Police ‘Crack’ EncroChat Encryption, Resulting In Hundreds Of Arrests

The National Crime Agency (NCA) and British police have taken part in the UK’s “biggest ever law enforcement operation.”

Authorities in the UK and Europe ‘infiltrated’ a French-based secure messaging system called EncroChat.

The cracking of the EncroChat has resulted in the arrest of 746 suspected criminals, and the seizure of two tonnes of drugs, as well as 77 guns (including AK47s) and £54m in ‘criminal cash’.

Encryption cracked

EncroChat is an encrypted phone system that was thought to be unhackable.

The service sold encrypted phones with a guarantee of anonymity, with a range of special features to remove identifying information.

Each Android phone cost roughly £900 (€1,000) each, with a subscription costing upwards of £3,000 a year.

Essentially, EncroChat offered an instant messaging service and included features such as self-destructing messages that are deleted from the recipient’s device after a certain length of time, as well as a panic wipe, where all the data on the device can be deleted by entering a four-digit code from the lock-screen.

Suffice it to say, it seems that EncroChat appealed mostly to the criminal element.

“UK law enforcement has made a massive breakthrough in the fight against serious and organised crime after the takedown of a bespoke encrypted global communication service used exclusively by criminals,” said the NCA.

“EncroChat was one of the largest providers of encrypted communications and offered a secure mobile phone instant messaging service, but an international law enforcement team cracked the company’s encryption,” it said.

That is a very significant admission that law enforcement was able to crack the encryption of the platform (it is not clear what type of encryption was used), and confirms long standing suspicion that authorities do have the ability to crack some forms of encryption.

Criminal communication

According the NCA, EncroChat had 60,000 users worldwide and around 10,000 users in the UK.

Its “sole use was for coordinating and planning the distribution of illicit commodities, money laundering and plotting to kill rival criminals,” the NCA said.

“Since 2016, the National Crime Agency has been working with international law enforcement agencies to target EncroChat and other encrypted criminal communication platforms by sharing technical expertise and intelligence,” it said. “Two months ago this collaboration resulted in partners in France and the Netherlands infiltrating the platform. The data harvested was shared via Europol.”

“Unbeknown to users the NCA and the police have been monitoring their every move since then under Operation Venetic – the UK law enforcement response,” the NCA said. “Simultaneously, European law enforcement agencies have also been targeting organised crime groups.

The EncroChat servers in France have now been shut down, and the NCA described Operation Venetic as the biggest and most significant operation of its kind in the UK.

The NCA said that a specialist NCA team, working closely with policing partners, prevented rival gangs carrying out kidnappings and executions on the UK’s streets by successfully mitigating over 200 threats to life.

“The infiltration of this command and control communication platform for the UK’s criminal marketplace is like having an inside person in every top organised crime group in the country,” said NCA Director of Investigations Nikki Holland.

“This is the broadest and deepest ever UK operation into serious organised crime,” Holland added. “The NCA is proud to have led the UK part of this operation, working in partnership with policing and other agencies. The results have been outstanding but this is just the start.”

Intelligence agencies

The huge success of the operation also drew praise from the government.

“This operation demonstrates that criminals will not get away with using encrypted devices to plot vile crimes under the radar,” said Home Secretary Priti Patel.

“The NCA’s relentless targeting of these gangs has helped to keep us all safe,” said Patel. “I congratulate them and law enforcement partners on this significant achievement.”

“I will continue working closely with the NCA and others to tackle the use of such devices – giving them the resources, powers and tools they need to keep our country safe,” she added.

The success of the operation, and the fact that authorities were able to crack EncroChat’s encryption, should not come as a surprise.

Back in 2013, leaks from Edward Snowden hinted that US and UK intelligence agencies had covertly implanted zero-day flaws in widely used security software and broken encryption used by the most popular websites and online services.

It is thought the American NSA and British GCHQ already have the supercomputing power to crack 512-bit encryption in just a few minutes.

The NSA is widely believed to be capable of breaking 1024-bit encryption as well.

Do you know all about security? Try our quiz!