seem like one of the safer alternatives. A number of techy oriented friends and colleagues have gone that way.
Re: Great hack. (Score:5, Insightful)
Tell them it's not about what you have to hide!
It's about what they want to "find"!
Ask them why they don't want to attract the attention of the cops on the street. /something/.
Why it's because they will go through all your shit Until. They. Find. Something.
Cardinal Richelieu's "six lines written by the finest man" style.
And with our laws, there is *always*
Even if it's just "jaywalking" or "obstructing justice" or "resisting (being suffocated to death)".
Oohooor... if you want to have fun, ask them calmly and nicely to give you six lines of text, spoken or written by them. Then twist the meaning into as many crimes as you can. And if they complain... "Why thank you! Resistance is another one!" :D
Re: (Score:2)
It's two-sided:
"If you have nothing to hide..." yeah, but I don't want the world to know when I tell my kid to come to dinner and they're on the toilet on their phone playing Angry Birds.
"Anonymity" Let's be real, even when you have your real name on facebook, that doesn't keep the assholes from being assholes on public record. Anonymity just lets people be a slightly more "real" version of themselves than they would normally be face-to-face. All those awful trolls on 4chan? Or here on slashdot, or some und
Re: (Score:2)
They already do.
If they get a warrant, they can have the Service Provider send an 'update' which will make the phone do whatever they need it to so they can gather evidence of ongoing criminal activity.
What they can't do (easily) is arrest the person and THEN try to find evidence on their phone to convict them without the suspects cooperation in logging in.
Re: (Score:3)
People keep asking me why I use Signal for my messaging.
Sometimes the dragnet is a better place to be than the actual watchlist. Why are you using Signal? What are you hiding? If you're not a criminal you wouldn't be hiding using signal. Therefore you must be a criminal!
Re: (Score:2)
The difference between Signal and Encrochat is, that the latter charged you thousands of Dollars for their service. Somehow this service must have provided some features, which were worth that amount of money to certain people. Crooks would have certainly saved that amount of money and used Signal, if that would have done the job for them. Note, that Encrochat proactively contacted their clients about potential problems, and forfeited big bucks by being honest (in their own way) and shutting down at the fir
Re: (Score:2)
Encrochat was not hacked. The phone it was running on was and monitoring malware installed. It had a custom android implementation and some hardware mods on the phone. Same could be done for Signal on an off the shelf unmodified phone.
Re: (Score:2)
Encrochat was not hacked. The phone it was running on was and monitoring malware installed.
That would only explain people who got caught who contacted that phone, not all the other people who had no contact with it.
Re: (Score:2)
They compromised the servers to install malware on all the phones. All of them.
Re: Wait, what?? (Score:2)
Aand that's the sifference between an actual police (a role model) and a criminal gang that just happens to be in power currently (acting exactly like criminals; giving criminals a justification for the general righteousness of those actions).
Re: (Score:2)
Can you explain what you mean by "actual police (a role model)". It's my understanding that the word "police" is a derivative of the word "policy", and that "policing" means "enforcing local policy", and that "policemen" are the enforcers of said policies. The term "role model" is (mostly) reserved for parents and older family members.
If you're mad at the police, I hear there's a new CHAZ/CHOP opening in New York. If you're just mad about a very few cops out there that have taken to murdering folks in pl
Re: (Score:2)
Can you explain what you mean by "actual police (a role model)". It's my understanding that the word "police" is a derivative of the word "policy", and that "policing" means "enforcing local policy", and that "policemen" are the enforcers of said policies.
Per a Google search of "etymology of police":
and a similar search for "etymology of policy":
so from simila
Re: Wait, what?? (Score:2)
Re: (Score:2)
It's not very well-known, but police are actually a fraternity [fop.net]. When some cop turns dirty, it's an embarrassment to all of them. This plays out in all facets of human behavior. Remember Penn State? Some were able to get away with some horrible shit because of the same thing. I'm not making excuses for that, or any other shitty behavior, just explaining how it happens. It's up to each one of us to live OUR lives in a way that excludes this type of behavior, or allowing others to do the same.
Re: why this article is racist (Score:2)
I don't know, but maybe your ancestors who invaded America can answer that question... :D
Re: why this article is racist (Score:2)
Who invaded america? Last I checked it's never been invaded. There was that Japanese attack on the west coast, but that doesn't really qualify as an invasion.
Re: (Score:2)
Who invaded america? Last I checked it's never been invaded.
Really? I guess you have some rules-layer definition of "America" up your sleeve to defend that statement but it still make you look like an idiot.
Re: (Score:2)
Who invaded america? Last I checked it's never been invaded. There was that Japanese attack on the west coast, but that doesn't really qualify as an invasion.
Wow.. you just cancelled almost 5000 years of history and some of the most ancient cities known to man.
The obvious answer (to anyone paying attention) was that America was invaded by hordes of savage British, French and Spanish troops that laid waste to the native populations, brought over African slaves and did the utmost to undermine each other while jockeying for power in back in Europe.
But you knew that already.
Re: (Score:2)
Well, shit, go back 15,000 years and you can include the savage "native" populations that invaded the continent and set about practising human sacrifice, slavery and around 15,000 years of perpetual warfare.
But you knew that already.
Re: (Score:2)
Or are you saying the natives were fictional and never existed?
Otherwise the Europeans INVADED this continent (among others).
Re: why this article is racist (Score:2)
So you're saying that when Europeans "discovered" and colonized this already populated continent, that they were sent RSVPs by the natives?
Or are you saying the natives were fictional and never existed?
Well at least the initial colonists were generally welcomed by the natives, so it would be hard to call that an invasion. But no, what I'm saying is that America wasn't a country when the Europeans showed up.
Otherwise the Europeans INVADED this continent (among others).
Then so did the natives. We know there were many waves of colonisation from Asia, and that subsequent waves usually warred with and displaced the earlier groups. If the Europeans were invaders so were the vast majority of "native Americans".
It's a lot more complicated than the SJW halfwits want every
Re: (Score:2)
So you're saying that when Europeans "discovered" and colonized this already populated continent, that they were sent RSVPs by the natives?
Or are you saying the natives were fictional and never existed?
Well at least the initial colonists were generally welcomed by the natives, so it would be hard to call that an invasion. But no, what I'm saying is that America wasn't a country when the Europeans showed up.
That's a nice fairy tale. Depends on what part of the continent you are talking about.
America still isn't a country. The country you are referring to is "The United States of America".
America is a set of continents named in honor of Amerigo Vespucci (Americo Vespuccio). An alternative name for the landmass was Colombia (sometimes spelled Columbia) that in the end didn't fly. The name was coined by Martin Waldseemüller in France. And it referred to ALL THE LANDS that Amerigo Vespucci had been exploring.
Re: why this article is racist (Score:2)
That's a nice fairy tale. Depends on what part of the continent you are talking about.
Those two sentences don't really fit together. Either it's a fairy tale, in which case it doesn't matter what part of the continent we are talking about, or it's true in at least some parts of the continent, in which case it's not a fairy tale. Which is it?
America still isn't a country. The country you are referring to is "The United States of America".
This is like saying "North Korea isn't a country, the country you are referring to is the Democratic People's Republic of Korea". In everyday speech people use short forms, and nobody wants to hear your pedanticism.
America is a set of continents named in honor of Amerigo Vespucci (Americo Vespuccio).
The "set of continents" is typically
Re: (Score:2)
I was in Germany a few years ago, and someone asked us where we were from. I said, "Wir sind aus der Vereinigen Staten" (= "We're from the United States"). He turned around to his friends and said, "Sie sind Amerikanischen" (= "They're Americans").
So you could remind cowdung that names of other countries, or people from those countries, often sound nothing like the names people from those countries use themselves, whether due to differences in pronunciation (most of us would have a very hard time pronounc
How about white-collar criminals? (Score:5, Interesting)
They bought these phones too.
Re: (Score:2)
The police state is primarily interested in lower class criminals... drug dealers, protesters, etc. They really protect white collar criminals.
An example. The largest category of "theft" (both by volume and frequency) is wage theft where people are not paid for the work they do. Have you ever heard of anyone getting arrested for wage theft?
Yes I have (Score:3)
Have you ever heard of anyone getting arrested for wage theft?
People are arrested for real wage theft all the time [google.com].
Why you seem to be concerned with is workers who agree to terms of employment, where sometimes they have to work extra hours. That's called "salary" friend.
Hourly workers if they work extra, are entitled to every bit they work and they can and will seek legal means to get it if they are not.
Re: (Score:1)
Alas, businesses are about abusing employees and you never work less. It doesn't make extra money, so it never works out that way.
Salary is just a way to pay workers less. It's never in an employees best interest. But if you want the money, you play the game.
Re: Yes I have (Score:2)
Salary is just a way to pay workers less. It's never in an employees best interest. But if you want the money, you play the game.
I dunno man, it's worked out pretty well for me during this COVID shit. I don't mind getting paid to sit at home. It's the hourly workers who are getting fucked.
Re: (Score:2)
Your Google link doesn't show anybody actually getting arrested for wage theft and shows that just five states have laws against it.
I'm referring to just basic wage theft where workers are not paid the agreed wage; not the more advanced scams that employers run such as calling workers "contractors", "supervisors", etc.
Re: (Score:2)
I want to know if any police were using them, and what was found about their activities
Good job (Score:1)
Now get rid of the criminals and you don't have to worry about them committing any more crimes.
Real police work should be funded well (Score:2)
Re: Real police work should be funded well (Score:2)
This is not real police work!
A real cop would do it without breaking the law himself.
This is merely one criminal gang being stronger than another one.
If it was a TV show, you could seamlessly rewrite it as a gang war.
Re: (Score:2)
What law did the cops break? You are aware that laws (such as anti-hacking laws) often have exceptions for 'approved law enforcement activities' built in, right? And warrants can be obtained for things like wiretaps. Where is the evidence the police did anything illegal?
Re: (Score:2)
You are aware that laws (such as anti-hacking laws) often have exceptions for 'approved law enforcement activities' built in, right?
Probably a big part of the reason they think they are above all the laws.
They finally gained control over their own network (Score:1)
Thank you, thank you, I'm here all week!
Try the Bouchees a la Reine!
Comment removed (Score:5, Interesting)
Re: (Score:2)
The Vice.com article states:
The industry is highly competitive, with companies constantly spreading rumours about the security of each others' devices and uploading YouTube videos to discredit their rivals. Encrochat previously blocked web domains used by other firms' devices, essentially segmenting their customer base from everyone else. That means dealers often need the same sort of phone as everyone else they're working with, unless they want to be locked out of important conversations.
So avoiding open source might just be a way for Encrochat to differentiate it from its competitors as well as to maintain a walled garden.
Re: (Score:3)
There's nothing wrong with PGP as such, but one feature/flaw depending on how you look at it is that if the key is compromised your entire communications history with everybody can be decrypted if they have the encrypted messages. Which is not unlikely if it's sent from or received by any of the big free email providers, even if you "delete" them they could probably be recovered if you get them to dig through backups for you. The ratchet algorithm that Signal (and others) use is using something almost, but
Re: (Score:2)
Re: (Score:2)
Advertising criminal use ==> completely compromised by law enforcement? How does that follow? Because no organization is good enough to make such provocative advertising then successfully weather the inevitable attack attempts by law enforcement?
Re: (Score:2)
It's written from the point of view of 'Mark'.
Re: (Score:1)
You sound like a politician. You're either on board with mathematically secure encryption, or you're not on board with secure encryption for anyone.
Re: (Score:2)
You must have missed the part where this took place in Europe.
Re: Cue a libertarian any moment... (Score:2)
That never stopped them moaning before
Call me when banks are busted (Score:3)
Since the vast bulk of "money laundering" for drug gangs takes place under a "don't ask ; don't tell" policy within the largest international bank corporations, I'm not in the least impressed with this news of a stack of arrests one level above the street pushers.
Throw the bankers in jail. Then talk about success.
Re: (Score:3)
Criminal: "I'd like to talk to someone about some, err, money I have to place with your bank, and I don't have the documentationw ith me right now"
Banker: "don;t worry about that, we have all kinds of specialist teams that can facilitate every kind of transaction. How much do you have to deposit?"
Criminal: "I have just over 1 million euros".
Banker; "fuck off and stop wasting our time. loser. Come back when you have â10bn".
Did any of the cops see the Imitation Game? (Score:1)
What's wrong with pgp/gpg? (Score:1)
I think I must be missing the point somehow.
Why wouldn't your average criminal use pgp/gpg, which is readily available, not too difficult to set up, and doesn't involve a third party provider at all?
Surely the big criminal gangs could have someone set up gpg on a stack of phones and hand them out to their gang members?
What am I not understanding here?
Re: (Score:2)
Same reason that MS and other big companies get the big contracts. They market better and ask for LOTS of money.
A lot of people still think that more expensive automatically means more better.
In other news (Score:3)
Doesn't say how they did this (Score:2, Troll)
Regardless this story is an example of why what some clueless Congresscritters want is pointless and stupid and will cause more harm than good: Criminals won't pay attention to 'breakable encryption' laws any more than they pay attention to any other laws, so you and I will have our digital asses flapping in the Internet breeze while criminals have solid encryption w
Re: (Score:2)
Re: (Score:1)
I suspect they looked at the mix of bold, capitals and the word in bold capitals and thought, "This guy is just trying to provoke a reaction."
Also known as trolling.
See how well outsourcing works? (Score:2)
Give up control and someone will take control
The weakest link breaks the chain. (Score:2)
I doubt that the encryption itself was hacked. I'm not saying it's not possible, just that it's highly improbable.
What's much more probable is that law enforcement just exploited all of the weakest parts of this system: The humans.
Humans always exposes flaws in otherwise secure systems. Keys are reused, released, and rarely changed. Trusted endpoints can be compromised, with or without their consent. The combination of flawed secure context maintenance and compromised endpoints means that otherwise secure
Security... (Score:2)
Sounds like they found a way to get a sucker to let their malware on the phone, and from there it was downhill all the way.
Their weak link probably didn't even know he'd done anything wrong either.
You have no idea how often the "totally secure computer that has no network connect, or floppy drives and is absolutely air-gapped and can't be infected by anything" is infected when the rest of the company is as well. (I'd guess
Crims (Score:2)
So it seems criminals use Android phones. Must be an iPhone marketing campaign in there somewhere.
Re: (Score:2)
So it seems criminals use Android phones. Must be an iPhone marketing campaign in there somewhere.
It was reported that one of the many million messages that were recorded was by a drug dealer warning a friend not to use an iPhone, because they are not safe :-)
Still... (Score:1)
The title says "How police