Nearly 750 people in the UK have been arrested so far after an international coalition of law enforcement agencies infiltrated an encrypted chat platform in which suspects openly discussed murder, accusations, illegal drug purchases. , sale of arms and other alleged crimes.
The UK’s National Crime Agency (NCA) today announced the results of an investigation it called Operation Venetic. UK agencies together have so far arrested 746 suspects and confiscated 77 weapons, two metric tons of drugs, 28 million illicit pills, 55 “high value” cars and more than £ 54 million ($ 67.4 million) in cash.
The arrests followed an advance on an encrypted communications platform, Encrochat, widely used in the European underground. “Infiltrating this command-and-control communication platform for the UK criminal market is like having an insider in every major organized crime group in the country,” said NCA Director of Investigations Nikki Holland, in a written statement. “This is the UK’s largest and deepest operation on serious organized crime.”
The investigation started in France, where it was finally named “Emma 95”, in 2017, according to Europol, the European Union’s joint police agency. Then it spread to the Netherlands with the code name “Lamont” and finally reached the United Kingdom. Users in Sweden and Norway were also involved in drug trafficking and other organized crime, Europol said.
French authorities declined to publicly disclose the details of their investigations or the results so far, but Dutch authorities said they arrested more than 100 suspects and confiscated more than 8,000 kg of cocaine, 1,200 kg of methamphetamine, dozens of weapons and luxury cars. and almost € 20 million ($ 22.5 million) in cash.
No back door needed
All suspects communicated through Encrochat, an encrypted service that requires specialized phones to function. As Europol described it:
Encrochat phones were presented to customers as a guarantee of perfect anonymity (no association of device or SIM card in the customer’s account, acquisition under conditions that guarantee the absence of traceability) and perfect discretion of both the encrypted interface (operating system dual, the encrypted interface is hidden so as to not be detectable) and the terminal itself (removal of the camera, microphone, GPS and USB port)
The researchers who found a way to the platform did not attempt to break the encryption in any way. Instead, they went after the devices, installing malware to allow them to read messages before sending them. Vice Motherboard reviewed a treasure trove of leaked documents and spoke to the police, Encrochat, and criminals to fully report what happened.
Encrochat “is very secretive and doesn’t work like a normal tech company,” noted Motherboard. While “someone in control of a company’s email address” told the site that it is a legitimate company with clients in 140 countries, crime-affiliated sources said that many Encrochat clients are doing something illegal.
The phones themselves are modified Android devices, explains Motherboard, including a model called the BQ Aquaris X2 made by a Spanish firm. Encrochat physically removed the GPS, camera, and microphone capabilities of the phones, so users could not be recorded or tracked through them. The company also installed dual operating systems on each device (standard Android as well as the Encrochat system) so that the phone could pose as a normal device. The devices also had a feature that allowed them to be completely removed if the user entered a certain PIN.
It is not a user error
In May, Motherboard reports, some Encrochat users started having problems with that erase function. Encrochat initially assumed it was a user error or an unauthorized error. In May, the company got their hands on one of the X2 devices with the problem and discovered that the problem was not a user error. Instead, it was malware that not only prevented removal, but also logged screen lock access codes and cloned app data.
Encrochat introduced an update, but the devices were attacked almost immediately, and the new malware could not only record the lock screen passwords, but could also alter them. After trying various ways to avoid the attack by stopping the SIM service, Encrochat determined that the attack was likely from the police and decided to close. On June 13, he warned customers: “Today our domain was illegally seized by government entities. They reused our domain to launch an attack to compromise the carbon units.”
The company estimated that approximately 50 percent of units in Europe were affected. “Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device,” added Encrochat, advising users to physically turn off and dispose of their phones.
However, as has become clear, the shutdown came too late, and law enforcement agencies already had access to an enormous amount of data.
A source told Motherboard that the mass arrests appear to have had the desired effect and told the site that mass drug purchases had become significantly more difficult because “everyone goes to earth.” Still, peace of mind may not last: Competitors are not only moving to fill the gap, but are offering discounts to Encrochat users who are ever looking for a new platform.