Police forces across Europe celebrated their EncroChat infiltration on Thursday, disrupting international organized crime networks that used the company’s encrypted phones.
In the UK, authorities arrested 746 suspects high-level criminals believed to be involved in murders, arms trafficking and drug trafficking and seized 54 million pounds in cash and 1.5 tons of cocaine.
Similar operations have been conducted across Europe, following intelligence derived from police access to millions of messages sent using the encrypted messaging network in the past five months.
Who was behind EncroChat?
The identities of the people who manage EncroChat are currently unknown.
The National Crime Agency (NCA) reported to Sky News that the company itself has not been accused of criminal activity, but that its platform has been used by criminals.
Following the police action, someone who introduced himself as a company representative told Vice Motherboard that he was closing their service to protect their customers.
“Our main priority has always been the integrity and security of our customers, and when we can no longer guarantee it, we have no choice but to close the service even if it destroys our business,” they said.
What is an EncroPhone?
The encrypted telephony industry generally advertises its phones as being able to resist legitimate attempts to gain access to their content, both in the face of physical attacks and, above all, by the police who keep an eye on traffic of network.
Leaked documents obtained from the motherboard revealed that the EncroChat phones were modified Android devices, many of them based on the BQ Aquaris X2 – an Android phone released in 2018 by a Spanish electronics company.
Europol said that the devices were marketed as a guarantee of perfect anonymity and are equipped with two operating systems: a normal one and a hidden one on which to send secret messages.
Physical changes to the devices also resulted in the removal of the camera, microphone, GPS transponder and USB port.
In addition, users could enter a PIN code that would immediately delete all messages on the device, as would happen if incorrect passwords were repeatedly entered.
These functions “apparently have been specially developed to allow the rapid erasure of compromising messages, for example at the time of arrest by the police”, according to Europol.
“In addition, the device could be wiped remotely by the reseller / helpdesk,” added the agency.
Who used the EncroPhones?
Europol said the company is “one of the largest providers of encrypted digital communications with a very high percentage of users allegedly engaged in criminal activities”.
“User hotspots were particularly present in the countries of origin and destination for the trade in cocaine and cannabis, as well as in money laundering centers,” added the police agency.
In the UK, the ANC stated that investigators had seized 106 EncroChat mobile phones during its operation so far and have prevented the murder of up to 200 people who were targeted by rival gangs.
Users paid £ 1,600 per month for the devices.
How did you buy one?
Before the company’s website was removed, it had a page for resellers and for contacting the company in case people were interested in purchasing one of the devices, but did not maintain an online store.
Vice Motherboard also spoke to an inmate who said he purchased one of the devices through a contact who ran a store, although he did not sell the encrypted phone from those premises, but in a side street.
Europol described the company as a perfect advertising anonymity, even in the store, describing it as “acquisition in conditions that guarantee the absence of traceability”.
How did the authorities crack down on him?
The encrypted messaging system first came to the attention of the French Gendarmerie in 2017, which said it was regularly finding phones during operations against organized criminal gangs.
Eventually they found that EncroChat operated from a French-based server and were eventually able to “put in place a technical device” that allowed them to access the encrypted messages sent over the corporate network.
Although it is unclear what this device was, it suggests that investigators were able to deploy some form of technical installation on the network rather than stop the encryption that protects messages in transit.
Since the company’s website is offline, Sky News was unable to contact EncroChat for comment.