EncroChat | |
Founded: | 2016 |
Area Served: | Worldwide |
Industry: | Computer software |
EncroChat was a Europe-based communications network and service provider that offered modified smartphones allowing encrypted communication among subscribers. It was used primarily by organized crime members to plan criminal activities. Police infiltrated the network between at least March and June 2020 during a Europe-wide investigation. An unidentified source associated with EncroChat announced on the night of 12–13 June 2020 that the company would cease operations because of the police operation.[1]
The service had around 60,000 subscribers at the time of its closure.[2] [3] In the UK the National Crime Agency led an operation resulting in over 2,600 arrests and 1,384 criminal charges.[4]
EncroChat[5] handsets emerged in 2016 as a replacement for a previously disabled end-to-end encrypted service.[6] The company had revealed on 31 December 2015 the Version 115 of EncroChat OS, which appears to be the first public release of their operating system.[7] The earliest version of the company's website archived by the Wayback Machine dates to 23 September 2015.[8]
According to a May 2019 report by the Gloucester Citizen, EncroChat was originally developed for "celebrities who feared their phone conversations were being hacked".[9] In the 2015 murder of English mobster Paul Massey, the killers used a similar service providing encrypted BlackBerry phones based on PGP. After the Dutch and Canadian police compromised their server in 2016, EncroChat turned into a popular alternative among criminals for its security-oriented services in 2017–2018.[10] [11]
The founders and owners of EncroChat are not known. According to Dutch journalist Jan Meeus, a Dutch organized crime gang was involved and financed the developers.[12]
Through a marketing strategy of "relentless online advertising",[13] EncroChat rapidly expanded during its four and a half years of existence, benefiting from the closure of its competitors Amsterdam-based PGP Safe (customised BlackBerry)[14] and Ennetcom.[15] The network eventually reached an estimated 60,000 total subscribers at the time of its closure in June 2020. According to the French National Gendarmerie, 90 percent of subscribers were criminals, and the British National Crime Agency (NCA) said it found no evidence of non-criminals using it.
EncroChat first came to the attention of the media when it was revealed that high-profile criminals Mark Fellows and Steven Boyle had been using the encrypted devices to communicate during the May 2018 gangland murder of John Kinsella in Rainhill, England.[16] [17] The service resurfaced in the media during the summer of 2020 after law enforcement announced that they had infiltrated the encrypted network and investigative journalist Joseph Cox, who had been reviewing EncroChat for months, published an exposé in Vice Motherboard.
EncroChat OS | |
EncroChat OS | |
Screenshot Size: | 100px |
Developer: | EncroChat |
Family: | Unix-like (Linux) |
Working State: | Discontinued |
Source Model: | Based on open source Android |
Supported Platforms: | BQ Aquaris X2[18] and others |
The EncroChat service was available for handsets called "carbon units",[19] whose GPS, camera and microphone functions were disabled by the company for privacy reasons.[13] Devices were sold with pre-installed applications, including EncroChat, an OTR-based messaging app which routed conversations through a central server based in France, EncroTalk, a ZRTP-based voice call service, and EncroNotes, which allowed users to write encrypted private notes.[20] They generally used modified Android devices, with some models based on the BQ Aquaris X2 phone hardware, others on Samsung devices, and sometimes on non-Android BlackBerry mobile phones. Devices with EncroChat were able to boot in two modes. When only the power button was pressed to turn the handset on, they booted into a dummy Android home screen. But when the handset was switched on by pressing the power button together with the volume button, the phone booted to a secret, encrypted partition which facilitated secret communication via EncroChat's French servers. A "panic button" feature was available, where a certain PIN inputted to the device via the unlock screen would erase all data on the phone.[21] According to journalist Jurre van Bergen, the IP of EncroChat's server points to French web hosting company OVH. EncroChat's SIM provider was the Dutch telecommunications firm KPN.
EncroChat devices were particularly popular in Europe, although they were also sold in the Middle East and elsewhere in the world. One source told Vice Motherboard that they became the "industry standard" among criminals. They were reported in July 2020 to cost €1,000 (£900) each, then €1,500 (£1,350) for a six-month contract to use EncroChat's service.[22] EncroChat's website says that the firm had resellers in Amsterdam, Rotterdam, Madrid and Dubai, although Cox describes EncroChat as a "highly secretive" firm which "does not operate like a normal technology company". The phones were reportedly bought via a physical transaction which "looked like a drug deal", and at least one case involves an ex-military operative selling devices in Northern Ireland.[23]
The EncroChat encrypted messaging service and the related customized phones were discovered by France's National Gendarmerie in 2017 when conducting operations against organized crime gangs.[24] At the time of the Fellows and Boyle trial in December 2018, the NCA struggled to crack the lock screen passcode, as anything was wiped out after a set number of attempts.
The investigation accelerated in early 2019 after receiving EU funding. At the end of January 2020, a judge in Lille, France, authorized the infiltration of the EncroChat servers.[25] Intelligence and technical collaboration between the NCA, the National Gendarmerie and Dutch police culminated in gaining access to messages after the National Gendarmerie put a "technical tool" on EncroChat's servers in France.[26] The malware allowed them to read messages before they were sent and record lock screen passwords. Messages could be read by law enforcement beginning in April. EncroChat estimated that around 50 percent of devices in Europe were affected in June 2020.
The National Gendarmerie formed a special unit to investigate the hacked information on 15 March 2020, then signed an agreement with the Dutch Police to form a joint investigation team (JIT) on 10 April, co-operating through Eurojust with the support of Europol. The data was distributed by the JIT to other European partners, including the UK, Sweden and Norway. The NCA began to receive information about the content of messages on 1 April 2020, then started to build data analysis technology to automatically "identify and locate offenders by analysing millions of messages and hundreds of thousands of images".[21] The chief of the Dutch National Police Force,, compared the malware to "sitting at the table where criminals were chatting among themselves". In May 2020, the wipe feature was disabled at distance by law enforcement in some units. The company initially tried to push an update in response to what was initially regarded as a bug, but the devices were struck again by malware altering lock screen passwords.
On the night of 12–13 June 2020, once EncroChat suspected the infiltration by law enforcement had occurred, users received a secret message:
A few days later, an "email address long associated with EncroChat" informed Vice Motherboard that the service was shutting down permanently "following several attacks carried out by a foreign organization that seems to originate in the UK"; Cox publicly disclosed excerpts of the email on 22 June.[27] Europol and the National Crime Agency refused to comment at the time. The identity of the persons in charge of EncroChat has not been revealed as of 3 July 2020.[28]
The Europol-supported JIT, code named Emma 95 in France and 26Lemont in the Netherlands, allowed the gathering in real time of millions of messages between suspects. Information was also shared with law enforcement in several countries that were not participating in the JIT, including the UK, Sweden and Norway.[29] [30]
The Dutch police arrested more than 100 suspects and seized more than 8 tonnes of cocaine, around 1.2 tonnes of crystal methamphetamine, 19 synthetic drug laboratories, dozens of guns and luxury cars, and around €20 million in cash.[31] On 22 June 2020 in a property in Rotterdam, authorities found police uniforms, stolen vehicles, 25 firearms, and 25 kg (55 lb) of drugs in a different property. On 22 June 2020, the Dutch police also discovered a "torture chamber" in a warehouse near the town of about 7 km (5 miles) east of Bergen op Zoom. The facility, which was still under construction when discovered, consisted of seven cells made out of sound-proofed shipping containers; torture tools were found including a dentist's chair, hedge trimmers, scalpels and pliers. The place was nicknamed by criminals the "treatment room" or the "ebi", in reference to Extra Beveiligde Inrichting (EBI), a Dutch maximum security prison.[32]
EncroChat probes in Ireland left criminals scrambling for cover.[33] €1.1 million worth of cocaine was seized in an Amsterdam flat, and €5.5 million of cannabis in a trailer in County Wexford, both belonging to Irish gangs.[34] Prominent Irish gang boss Daniel Kinahan was reported to have fled his "safe-haven" of Dubai on 9 July 2020.[35]
Arrests were also made in Sweden. French authorities declined to disclose information publicly about the arrests in July 2020.
In May 2023, "Operation Eureka" led to arrests of 108 people suspected of being involved with 'Ndrangheta in Italy and more than 30 arrests in Germany after 4 years of investigations and having been able to crack EncroChat and SkyEcc.[36]
Operation Venetic | |
Scope: | multinational |
Planned By: | France, United Kingdom |
Initiated By: | France |
Executed By: | National Crime Agency |
Country Names: | United Kingdom, France |
Countries Number: | 2 |
Objective: | To deploy malicious code to the Encrochat devices, and eavesdrop on criminal communications. |
Method: | Network Intrusion Technique (NIT) |
Arrested Number: | 3,100 |
Convictions Number: | 1,240 |
Misc Results: | Seized £54 million in cash, 751Kg (1655 lb) cocaine, |
Operation Eternal | |
Scope: | multinational |
Planned By: | France, United Kingdom |
Initiated By: | France |
Executed By: | U.K. Metropolitan Police Service |
Country Names: | United Kingdom, France |
Countries Number: | 3 |
Suspects Number: | 1,400 |
Arrested Number: | 942 |
Convictions Number: | 426 |
Misc Results: | £19 Million Cash, 49 Firearms, 500 rounds of ammunition, 620kg (1400 lb) Class A drugs |
Operation Venetic was a British national response initiated by the National Crime Agency (NCA). In June 2020, EncroChat had 10,000 users in the UK alone. As a result of the infiltration of the network, UK police arrested 746 individuals, including major crime bosses, intercepted two tonnes of drugs (with a street value at the time in excess of £100 million), seized £54 million in cash, as well as weapons, including submachine guns, handguns, grenades, an AK-47 assault rifle, and more than 1,800 rounds of ammunition.[22] [37] More than 28 million tablets of the sedative Etizolam were found in a factory in Rochester, Kent.[38] Additionally, 354 kg (780 lb) of cocaine were seized by the Eastern unit in Essex and East Anglia, and 233 kg (514 lb) by the West Midlands unit. Police Scotland seized 164 kg (362 lb) of cocaine, £200,000 of cannabis and £750,000 in cash in several busts. In May 2020, police found two suitcases containing £1.1 million in Sheffield.
The legality of the Targeted Equipment Interference (TEI) warrant (91-TEI-0141-2020) was questioned[45] due to the unorthodox nature of the warrant as well as the legal arguments in the affidavit in application of a TEI warrant. There is nothing new in arguing the merits of obtaining the identities of the users of a system and bringing them to justice. Neither is it particularly foreign to exaggerate the number of criminals that will be arrested or downplay the number of innocent people that will be affected by the intrusion, however unethical that method may be. However, in this warrant the NCA essential indicated that if the warrant wasn't granted, then the French would proceed with the operation anyway, and the NCA would be exposed as culpable as to having violated civil and criminal statutes in the United Kingdom. (see page 9) "...there is a significant risk that the NCA is encouraging an offense under the CMA, which may amount to an offence under ss. 44, 45, 46 of the Serious Crime Act 2007 (the "SCA 2007)"..."[46] In other words, the NCA's arguments for obtaining the warrant was, "if you don't grant this, we could be prosecuted for criminally participating in the hacking of United Kingdom citizens devices." After granting the initial warrant, amendments to the initial warrant were requested on 24 March 2020 to allow for the scanning of wireless access points available to the Encrochat devices.[46]
An Investigatory Powers Tribunal (IPT) into the Operation Venetic was conducted from September 2022 to May 2023. The defense barristers accused the NCA of "Deliberately concealing" information when it applied for the EncroChat warrants. In addition to the issues surrounding the text of the TEI warrant, the defense attorneys argued that the application for a TEI warrant vs. a TI warrant was in of itself a "serious and fundamental error" and the position was "tenuous at best". “The NCA started with the result they wanted and tried to fit that into the Investigatory Powers Act. They wanted a TEI and nothing else,” a barrister acting for complainants told the court. “Their motive was understandable. They wanted to make the intercept available in court.”
The Investigatory Powers Tribunal (IPT) concluded that the National Crime Agency (NCA) did not deliberately conceal information from the Judicial Commissioner when applying for the Targeted Equipment Interference (TEI) warrant. The tribunal found that the NCA's actions were lawful and that they were not wrong in seeking a TEI warrant instead of a Targeted Interception (TI) warrant. The tribunal dismissed various claims and complaints, declaring that the TEI warrant was lawfully issued and that the NCA did not fail in its duty of candor.[47]
Operation Eternal, the London Metropolitan Police arm of the EncroChat operation, described itself as "the most significant operation the Metropolitan Police Service has ever launched against serious and organised crime". Around 1,400 EncroChat users were based in London at the time of its closure in June 2020. The Metropolitan Police seized more than £13.4 million in cash, 16 firearms, more than 500 rounds of ammunition, 620 kg (1400 lb) of Class A drugs, and arrested 171 people.[48] As of 8 July 2020, 113 of them have been charged; 88 face charges of conspiracy to supply Class A drugs, and 16 have been charged with firearms offences.
In September 2020 nine people were arrested after raids in Brighton, Portslade, Kent, and London linked to Operation Eternal.[49] Three men were arrested in Brighton and Portslade, five men and a woman in Kent and London.[49] They were arrested for a variety of charges, including conspiracy to supply cocaine.[49] Police seized 10 kg (20 lb) of Class A drugs and £60,000.[49]
By 9 October 2023, Operation Eternal had led to 942 arrests and 426 convictions with a combined prison sentences of 3,722 years. Around £19 million in cash had been seized along with more than three tonnes of class A and B drugs and 49 guns.[50]
On 21 May 2021, Carl Stewart of Gem Street, Liverpool was sentenced to 13 years and 6 months at Liverpool Crown Court after pleading guilty to attempting to smuggle cocaine, heroin, MDMA and ketamine, as well as transferring criminal property.[51] He had used EncroChat to transfer large amounts of class A and B drugs under the alias "ToffeeForce"[51] (a reference to Everton F.C.[51]). He was identified from a photo he had sent via Encrochat showing his hands holding a block of Blue Stilton.[51] Police were able to identify him via his fingerprints in the photo.[51]
Vincent Coggins, a boss in the Huyton Firm organized crime group, used EncroChat, and was jailed for 28 years.[52]
In July 2024, former Gibraltar international footballer Jason Pusey was sentenced to 11 years in prison for his involvement in a large-scale drug operation, coordinating the supply of significant quantities of cocaine, ketamine, and cannabis.[53]