Euro Security Watch with Mathew J. Schwartz

Cybercrime , Endpoint Security , Fraud Management & Cybercrime

Encrypted EncroChat Network: Police Arrest More Suspects

'Industrial-Scale Cocaine Lab' Seizure Traces to Users of Defunct EncroChat Service
Encrypted EncroChat Network: Police Arrest More Suspects
Evidence seized by Dutch police in their raids (Photo: Europol)

More customers of the now defunct encrypted communications service EncroChat are getting busted by police.

See Also: Realities of Choosing a Response Provider

EncroChat previously sold smartphones for about $1,000, with a six-month service plan costing $1,700.

Police say criminals widely used the service to coordinate illegal activities. "EncroChat phones were presented to customers as guaranteeing perfect anonymity," according to Europol, the EU's law enforcement agency.

Unfortunately for users of EncroChat, the service continues to fail to deliver.

Europol says the crime syndicate operated "an industrial-scale cocaine laboratory" in Rotterdam hidden inside a building that also housed a garage for customizing distribution vehicles.

On May 26, Dutch police raided multiple addresses in The Hague and Rotterdam, where they uncovered "an industrial-scale cocaine laboratory," which was "hidden in a building also housing a garage used by criminals to customize vehicles with secret compartments to transport drugs across Europe," Europol says.

The drug laboratory and garage were operated by the same gang, and one of its members was arrested in Rotterdam on a European Arrest Warrant the same day, Europol reports.

The EU law enforcement agency says the members of the criminal syndicate were identified as a result of the French and Dutch-led investigation into the EncroChat network.

On March 31, meanwhile, the French Gendarmerie deployed 450 officers against the same gang in a series of raids around Marseille, leading to the seizure of $3.7 million worth of cannabis resin, $4 million in cash and $6 million worth of cocaine, as well as the arrest of eight gang members.

Europol says the French investigation "was able to trace back the cocaine to the underground laboratory" located last week in Rotterdam.

EncroChat-Using Suspects

Dutch SWAT teams and specialized dogs assisted in the May 26 raids.

Clearly, police are continuing to use intelligence gleaned from their infiltration of the EncroChat network to identify and probe suspects.

"EncroChat has enabled law enforcement agencies to identify a number of people of interest and, whilst there may not have been enough evidence to arrest them in the first wave, those cases are now reaching the stage where they will lead to more arrests," says cybercrime expert Alan Woodward, a visiting professor of computer science at the University of Surrey.

That's despite EncroChat phones and software having been designed to hide their owners' identities, locations and other personally identifying details, according to Europol. Before being sold, the EncroChat smartphones - all Android models - were modified to have no SIM card, camera, microphone, GPS capability or working USB port. Devices included dual operating systems, with the encrypted interface being hidden so as not to be easily detectable. The devices also offered automatic deletion of all messages on a recipient's device as well as the ability to remotely erase all data.

Law enforcement officials first began probing the service in 2017, and by April 2020, police appear to have successfully pushed malware onto some users' devices, giving them the ability to intercept supposedly untraceable chat messages and images, as Vice has reported.

After discovering the intrusion, EncroChat in June 2020 announced that its infrastructure had been breached, and it shut down operations, warning all users to get rid of their phones.

EncroChat's operators shut the service down on June 13, 2020, after discovering police had penetrated the network, and warned all users to immediately discard their EncroChat smartphones. (Source: Europol)

By July 2020, authorities said that gaining access to the EncroChat network had led to more than 100 arrests in the Netherlands, where more than 8,000 kilos of cocaine and 1,200 kilos of crystal meth were confiscated, 19 drug labs were destroyed and firearms and vehicles were seized. Britain's National Crime Agency reported 746 arrests, along with the seizure of 54 million pounds ($77 million) in cash, 77 firearms and over two tons of illegal narcotics, as well as the disruption of 200 "threats to life," including kidnappings and planned executions of rival gang members.

Police Infiltrate Encrypted Networks

Numerous governments and law enforcement agencies have continued to warn that encrypted services - including Facebook Messenger and WhatsApp - help criminals evade police scrutiny by "going dark." But as the disruption of several encrypted messaging platforms has shown, police have the ability to penetrate such services.

Indeed, after the EncroChat disruption, a Belgian underworld source told newspaper Gazet van Antwerpen that "almost everyone in Antwerp switched from EncroChat to Sky" after the takedown, referring to a rival cryptophone service.

In March, however, law enforcement officials disrupted Sky, with investigators reportedly having gained the ability to "unlock" the 3 million daily messages of the 170,000 users of the service.

The same month, the U.S. Department of Justice unveiled an indictment charging the two Canadians who ran the service with conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act, aka RICO, by running an "illicit secret communications network" for criminals.

According to the indictment, the suspects practiced an “ask nothing/do nothing” approach to any reports of criminality tied to the service and hid the company's profits using shell companies and bitcoin cryptocurrency.

No doubt, investigators are continuing to mine the messages traded by Sky users for signs of criminal activity.

"If EncroChat showed anything, it was that criminals need to be looking over their shoulder as the law enforcement agencies will not simply give up," University of Surrey's Woodward tells me. "They will look for other ways to repeat the success they had with EncroChat. It may not follow the same pattern, but law enforcement agencies are learning to be innovative, just as the criminals are. Add to this the power of working internationally, and I think we’ll see some more surprises."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.