Ooooooh!

The suspects were as baffled as anyone as to why they were suddenly being picked up, perhaps fearing the work of a supergrass. But then, on June 12, some of the most senior members of Britain’s criminal fraternity received a text on their mobiles that made everything clear. The top-secret, encrypted messaging platform EncroChat, which they had for four years used for their business, had been compromised by law enforcement agencies. The message from the shadowy France-based provider was stark: “We can no longer guarantee the security of your device. We advise you to power off and physically dispose of your device immediately.”

But for many of the 10,000 UK users it was too late. The police had already begun kicking down front doors. EncroChat handsets, which cost around £3,000 a year, provided gangsters with a supposedly secure network on which they could deal drugs, order gangland hits, arrange money laundering and carry out their underworld activity.

Emerging in 2016 to replace an end-to-end encrypted service that was disabled, EncroChat became the go-to platform for top-tier criminals.

Britain’s National Crime Agency, with European law enforcement bodies, had spent four years trying to crack the system without success. But in April, cyber specialists working with the French police managed to hack into the network without being detected.

They were able to eavesdrop on millions of chilling messages and harvest a treasure trove of evidence. Nikki Holland, director of investigations at the NCA, said: “It was like getting the keys to Aladdin’s cave”, while her deputy, Matt Horne, likened it to “cracking the criminals’ Enigma code”.

Entirely unconnected, didn’t James Stunt just get arrested?

And the bloke I’d really like not to be at the moment is the cryptographer behind EncroChat. That sounds like a rather desperate position to have right now.

26 thoughts on “Ooooooh!”

  1. “But for many of the 10,000 UK users it was too late. The police had already begun kicking down front doors.

    Were they allowed to enjoy it this time?

  2. Is it just coincidence that the photos of cash in the article appear to be issued by Scottish banks?

    Is this some sort of Great Train robbery in reverse? (IIRC, the notes stolen then were being sent to BoE for destruction.) Were this lot ready to be sent back over the non-border for laundering?

    Where’s all the legal tender?

  3. Cue calls for encryption to be banned or backdoored. Why don’t you trust civil servants with the keys to your online banking? They are so competent with everything else.

  4. “And the bloke I’d really like not to be at the moment is the cryptographer behind EncroChat”

    To be fair to him/her the authorities would undoubtedly have had access to some seriously powerful computers, so breaking this encryption would have been, if not easy, then really just a matter of time.

  5. A quick google says the gov basically got a key logger on the phones. The encryption was not cracked, it was bypassed.

  6. So Much For Subtlety

    If I were the police I wouldn’t be telling people I broke the encryption. Or if they found out, I wouldn’t be telling them it was the work of some boffins.

    I would tell the media that one member of the group was really angry because another member of the group was banging his sister so he flipped on them. Without specifying which member.

    I figure a good percentage of them will be banging someone’s sister. So they will clean up what the Courts can’t convict. Problem solved.

  7. With the cracking of the original Enigma machines, they were at pains to make sure that the Germans weren’t aware that their security had been compromised.
    It’s possible that in this case, the encryption wasn’t broken but they want people to believe that so as to discourage people from using it in the future.

  8. Ooooh, just like in ‘The Wire’.

    Which is a good box set to churn through.

    Although I wish they’d use subtitles as I can’t understand half of what the brothers are saying, ya feel me?

  9. I’m going to call out that this is truckloads of bullshit. EncroChat handsets? Show me one. Just one. One physical device and where it was ever sold for £3000.

    “Chief Constable Peter Goodman, of the National Police Chiefs’ Council, said: “Criminals have been using these devices believing they were indecipherable by law enforcement.”

    That’s what this is really about. Pretending they can break strong crypto. I seriously doubt that they have. Security researchers can’t do that, and they’re about 100 times better at this than the people plod employ. What they’ve probably really done is either infiltrate the company “have this money, we’ll ignore your criminality and you give us the keys” or infiltrated the network: buy some product, arrest people, get them to do deals, all the way up to the big guys.

    Of course, they won’t get all the big guys so some other big guy takes over their turf. The distribution of product is delayed for perhaps hours, a few days perhaps.

  10. A Professor Murphy wants to know what is to happen with respect to the tax liabilities that all of these people should have paid

  11. I agree with BoM4.

    Plod has lots of form for tall tales of super-coups that evaporate on contact with courts.

    Remember “Operation Pentameter” that supposedly brought down 573 wicked human traffickers. Or more accurately “Operation And Then There Were None” because none is how many actual traffickers they caught after the bullshit hype was washed away.

    Lets wait and see what happens when–and if–court appearances begin.

  12. They’re unlikely to have have broken the crypto itself. More likely they found an exploit in the software, of the type where receiving a specially-crafted message can run arbitrary code. This would give full access to the device to the authorities.

    The hardest part is keeping all this secret from the criminals. It’s almost unthinkable that there wasn’t at least one dodgy copper who tipped them off; especially for an internationally-coordinated operation.

  13. “Plod has lots of form for tall tales of super-coups that evaporate on contact with courts.”

    Careful, Mr Ecks. That’s the thin end of a wedge that ends up in grudging respect for lawdogs.

  14. @ BoM4

    If you give any credence to Wikipedia the breakthrough was achieved by putting “a technical device in place” on EncroChat’s servers in France (https://en.wikipedia.org/wiki/EncroChat).

    So, they most likely just captured the decrypted traffic directly on the server having gained physical access to it – no breaking of encryption involved.

  15. Mr Yan

    Is that right? I thought Encrochat was end to end encryption only – and that the French had hacked one of the devices (and presumably from there had discovered a wider vulnerability etc)? I guess the reality is we’re not really going to know (for a while)?

  16. Little respect need be accord the ability to spot that nothing equals nothing Mr Lud.

    137 of Pentameter’s “defendants” didn’t even exist having had to have been made up by Police forces told to find traffickers or else. No real smarts needed to point that out.

  17. The tale I read suggested that the French managed to get malware onto the phones so they could see the stuff before it was encrypted. Though to make that really useful you need to get the malware onto lots of the phones. Of course the whole thing will be surrounded by smoke & mirrors from TPTB to unsettle the perps, so the reality could be rather more mundane. Maybe the crypto implementation was weak. It’s really hard to get right. That has happened in the past, both at nation-state level and at idiot terrorist level.

    Here’s some more smoke. How about Encrochat was a false flag op all the time, set up by TPTB? However it was in competition with other similar services so there would have been no guarantee that it would have reached the penetration it did.

  18. First… British plod may bray all they want, but they actually didn’t have anything to do with the compromising of this particular telco… They just got handed the relevant results by Europol for processing in their jurisdiction.
    The grunt work was done by a french-dutch team.

    Second.. The encryption on that system was server-based.. Which has the glaring security problem: If the server is compromised, any encryption is rendered useless, since it’s decrypted at the server for various purposes.
    Like with any fortress: it may be able to withstand months of siege, unless an inside force drops the drawbridge…

    What I’ve been able to puzzle together is that the french first of all succeeded in infiltrating the telco, and managed to install malware on the servers.
    Problem there was, that they wouldn’t be able to exfiltrate stuff, because that would have been noticed pretty soon.
    The dutch plod, however, had a number of sets that were …available… from a number of busts.. ( the XKCD method method may or may not have been used to obtain any unlock codes.)

    Now imagine a situation where you can silently and invisibly add one of those handsets to any group chat or direct communication as if it was a group chat….
    You don’t need to crack encryption, because, as far as the server is concerned, you are part of a legitimate communication exchange… It will do that work for you as if things were normal..
    So no flags are raised internally, there is nothing *to* flag… Especially if you manage to connect to whatever you want through the malware already in place, posing as a legitimate request, through one of the “compromised” phones…

    Which is more or less what happened, until inevitably someone put A and B together and realised something was up. But by that time the team already had months’ worth of lovely, lovely evidence…

  19. Mr Yan,

    “If you give any credence to Wikipedia the breakthrough was achieved by putting “a technical device in place” on EncroChat’s servers in France (https://en.wikipedia.org/wiki/EncroChat).”

    I give far more credence to Wikipedia, as it’s generally edited by people with an interest, rather than journos who just turn up for sexy photos.

    And yes, getting some malware on the servers would do it.

  20. @Tim W, Dave Ward

    Read article again. Encryption was not broken. The middleman server was hacked.

    Why anyone would trust non end to end encryption is the question. It’s same as why we don’t use teamviewer, logmein etc

  21. So 60,000 users at £3,000 a year = £180,000,000 a year for 4 years. Is it illegal to make encryption devices? If not, looks like a really good business opportunity.

Leave a Reply

Your email address will not be published. Required fields are marked *