Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
EU Privacy

European Police Malware Could Harvest GPS, Messages, Passwords, More (vice.com) 29

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. From the report: The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages. "The NCA has been collaborating with the Gendarmerie on Encrochat for over 18 months, as the servers are hosted in France. The ultimate objective of this collaboration has been to identify and exploit any vulnerability in the service to obtain content," the document reads, referring to both the UK's National Crime Agency and one of the national police forces of France. As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device, the document reads.
This discussion has been archived. No new comments can be posted.

European Police Malware Could Harvest GPS, Messages, Passwords, More

Comments Filter:
  • Bad guys with computers defeated by good guys with computers.

    • Re:Good. (Score:5, Insightful)

      by jellomizer ( 103300 ) on Tuesday September 15, 2020 @10:47AM (#60507848)

      Bad Guys with computers defeated by worse guys with computers.

      Freedom is the Opposite of Safety.

      If you want to feel safe, you will need to give up freedoms. If you want to be free, you will need to expect to live in a less safe environment.

      One cannot expect a fully free society, or a fully safe one. It is trade-off where a complex decision needs to be made.

      Say you were being monitored but innocent for say using the internet to sell drugs. However in their investigation they found that you downloaded some pirated movies. Because if you are a bother to the police, They will often find something to arrest you with.

      • Pretty sure that I'd be a lot safer if not for having to constantly consider how megacorporations and the government wanted to steal my shit, spy on me, and lock me up for what I do in the privacy of my own home.

        Freedom is taken, not given. Nobody else can make you free. You have to do it for yourself.

      • Criminals using an app to organise drug sales don't have a right to privacy. Society is a bit more free, and a bit more safe, with these people going to jail.
        • No, society is demonstrably more free without laws against drug distribution. By creating laws, and enforcing them military, we promoted the rise of violent cartels who can go toe-to-toe with a military, extreme corruption, and centralization of profits in the few cartels who can cross a militarized border.

        • The problem is say you are under investigation for organized drug sales, You do not do such activity. However you may use the same tools that those who did, your privacy will be violated.

      • Bad Guys with computers defeated by worse guys with computers.

        This is a strict limited targeted action against actual criminals. The people targeted included actual assassins and hitmen. Blackmailers ant torturers. "Threats detailed on the site included acid attacks and chopping off limbs". If you have a problem with stopping this then maybe you are the problem. There's really very little to show that the police involved are in any way bad. Do you have any specific evidence on that?

        Freedom is the Opposite of Safety.

        If you want to feel safe, you will need to give up freedoms. If you want to be free, you will need to expect to live in a less safe environment.

        You are making one of the biggest mistakes there is. You cannot trade off freedom an

      • Freedom is the Opposite of Safety.

        Tell that to second amendment rights proponents.

        • In terms of the Second Amendment Rights Opponents and Proponents both are not being honest with themselves.

          Having guns, and allowing any citizen to have a gun any gun. Will be more dangerous. Guns are dangerous tools. They are designed to destroy at a distance.

          However guns are indeed tools, with practical and legit uses. Saying you cannot use a tool, because some people misuse them is indeed infringing on our freedoms.

    • No. All guys with computers defeated by bad guys with computers

      They spied on anyone who thought they needed encrypted communication. Now, why would you need that? Oh right, to be safe from overzealous "law enforcement". Lots of people have been arrested who were not originally suspected of anything, other than using encryption (a police spokesman told there have been many "new actors"). This is a huge violation of human rights, which are in the basis of European law.

      Yes, also criminals have been arrested, b

      • by PPH ( 736903 )

        who were not originally suspected of anything, other than using encryption

        Whereas here in the good old USA (land of the free) you can be arrested for possessing money without reporting it. Lavrentiy Beria is alive and well, living in the souls of all governments.

      • No. All guys with computers defeated by bad guys with computers

        They spied on anyone who thought they needed encrypted communication. Now, why would you need that? Oh right, to be safe from overzealous "law enforcement". Lots of people have been arrested who were not originally suspected of anything, other than using encryption (a police spokesman told there have been many "new actors"). This is a huge violation of human rights, which are in the basis of European law.

        The claim in the newspapers is that 10% of the customers were non criminals. Compare that with WhatsApp or more importantly signal [signal.org] which specifically target normal consumers for protected communications. Specifically, the marketing from this company specifically targeted criminals and their customer support was designed for criminals. That means that the communications organisation was explicitly criminal (since aiding criminals is, reasonably, a crime) and that the chance of any random customer being a

    • by gweihir ( 88907 )

      Bad guys with computers defeated by good guys with computers.

      Nope. Bad guys with computers pretending to be good guys but preparing to compromise everybody.
      Any attack on IT systems is a malicious act, no matter who does it.

    • "Bad guys with computers defeated by good guys with computers."

      Almost. Bad guys with Android phones defeated, bad guys with iPhones are OK.

    • Bad guys with computers defeated by good guys with computers.

      Because "bad guys" with computers never exploit the tools that the "good guys" use.

  • This was a failure on a scale above "epic". There are estimates that they had 60,000 users of which 50,000 used the network for criminal purposes. Interpol found _every single user_ and recorded _all chat messages_ for months. They have so much evidence against crooks, they don't actually have the man power to arrest everyone.

    Funny was a message sent by one of the crooks telling another one not to use an iPhone because it was inherently unsafe :-) The particular hack used by the police wouldn't have work
    • by gweihir ( 88907 )

      Nope. Just evolution at work. The next thing the police will not get in nearly as easily. They got a seemingly big short-term win, but as a consequence they are going to lose it all in the long run. Greedy and stupid.

      • by GuB-42 ( 2483988 )

        Police actually waited for months. Watching is nice but at some point you have to take action if you want to actually fight crime.

        Crooks would have found out about the hack sooner or later, especially if the police seems to know too much. Not all criminals are stupid, and some of them will connect the dots. Taking down everyone at once has the advantage of not giving them time to react.

        • by gweihir ( 88907 )

          They did not actually fight crime here. They made big press and got some careless criminals, making the others much better prepared. That is a Pyrrhic victory at best. But the police does not actually care about fighting crime. Why would they endanger their jobs? They need criminals. What they care about is appearances.

      • You do know that this is the second time police cracked a PGP messaging server? And that the police used their experience with the first hack to make this one more effective? And that the crooks hadnâ(TM)t changed their behaviour?
    • The failure was on the part of the criminals believing the bull, bad software design and bad OPSEC. Encrochat claimed a combination of 'Perfect Forward Secrecy, Deniability, Encryption Strength and Repudiable Authentication' as their means of protecting users but then they advertised "With our advanced burn a user can force wipe their own messages from another user’s device using a timer countdown". Well, if they are offering both deniability and repudiation as an ideal security goal then the ability
    • The particular hack used by the police wouldn't have worked against an iPhone on the box.

      It wouldn't have worked against any other Android phone either. According to TFA, the hack was specific to one phone model. (Un)fortunately, Encrochat only offered one model of phone, meaning all their users were compromised by the single hack.

      The associate told Motherboard the malware was specifically created for the X2 model.

      That's not to say other Android phones could've been hacked in a similar way. But then so co

  • by pele ( 151312 )

    something something something china
    something something something russia
    something something something france

  • I suppose too, that it's not a good idea to keep old messages on your device.

    • The perfect solution is to write an app that adds, deletes, shuffles messages to be forensically clean. Now if the cops say this or that, their chain of evidence will be flat wrong. Every phone has some law enforcement features. As such take pride in sending incriminating messages about prominent people, and time wasting red herrings, and clear codewords that could only be elected politicians. Leveraging GPS information means knowing where these people live. There is a reason why there are no open source p

Genius is ten percent inspiration and fifty percent capital gains.

Working...