The National Crime Agency has released details of its penetration of EncroChat an encrypted communications network used by criminals that allowed it to seize 2 tonnes of drugs and over £54m of criminal assets.
In what the NCA says is the ‘UK’s biggest ever law enforcement operation‘ the police technology and intelligence agency has announced that it and an international team of law enforcement agencies has ‘broken’ into a communications network known as EncroChat.
According to the NCA, which works closely with MI5 and the high-tech Government listening agency GCHQ, a dedicated team have worked on breaking the encryption behind the criminal EncroChat service since 2016.
Nicki Holland, the NCA’s Director of Investigations saluted the operation’s success: “Together we’ve protected the public by arresting middle-tier criminals and the kingpins, the so-called iconic untouchables who have evaded law enforcement for years, and now we have the evidence to prosecute them.
“The NCA plays a key role in international efforts to combat encrypted comms. I’d say to any criminal who uses an encrypted phone, you should be very, very worried.”
Breaking EncroChat let police analyse criminal data
The NCA press release about ‘Operation Venetic’, the name given to the police response to the data haul from the penetration of the encrypted phone company, states that for a number of years; “the National Crime Agency has been working with international law enforcement agencies to target EncroChat and other encrypted criminal communication platforms by sharing technical expertise and intelligence.
“Two months ago this collaboration resulted in partners in France and the Netherlands infiltrating the platform. The data harvested was shared via Europol. Unbeknown to users the NCA and the police have been monitoring their every move since then under Operation Venetic – the UK law enforcement response. Simultaneously, European law enforcement agencies have also been targeting organised crime groups.”
“The NCA plays a key role in international efforts to combat encrypted comms. I’d say to any criminal who uses an encrypted phone, you should be very, very worried.”
Nicki Holland, NCA Director of Investigations
Rather than breaking into the EncroChat platform, the NCA used its data analysis specialism to sift through the data obtained from the penetration of the company.
“The NCA created the technology and specialist data exploitation capabilities required to process the EncroChat data, and help identify and locate offenders by analysing millions of messages and hundreds of thousands of images.
“Intelligence packages were disseminated to NCA operational teams, ROCUs, Police Service of Northern Ireland, Police Scotland, Metropolitan Police, Border Force, the Prison Service, and HMRC to develop and launch investigations.”
A development that allowed a team of 500 NCA officers working with police forces across the UK to “smash thousands of criminal conspiracies”, said the NCA adding: “There were 60,000 users worldwide and around 10,000 users in the UK – the sole use was for coordinating and planning the distribution of illicit commodities, money laundering and plotting to kill rival criminals.”
The details of the infiltration point rather than a breaking of the encryption to the police being able to hack the EncroChat servers said George Ridley, a researcher working for the Cyber Security Research Institute.
“The fact that they were working on a haul of data would point to the fact that like cases involving Wikileaks and Chelsea Manning and Edward Snowden that the police were working on exfiltrated data from a central source. EncroChat would appear to have worked out it had been ‘broken into’ because it managed to get out a warning.
“If they had broken the encryption it would have made more sense for them to have sat there monitoring everything, as happened in the Second World War when the UK broke the German Enigma Code. The value is in seeing what is being communicated and not giving away that you are there and that the protection is useless.
Encryption also attractive to public
“It should be pointed out that there are a number of other encrypted phone systems around the world, the Blackphone in the US and Crytophone in Germany being a couple of examples. No-one is suggesting that they are criminal networks but they offer encrypted services too, as do Signal and Wickr-Me,” said Ridley adding: “It’s not just criminals that need encryption there are a whole range of people across society who don’t trust the authorities and that needs to addressed.
“These are criminals and they deserve what has happened to them, but the message behind all of this is that encrypted services are a very attractive honey-pot for Governments because they do gather your opponents, your enemies and your adversaries all into one place.”
EncroChat, developed by a Dutch company, is one of a number of encrypted communications services used for illegal purposes and is believed to be popular among both criminal and terrorist organisations.
A custom-built phone with anti-hacking software costs £3,000 a year. The phones – which have pre-loaded apps for instant messaging, can make VOIP calls – Voice Over Internet Protocol, essentially calls via the internet, a similar technology to that offered by What’s Ap – and have an onboard kill code which wipes them remotely, though they do not have any other conventional smart phone functionality and are provided on six-month renewable contracts.
According to the NCA, EncroChat was used solely by criminals though the service was available to anyone prepared to pay for what the company said “was the equivalent of two people having a conversation in an empty room”.
Landmark for police
The successful penetration of EncroChat, marks an important landmark for the police and intelligence agencies in their campaign against the personal use of encrypted devices and services which the police and law enforcement organisations have long claimed hinder their operations.
The analysis of the data obtained from EncroChat that led to Operation Venetic is according to the authorities the biggest and most significant operation of its kind in the UK.
“The NCA, Regional Organised Crime Units (ROCUs) and police forces have punched huge holes in the UK organised crime network so far by arresting 746 suspects and seizing: Over £54million in criminal cash, 77 firearms, including an AK47 assault rifle, sub machine guns, handguns, four grenades, and over 1,800 rounds of ammunition. More than two tonnes of Class A and B drugs. Over 28 million Etizolam pills (street Valium) from an illicit laboratory, 55 high value cars, and 73 luxury watches.
“In addition, a specialist NCA team, working closely with policing partners, has prevented rival gangs carrying out kidnappings and executions on the UK’s streets by successfully mitigating over 200 threats to life.”
Criminal network
According to the NCA, EncroChat was a purely criminal enterprise an assertion it backs up with the following statement: “On 13 June, EncroChat realised the platform had been penetrated and sent a message to its users urging them to throw away their handsets.”
The success of the Euro-wide police operations will now inevitably lead to increased Government pressure on the public deployment of encryption services something that will be fiercely resisted by privacy and human rights activists.
The argument that encrypted communications benefit criminal operations will just as inevitably be countered by civil rights groups with claims that surveillance by Governments and large corporations represent as much of a threat to the public as organised crime.
It will also be pointed out that the activities exposed by NSA whistle-blower Edward Snowden represented a significant and unjustified invasion of personal liberties by the intelligence agencies and that this can only be countered by the use of strong encryption by individuals.
A stand-off that will only be solved by further examples of the criminal use of encrypted services and by Government’s becoming more transparent about their use of data in the digital communications century.
