Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday July 03 2020, @05:59AM   Printer-friendly
from the architecturally-impaired dept.

After two months of monitoring, a major encrypted criminal chat network in Europe has been shut down, resulting in over 800 arrests so far.

An estimated 60,000 people, among them up to 10,000 in Britain, subscribed to France-based EncroChat, which has now been taken down.

The system operated on customised Android phones and, according to its website, provided "worry-free secure communications".

Customers had access to features such as self-destructing messages that deleted from the recipient's device after a certain length of time.

There was also panic wipe, where all the data on the device could be deleted by entering a four-digit code from the lock-screen.

According to BBC technology reporter David Molloy

EncroChat sold encrypted phones with a guarantee of anonymity, with a range of special features to remove identifying information. The phones themselves cost roughly £900 (€1,000) each, with a subscription costing £1,350 (€1,500) for six months.

Europol said that French police had discovered some of EncroChat's servers were located in the country, and that it was possible to put a "technical device" in place to access the messages.

In June, rumours began to swirl about EncroChat being compromised by law enforcement.

The Netherlands' National Police said that users began to throw away their phones once the company became aware that messages were being intercepted - "but it was too late".

Police had already intercepted millions of messages, some of which have been acted on already - and others that may be used in the future.

England's National Crime Agency (NCA), roughly comparable to the Federal Bureau of Investigation in the United States, stated that dozens of organized crime groups were shut down primarily across London and Northwestern England.

Details on the method used to breach the encrypted network have not been described in detail other than as "state of the art cyber technology."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by TheRaven on Friday July 03 2020, @12:44PM

    by TheRaven (270) on Friday July 03 2020, @12:44PM (#1015727) Journal

    The crypto is often not the weakest link. I pretty much trust Signal, but Signal has an auto-update mechanism. If an adversary compromised the signal code signing key, they'd be able to provide an update and install a compromised version on everyone's machine. That's probably tricky with Signal, because enough law-abiding people use it that you'd find it difficult to get a judge signing the order (especially in the EU, where MEPs are advised to use MEP) but pretty easy on a platform that is only used by criminals. If they can identify your particular machine, then it's still potentially possible to push a specific compromised version to your code.

    Code transparency systems are intended to address some of this, so you can see if a version that's being pushed out to you is one that many other people are seeing. If you are the only person getting a particular update, you start to worry.

    --
    sudo mod me up
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2