BleepingComputer.com logo Search Site LOGIN SIGN UP NEWS DOWNLOADS VIRUS REMOVAL GUIDES TUTORIALS DEALS FORUMS MORE HomeNewsSecurityHundreds arrested after encrypted messaging network takeover 3045 Hundreds arrested after encrypted messaging network takeover By Sergiu Gatlan July 2, 2020 11:01 AM 0 Hundreds arrested after encrypted messaging network takeover European law enforcement agencies arrested hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden after infiltrating the EncroChat encrypted mobile communication network used by organized crime groups. EncroChat phones used by international criminal networks around the world to exchange encrypted data and millions of messages came with dual operating systems (Android OS and the EncroChat OS). They also provided users with self-destruct messages, panic and password wipe, Secure Boot, tamper-proofing, and a brute force resistant FIPS 140-2 certified hardware cryptographic engine. EncroChat devices could also be remotely erased by the reseller or helpdesk on customer notice. EncroChat sold the cryptophones for roughly €1,000 each all over the world and customers could get six-month worldwide coverage subscriptions at a cost of €1,500 EUR with 24/7 support. According to the UK National Crime Agency (NCA), EncroChat had roughly 60,000 users worldwide with 10,000 of them active only in the UK. Organized crime groups takedown The operation was a joint effort of French and Dutch law enforcement agencies and judicial authorities who were able to dismantle EncroChat with the assistance of Europol and Eurojust. After infiltrating the EncroChat network, the joint investigation team (JIT) was able to "intercept, share and analyze millions of messages that were exchanged between criminals to plan serious crimes," information that was examined by the Europol and shared with JIT partners the information exchange to concerned countries." "A large number of suspects have also been arrested in several countries which were not participating in the JIT but particularly affected by the illegal use of these phones by individuals active in organised crime, including in the UK, Sweden and Norway," the Europol said. "Many of these investigations were connected with international drug trafficking and violent criminal activities." The information has already been relevant in a large number of ongoing criminal investigations, resulting in the disruption of criminal activities including violent attacks, corruption, attempted murders and large-scale drug transports. Certain messages indicated plans to commit imminent violent crimes and triggered immediate action. The information will be further analysed as a source of unique insight, giving access to unprecedented volumes of new evidence to profoundly tackle organised criminal networks. - Europol The joint operation, known in France as Emma 95 and as Lemont in the Netherlands, allowed law enforcement to monitor the communications between thousands of suspects and the rest of hundreds all over the EU. In the Netherlands, "[t]he investigation has so far led to the arrest of 60 suspects, the seizure of drugs (more than 10 000 kilo cocaine, 70 kilo heroin, 12 000 kilo cannabis, 1 500 kilo crystal meth and 160 000 liter of a substance used to produce synthetic drugs), the dismantling of 19 synthetic drugs labs, the seizure of dozens of (automatic) fire weapons, expensive watches and 25 cars, including vehicles with hidden compartments, and almost EUR 20 million in cash." In the UK, the NCA, Regional Organised Crime Units (ROCUs), and police forces used the information provided by the JIT to arrest 746 suspects as part of UK’s biggest ever law enforcement operation dubbed Operation Venetic and seized: Over £54 million in criminal cash 77 firearms, including an AK47 assault rifle, submachine guns, handguns, four grenades, and over 1,800 rounds of ammunition More than two tonnes of Class A and B drugs Over 28 million Etizolam pills (street Valium) from an illicit laboratory 55 high-value cars, and 73 luxury watches Encrochat takeover Image: Europol How EncroChat was dismantled French Gendarmerie and judicial authorities started investigating EncroChat in 2017 after finding that these devices — using French servers — were being regularly seized in operations targeting organized crime. "Eventually, it was possible to put a technical device in place to go beyond the encryption technique and have access to the users' correspondence," the Europol explained. In April 2020 a joint investigation team (JIT) was created between France and the Netherlands, with the support of Dutch and French Desks at Eurojust and Europol. Coordination meetings following the JIT's creation also involved other countries that weren't JIT members, including Norway, Spain, Sweden, and the UK. EncroChat Image: Europol The operation ended on June 13, 2020, when the group behind the EncroChat network realized that the platform was infiltrated by law enforcement agents. On that day, EncroChat sent a warning to all users advising them to urgently throw away their phones and proceeded to shut down the servers. EMERGENCY FOR ENCRO USERS: Today, we had our domain seized illegally by government entities. They re-purposed our domain to launch a malware campaign against the carbon to weaken its security. Due to the level of sophisticaction of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack. You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe (due to updater schedule). - Warning send to EncroChat users "While the activities on EncroChat have been stopped, this complex operation shows the global scope of serious and organized crime and the connectivity of criminal networks who use advanced technologies to cooperate on a national and international level," the Europol said. "The effects of the operation will continue to echo in criminal circles for many years to come, as the information has been provided to hundreds of ongoing investigations and, at the same time, is triggering a very large number of new criminal investigations of organized crime across the European continent and beyond." Related Articles: InfinityBlack hacker group dismantled by European authorities Admin of carding portal behind $568M in losses pleads guilty Owner of Cardplanet credit card market gets 9 years in prison European victims refuse to bow to Thanos ransomware China Routed Traffic from European Carriers for Two Hours Top Articles Surge of MongoDB ransom attacks use GDPR as extortion leverage READ MORE CRIMINAL ACTIVITY CYBERCRIME EU EUROPE EUROPOL SERGIU GATLAN Sergiu Gatlan is a reporter who covered cybersecurity, technology, Apple, Google, and a few other topics at Softpedia for more than a decade. Email or Twitter DMs for tips. PREVIOUS ARTICLE NEXT ARTICLE Post a Comment Community Rules You need to login in order to post a comment Login Not a member yet? Register Now You may also like: POPULAR STORIES Business giant Xerox allegedly suffers Maze Ransomware attack Microsoft releases urgent security updates for Windows 10 Codecs bugs NEWSLETTER SIGN UP To receive periodic updates and news from BleepingComputer, please use the form below. Email Address... Submit NEWSLETTER SIGN UP Email Address... SUBMIT Follow us: MAIN SECTIONS News Downloads Virus Removal Guides Tutorials Startup Database Uninstall Database File Database Glossary COMMUNITY Forums Forum Rules Chat USEFUL RESOURCES Welcome Guide Sitemap COMPANY About BleepingComputer Contact Us Send us a Tip! Advertising Write for BleepingComputer Social & Feeds Changelog Terms of Use - Privacy Policy Copyright @ 2003 - 2020 Bleeping Computer® LLC - All Rights Reserved