EncroChat encrypted network: police identify more suspects

Cybercrime, endpoint security, fraud management and cybercrime

Traces of seizure from the “industrial-scale cocaine laboratory” to users of the deceased EncroChat service

Mathew J. Schwartz (euroinfosec) •
June 2, 2021

Evidence seized by Dutch police during their raids (Photo: Europol)

More and more customers of the now defunct encrypted communication service EncroChat are being arrested by the police.

See also: Live Panel | Zero Trusts Given – Harnessing the Value of Strategy

EncroChat previously sold smartphones for around $ 1,000, with a six-month service plan costing $ 1,700.

“EncroChat has enabled law enforcement agencies to identify a number of people of interest.”

Police say criminals have widely used the service to coordinate illegal activities. “EncroChat phones have been presented to customers as guaranteeing perfect anonymity,” according to Europol, the EU law enforcement agency.

Unfortunately for EncroChat users, the service continues to not work.

Europol said the crime syndicate operated “an industrial-scale cocaine lab” in Rotterdam, hidden inside a building that also housed a garage for customizing distribution vehicles.

On May 26, Dutch police raided several addresses in The Hague and Rotterdam, where they discovered “an industrial-scale cocaine laboratory”, which was “hidden in a building also housing a garage used by criminals for customize vehicles with secret compartments to transport drugs across Europe, ”says Europol.

The drug lab and the garage were operated by the same gang, and one of its members was arrested in Rotterdam on a European arrest warrant the same day, reports Europol.

The EU law enforcement agency said members of the criminal syndicate were identified following the investigation by the French and the Netherlands into the EncroChat network.

Meanwhile, on March 31, the French gendarmerie deployed 450 agents against the same gang in a series of raids around Marseille, leading to the seizure of $ 3.7 million in cannabis resin, $ 4 million in cash. and 6 million cocaine, as well as the arrest of eight gang members.

Europol claims that the French investigation “was able to trace the cocaine to the underground laboratory” located last week in Rotterdam.

Suspects using EncroChat

Dutch SWAT teams and specialist dogs participated in the May 26 raids.

Clearly, the police continue to use the intelligence gleaned from their infiltration of the EncroChat network to identify and investigate suspects.

“EncroChat has enabled law enforcement to identify a number of people of interest and while there may not have been enough evidence to stop them in the first wave, these cases are reaching now the stage where they will lead to more arrests, “said cybercrime expert Alan Woodward, visiting professor of computer science at the University of Surrey.

This is despite the fact that EncroChat phones and software were designed to hide the identity, location and other personally identifying details of their owners, according to Europol. Before being sold, EncroChat smartphones – all Android models – were modified to not have a working SIM card, camera, microphone, GPS capability, or USB port. The devices included two operating systems, with the encrypted interface being masked so as not to be easily detectable. The devices also offered automatic deletion of all messages on a recipient’s device as well as the ability to remotely erase all data.

Law enforcement officials began surveying the service in 2017, and in April 2020, police appeared to have successfully introduced malware to some users’ devices, giving them the ability to intercept chat messages. and supposedly untraceable footage, as Vice reported.

After discovering the intrusion, EncroChat announced in June 2020 that its infrastructure had been breached and halted operations, warning all users to get rid of their phones.

EncroChat operators shut down the service on June 13, 2020, after discovering that police had entered the network, and warned all users to immediately throw away their EncroChat smartphones. (Source: Europol)

In July 2020, authorities said access to the EncroChat network had led to more than 100 arrests in the Netherlands, where more than 8,000 kilograms of cocaine and 1,200 kilograms of crystal meth were confiscated, 19 drug labs were destroyed and firearms and vehicles were seized. Britain’s National Crime Agency reported 746 arrests, as well as the seizure of 54 million pounds ($ 77 million) in cash, 77 firearms and over two tonnes of illegal narcotics, as well as the disruption of 200 “threats to” life ”, including kidnappings and executions of rival gang members.

Police infiltrate encrypted networks

Many governments and law enforcement agencies have continued to warn that encrypted services – including Facebook Messenger and WhatsApp – help criminals evade police scrutiny by “going obscure.” But as the disruption of several encrypted messaging platforms has shown, the police have the ability to penetrate these services.

Indeed, after the disruption of EncroChat, a Belgian underworld source told the Gazet van Antwerpen newspaper that “almost everyone in Antwerp switched from EncroChat to Sky” after the withdrawal, referring to a cryptophone service. rival.

In March, however, law enforcement officials disrupted Sky, as investigators apparently gained the ability to “unlock” the 3 million daily messages from the service’s 170,000 users.

That same month, the US Department of Justice unveiled an indictment accusing the two Canadians who ran the service of conspiring to violate the Federal Influenced Racketeers and Corrupt Organizations Act, aka RICO, by running a “illicit secret communication network” for criminals.

According to the indictment, the suspects practiced a ‘ask nothing / do nothing’ approach to any service-related crime report and hid the company’s profits using shell companies and cryptocurrency. bitcoin.

Undoubtedly, investigators continue to exploit messages exchanged by Sky users to look for signs of criminal activity.

“If EncroChat has shown anything, it’s that criminals have to look over their shoulders because law enforcement won’t just give up,” Woodward of the University of Surrey tells me. “They will look for other ways to repeat the success they have had with EncroChat. It may not follow the same pattern, but law enforcement agencies are learning to be innovative, as are criminals. Add to that the power to work internationally, and I think we’ll see more surprises. “

Comments are closed.