Dutch Police Crack ‘BlackBerry PGP’ Handsets

Decrypted messages used to prosecute drug runner, according to report

The Netherlands’ national forensics agency has confirmed it is able to read messages sent from BlackBerry devices protected with PGP encryption, after evidence taken from such a device was reportedly used to help successfully prosecute a suspect in a Dutch drugs transport case last month.

The Netherlands Forensics Institute’s (NFI) disclosure sheds light on the encryption arms race between law enforcement agencies and those seeking to conceal their communications using encryption.

Encryption cracked

Law enforcement bodies, including those in the UK, have criticised the rapid expansion of encrypted communications as hindering the efforts of security services.

The NFI confirmed in a statement that it has the ability to decode encrypted messages stored on “BlackBerry PGP” handsets, as they are known – BlackBerry devices sold by third parties customised with PGP encryption tools co-developed by PGP and BlackBerry, and connected via third-party BES servers. The agency declined to provide further details.

PGP advertises the technology involved, called PGP Support Package for BlackBerry, as a way of securing emails between any PGP-enabled sender and recipient mobile device or desktop client.

The devices are widely used by criminals to organise illegal activities, according to law enforcement authorities.

Last month Dutch blog Misdaadnieuws (Crime News) published what it called confidential documents disclosing that the NFI was using technology developed by Israel-based mobile tools maker Cellebrite to decrypt messages on BlackBerry PGP handsets.

In a case cited as an example in the documents, the NFI said it was able to decipher 279 out of the 325 encrypted messages stored on a BlackBerry PGP device, according to Crime News.

A court in East Brabant in early December 2015 sentenced a defendant to five years in prison based in part on evidence obtained from a BlackBerry PGP device, the blog reported.

Code-breaking tools

The NFI used Cellebrite’s Universal Forensic Extraction Device (UFED) technology, according to Crime News, which identified a specific version of a desktop tool called UFED4PC. The NFI’s disclosure was also reported by online industry journal Motherboard.

UFED devices are widely used by government and military agencies to extract and decrypt data from mobile devices, with The Guardian reporting in 2009 that up to 35 of the 43 police forces in England and Wales use them. In December 2014 BBC crime drama The Fall featured the decryption of mobile data by investigators using UFED technology as a key dramatic point.

In July of last year Cellebrite stated that its UFED forensics products were “widely used” by US federal government bodies. Cellebrite claims to have government, corporate security and private investigative agency customers in more than 100 countries.

The technique used doesn’t involve intercepting communications, but rather extracting and decrypting data from the device itself, with the most thorough method involving making a bit-for-bit copy of everything in the device’s memory, from which users can recover deleted data and decipher encrypted messages, according to Cellebrite.

Security at stake

UFED products are able to handle data from most mobile device makers, but BlackBerry devices have a particular reputation for security, being widely used by government customers. Cellebrite claims to have been the first to enable physical extraction and decoding of the flash memory in BlackBerry devices.

The debate over encryption goes beyond law enforcement, with many claiming that civil liberties are at stake. Apple has argued that government efforts to ensure their access to encrypted communications weaken security for all users.

Campaign group Liberty has argued that the broad use of UFED devices by British police to recover data from suspects’ mobile devices step beyond laws originally designed to enable searches of clothes and handbags.

The group called for legislation to be updated to clarify when police are entitled to extract mobile phone data and to ensure legal safeguards.

Are you a security pro? Try our quiz!