Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime Privacy Security

How Police Secretly Took Over a Global Phone Network for Organized Crime (vice.com) 87

Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots. From a report: Something wasn't right. Starting earlier this year, police kept arresting associates of Mark, a UK-based alleged drug dealer. Mark took the security of his operation seriously, with the gang using code names to discuss business on custom, encrypted phones made by a company called Encrochat. For legal reasons, Motherboard is referring to Mark using a pseudonym. Because the messages were encrypted on the devices themselves, police couldn't tap the group's phones or intercept messages as authorities normally would. On Encrochat, criminals spoke openly and negotiated their deals in granular detail, with price lists, names of customers, and explicit references to the large quantities of drugs they sold, according to documents obtained by Motherboard from sources in and around the criminal world.

Maybe it was a coincidence, but in the same time frame, police across the UK and Europe busted a wide range of criminals. In mid-June, authorities picked up an alleged member of another drug gang. A few days later, law enforcement seized millions of dollars worth of illegal drugs in Amsterdam. It was as if the police were detaining people from completely unrelated gangs simultaneously. "[The police] all over it aren't they," the dealer wrote in one of the messages obtained by Motherboard. "My heads still baffled how they got on all my guys." Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.

Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday. As dealers planned trades, money launderers washed their proceeds, and even criminals discussed their next murder, officers read their messages and started taking suspects off the street.

This discussion has been archived. No new comments can be posted.

How Police Secretly Took Over a Global Phone Network for Organized Crime

Comments Filter:
  • Great hack. (Score:4, Insightful)

    by mrbill1234 ( 715607 ) on Thursday July 02, 2020 @09:53AM (#60254054)

    Reminds me of Stuxnet.

    People keep asking me why I use Signal for my messaging. What do you have to hide they say? Nothing at all - just want to protect my privacy. This is vastly different from anonymity. If I was a person of interest to a government agency - my privacy would be out of the window regardless. There is always a way. I prefer to be out of the dragnet of hoovering my personal messages though.

    • Likewise, I use signal with the wife rather than SMS or anything else. The messages also auto delete after a week. We dont need years worth of our conversations stored somewhere, and in the knowledge its likely secure and not persistent I feel a bit better about using it to share a password for something or discussing finical details, simply sharing photos, and knowing that its encrypted end to end. Nothing to hide, but also keeping personal information about our lives private and out of the hands of any p
      • Signal does seem like one of the safer alternatives. A number of techy oriented friends and colleagues have gone that way.

    • Re: Great hack. (Score:5, Insightful)

      by BAReFO0t ( 6240524 ) on Thursday July 02, 2020 @10:34AM (#60254196)

      Tell them it's not about what you have to hide!

      It's about what they want to "find"!

      Ask them why they don't want to attract the attention of the cops on the street.
      Why it's because they will go through all your shit Until. They. Find. Something.
      Cardinal Richelieu's "six lines written by the finest man" style.
      And with our laws, there is *always* /something/.
      Even if it's just "jaywalking" or "obstructing justice" or "resisting (being suffocated to death)".

      Oohooor... if you want to have fun, ask them calmly and nicely to give you six lines of text, spoken or written by them. Then twist the meaning into as many crimes as you can. And if they complain... "Why thank you! Resistance is another one!" :D

    • by Kisai ( 213879 )

      It's two-sided:

      "If you have nothing to hide..." yeah, but I don't want the world to know when I tell my kid to come to dinner and they're on the toilet on their phone playing Angry Birds.

      "Anonymity" Let's be real, even when you have your real name on facebook, that doesn't keep the assholes from being assholes on public record. Anonymity just lets people be a slightly more "real" version of themselves than they would normally be face-to-face. All those awful trolls on 4chan? Or here on slashdot, or some und

      • by Rande ( 255599 )

        They already do.

        If they get a warrant, they can have the Service Provider send an 'update' which will make the phone do whatever they need it to so they can gather evidence of ongoing criminal activity.

        What they can't do (easily) is arrest the person and THEN try to find evidence on their phone to convict them without the suspects cooperation in logging in.

    • People keep asking me why I use Signal for my messaging.

      Sometimes the dragnet is a better place to be than the actual watchlist. Why are you using Signal? What are you hiding? If you're not a criminal you wouldn't be hiding using signal. Therefore you must be a criminal!

    • by Slayer ( 6656 )

      The difference between Signal and Encrochat is, that the latter charged you thousands of Dollars for their service. Somehow this service must have provided some features, which were worth that amount of money to certain people. Crooks would have certainly saved that amount of money and used Signal, if that would have done the job for them. Note, that Encrochat proactively contacted their clients about potential problems, and forfeited big bucks by being honest (in their own way) and shutting down at the fir

      • Encrochat was not hacked. The phone it was running on was and monitoring malware installed. It had a custom android implementation and some hardware mods on the phone. Same could be done for Signal on an off the shelf unmodified phone.

        • Encrochat was not hacked. The phone it was running on was and monitoring malware installed.

          That would only explain people who got caught who contacted that phone, not all the other people who had no contact with it.

  • by nospam007 ( 722110 ) * on Thursday July 02, 2020 @10:08AM (#60254110)

    They bought these phones too.

    • by mspohr ( 589790 )

      The police state is primarily interested in lower class criminals... drug dealers, protesters, etc. They really protect white collar criminals.
      An example. The largest category of "theft" (both by volume and frequency) is wage theft where people are not paid for the work they do. Have you ever heard of anyone getting arrested for wage theft?

      • Have you ever heard of anyone getting arrested for wage theft?

        People are arrested for real wage theft all the time [google.com].

        Why you seem to be concerned with is workers who agree to terms of employment, where sometimes they have to work extra hours. That's called "salary" friend.

        Hourly workers if they work extra, are entitled to every bit they work and they can and will seek legal means to get it if they are not.

        • by Shaeun ( 1867894 )
          The corollary to working extra hours is that when you need time off you can just take it. You really should look up the salary rules.
          Alas, businesses are about abusing employees and you never work less. It doesn't make extra money, so it never works out that way.
          Salary is just a way to pay workers less. It's never in an employees best interest. But if you want the money, you play the game.
          • Salary is just a way to pay workers less. It's never in an employees best interest. But if you want the money, you play the game.

            I dunno man, it's worked out pretty well for me during this COVID shit. I don't mind getting paid to sit at home. It's the hourly workers who are getting fucked.

        • by mspohr ( 589790 )

          Your Google link doesn't show anybody actually getting arrested for wage theft and shows that just five states have laws against it.
          I'm referring to just basic wage theft where workers are not paid the agreed wage; not the more advanced scams that employers run such as calling workers "contractors", "supervisors", etc.

    • I want to know if any police were using them, and what was found about their activities

  • Now get rid of the criminals and you don't have to worry about them committing any more crimes.

  • Police work like this (track communications and follow the money stuff) should be well funded. Broken Windows type policing -while being good policy for making entering television shows- has proven to be completely worthless in comparison for actually stopping crime.
    • This is not real police work!
      A real cop would do it without breaking the law himself.

      This is merely one criminal gang being stronger than another one.
      If it was a TV show, you could seamlessly rewrite it as a gang war.

      • by bws111 ( 1216812 )

        What law did the cops break? You are aware that laws (such as anti-hacking laws) often have exceptions for 'approved law enforcement activities' built in, right? And warrants can be obtained for things like wiretaps. Where is the evidence the police did anything illegal?

        • You are aware that laws (such as anti-hacking laws) often have exceptions for 'approved law enforcement activities' built in, right?

          Probably a big part of the reason they think they are above all the laws.

  • Thank you, thank you, I'm here all week!
    Try the Bouchees a la Reine!

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Thursday July 02, 2020 @10:20AM (#60254140)
    Comment removed based on user account deletion
    • by PPH ( 736903 )

      The Vice.com article states:

      The industry is highly competitive, with companies constantly spreading rumours about the security of each others' devices and uploading YouTube videos to discredit their rivals. Encrochat previously blocked web domains used by other firms' devices, essentially segmenting their customer base from everyone else. That means dealers often need the same sort of phone as everyone else they're working with, unless they want to be locked out of important conversations.

      So avoiding open source might just be a way for Encrochat to differentiate it from its competitors as well as to maintain a walled garden.

    • by Kjella ( 173770 )

      There's nothing wrong with PGP as such, but one feature/flaw depending on how you look at it is that if the key is compromised your entire communications history with everybody can be decrypted if they have the encrypted messages. Which is not unlikely if it's sent from or received by any of the big free email providers, even if you "delete" them they could probably be recovered if you get them to dig through backups for you. The ratchet algorithm that Signal (and others) use is using something almost, but

    • Not only that but they marketed themselves as being a mechanism for criminals to safely communicate. A reporter was going to do a story on them a while back and I told them that that meant either EncroChat was set up by the law enforcement or was completely compromised by law enforcement. AFAIK they never published, which was probably a good thing since it might have tipped off the criminals.
      • by piojo ( 995934 )

        Advertising criminal use ==> completely compromised by law enforcement? How does that follow? Because no organization is good enough to make such provocative advertising then successfully weather the inevitable attack attempts by law enforcement?

  • Since the vast bulk of "money laundering" for drug gangs takes place under a "don't ask ; don't tell" policy within the largest international bank corporations, I'm not in the least impressed with this news of a stack of arrests one level above the street pushers.

    Throw the bankers in jail. Then talk about success.

    • Criminal: "I'd like to talk to someone about some, err, money I have to place with your bank, and I don't have the documentationw ith me right now"

      Banker: "don;t worry about that, we have all kinds of specialist teams that can facilitate every kind of transaction. How much do you have to deposit?"

      Criminal: "I have just over 1 million euros".

      Banker; "fuck off and stop wasting our time. loser. Come back when you have â10bn".

  • Did any of the cops see the Imitation Game? The first thing that happened after breaking the enigma machine was to come up with ways to get the info from other sources. The cops got a small win now, but it could have been so much more.
  • I think I must be missing the point somehow.

    Why wouldn't your average criminal use pgp/gpg, which is readily available, not too difficult to set up, and doesn't involve a third party provider at all?

    Surely the big criminal gangs could have someone set up gpg on a stack of phones and hand them out to their gang members?

    What am I not understanding here?

    • by Rande ( 255599 )

      Same reason that MS and other big companies get the big contracts. They market better and ask for LOTS of money.

      A lot of people still think that more expensive automatically means more better.

  • by petes_PoV ( 912422 ) on Thursday July 02, 2020 @12:46PM (#60254736)
    ... there was a report here a day or two ago that someone had moved $1bn of Bitcoin [slashdot.org]. Coincidence?
  • Did they 'break' the encryption? Or did they just capture one of the phones, they all used the same encryption, and that gave them a way in?

    Regardless this story is an example of why what some clueless Congresscritters want is pointless and stupid and will cause more harm than good: Criminals won't pay attention to 'breakable encryption' laws any more than they pay attention to any other laws, so you and I will have our digital asses flapping in the Internet breeze while criminals have solid encryption w
    • What the actual fuck, do we now have Senate shills on Slashdot, too? Who the actual fuck would mod what I just said as 'Troll'? Are you fucking stupid!?
      • by Cederic ( 9623 )

        I suspect they looked at the mix of bold, capitals and the word in bold capitals and thought, "This guy is just trying to provoke a reaction."

        Also known as trolling.

  • Give up control and someone will take control

  • I doubt that the encryption itself was hacked. I'm not saying it's not possible, just that it's highly improbable.

    What's much more probable is that law enforcement just exploited all of the weakest parts of this system: The humans.

    Humans always exposes flaws in otherwise secure systems. Keys are reused, released, and rarely changed. Trusted endpoints can be compromised, with or without their consent. The combination of flawed secure context maintenance and compromised endpoints means that otherwise secure

  • Any security is only as strong as it's weakest link, and that's almost always a human.

    Sounds like they found a way to get a sucker to let their malware on the phone, and from there it was downhill all the way.
    Their weak link probably didn't even know he'd done anything wrong either.

    You have no idea how often the "totally secure computer that has no network connect, or floppy drives and is absolutely air-gapped and can't be infected by anything" is infected when the rest of the company is as well. (I'd guess
  • So it seems criminals use Android phones. Must be an iPhone marketing campaign in there somewhere.

    • So it seems criminals use Android phones. Must be an iPhone marketing campaign in there somewhere.

      It was reported that one of the many million messages that were recorded was by a drug dealer warning a friend not to use an iPhone, because they are not safe :-)

  • Where is the "how they did it " part?

    The title says "How police ... (did it)".

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Working...