Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday July 03 2020, @05:59AM   Printer-friendly
from the architecturally-impaired dept.

After two months of monitoring, a major encrypted criminal chat network in Europe has been shut down, resulting in over 800 arrests so far.

An estimated 60,000 people, among them up to 10,000 in Britain, subscribed to France-based EncroChat, which has now been taken down.

The system operated on customised Android phones and, according to its website, provided "worry-free secure communications".

Customers had access to features such as self-destructing messages that deleted from the recipient's device after a certain length of time.

There was also panic wipe, where all the data on the device could be deleted by entering a four-digit code from the lock-screen.

According to BBC technology reporter David Molloy

EncroChat sold encrypted phones with a guarantee of anonymity, with a range of special features to remove identifying information. The phones themselves cost roughly £900 (€1,000) each, with a subscription costing £1,350 (€1,500) for six months.

Europol said that French police had discovered some of EncroChat's servers were located in the country, and that it was possible to put a "technical device" in place to access the messages.

In June, rumours began to swirl about EncroChat being compromised by law enforcement.

The Netherlands' National Police said that users began to throw away their phones once the company became aware that messages were being intercepted - "but it was too late".

Police had already intercepted millions of messages, some of which have been acted on already - and others that may be used in the future.

England's National Crime Agency (NCA), roughly comparable to the Federal Bureau of Investigation in the United States, stated that dozens of organized crime groups were shut down primarily across London and Northwestern England.

Details on the method used to breach the encrypted network have not been described in detail other than as "state of the art cyber technology."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by Anonymous Coward on Friday July 03 2020, @08:33AM (1 child)

    by Anonymous Coward on Friday July 03 2020, @08:33AM (#1015700)

    They say 'malware', but from the technical description of the setup it looks a lot more like the authorities managed to leverage the phones system update mechanism by pretending to be the legitimate servers located within their juristriction and pushing out said 'malware' as legitimate looking system updates, which these oh-so-secure phones accepted and installed with nary a peep..one wonders how well they excised any lurking trusted keys from the phones when they modded them, either that, or their own keys were compromised...or the phones accepted unsigned OTA updates...

    Most definitely not user error, probably more a combination of the greed, sloppiness & suspected control freakery on the part of the operators combined with the Android OTA update mechanism...the gift that keeps giving (just ask the Chinese....)

    Starting Score:    0  points
    Moderation   +3  
       Insightful=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  

    Total Score:   3  
  • (Score: 2) by pdfernhout on Saturday July 04 2020, @02:15AM

    by pdfernhout (5984) on Saturday July 04 2020, @02:15AM (#1015964) Homepage

    Trotting out once again this essay I wrote in 2015: https://pdfernhout.net/why-encryption-use-is-problematical-when-advocating-for-social-change.html [pdfernhout.net]
    "Here is a partial list of all the ways a tool like Briar [or anything similar] can fail when being used by activists engaged in controversial political actions. ... Hardware may be compromised during production at various levels (chips, assemblies like memory or disk drives or batteries, lowest level BIOS). Cell phones in particular are vulnerable to this because they generally have a separate processor for interfacing with the cell phone network that is often proprietary. The separate cell phone processor may also update on its own schedule independent of user control, as with the previous point. ... If you work in public, you don't have to fear loss of secure communications because you never structure you movement to rely on them. If you rely on "secure" communications, then you may set yourself up to fail when such communications are compromised. If your point is to build a mass movement, then where should your focus be?"

    --
    The biggest challenge of the 21st century: the irony of technologies of abundance used by scarcity-minded people.