Police forces across Europe celebrated their infiltration of EncroChat on Thursday, disrupting international organised crime networks which were using the company’s encrypted phones.
In the UK, authorities arrested 746 suspected top-tier criminals who are believed to be involved in murder, gun smuggling and drug trafficking crimes, and seized £54m in cash and 1.5 tonnes of cocaine.
Similar operations have been carried out across Europe, as a result of intelligence gleaned from police’s access to millions of messages sent using the encrypted messaging network over the past five months.
Who was behind EncroChat?
The identities of the people running EncroChat are currently unknown.
The National Crime Agency (NCA) told Sky News that the company itself has not been accused of criminal activity, but that its platform was used by criminals.
Following the police action, someone presenting themselves as a company representative told Vice Motherboard that they were shutting down their service to protect their customers.
“Our main priority has always been our customers integrity and security, and when we no longer can guarantee that, we have no other choice than to shut down the service even if it destroys our business,” they said.
What is an EncroPhone?
The encrypted phone industry generally advertises its phones as capable of resisting lawful attempts to gain access to their contents, both in the face of physical attacks and – most pertinently – from police keeping an eye on their network traffic.
Leaked documents obtained by Motherboard revealed that EncroChat’s phones were modified Android devices, many of them based on the BQ Aquaris X2 – an Android phone released in 2018 by a Spanish electronics company.
Europol said the devices were marketed as guaranteeing perfect anonymity, and came with dual operating systems – a normal one and a hidden one to conduct secret messaging on.
Physical modifications to the devices also meant the camera, microphone, GPS transponder and USB port were removed.
Additionally, users could enter a PIN code which would immediately delete all of the messages on the device – as would happen in the event that wrong passwords were repeatedly entered.
These functions “apparently were specially developed to make it possible to quickly erase compromising messages, for example at the time of arrest by the police”, according to Europol.
“In addition, the device could be erased from a distance by the reseller/helpdesk,” the agency added.
Who used the EncroPhones?
Europol has said the company was “one of the largest providers of encrypted digital communication with a very high share of users presumably engaged in criminal activity”.
“User hotspots were particularly present in source and destination countries for cocaine and cannabis trade, as well as in money laundering centres,” the law enforcement agency added.
In the UK, the NCA said investigators had seized 106 EncroChat mobile handsets during its operation so far and prevented the murder of up to 200 people who were the targets of rival gangs
Users paid £1,600 a month for the devices.
How did you buy one?
Before the company’s website was taken down, it had a page for resellers and for contacting the firm in case people were interested in purchasing one of the devices – but it did not keep an online store.
Vice Motherboard also spoke to a current prison inmate who said they had purchased one of the devices through a contact who ran a shop, although didn’t sell the encrypted phone from those premises but down a side street instead.
Europol described the company as advertising perfect anonymity, even at the point of sale – describing this as “acquisition under conditions guaranteeing the absence of traceability”.
How did the authorities crack down on it?
The encrypted messaging system first came to the attention of the French Gendarmerie in 2017, which said it was regularly finding the phones when conducting operations against organised crime gangs.
They eventually discovered that EncroChat was operating from servers based in France and were eventually able “to put a technical device in place” which allowed them to access the encrypted messages sent over the company’s network.
Although it isn’t clear what this device was, it suggests the investigators were able to deploy some form of technical implant on the network rather than break the encryption protecting the messages in transit.
As the company website is offline, Sky News was unable to contact EncroChat for comment.