European police hacked encrypted phones used by thousands of criminals

It led to one of the largest law enforcement busts ever.

xijian via Getty Images

In one of the largest law enforcement busts ever, European police and crime agencies hacked an encrypted communications platform used by thousands of criminals and drug traffickers. By infiltrating the platform, Encrochat, police across Europe gained access to a hundred million encrypted messages. In the UK, those messages helped officials arrest 746 suspects, seize £54 million (about $67 million) and confiscate 77 firearms and two tonnes of Class A and B drugs, the National Crime Agency (NCA) reported. According to Vice, police also made arrests in France, the Netherlands, Norway and Sweden.

Encrochat promised highly secure phones that, as Vice explains, were essentially modified Android devices. The company installed its own encrypted messaging platform, removed the GPS, camera and microphone functions and offered features like the ability to wipe the device with a PIN. The phones could make VOIP calls and send texts, but they did little else. They ran two operating systems, one of which appeared normal to evade suspicion. Encrochat used a subscription model, which cost thousands of dollars per year, and users seemed to think that it was foolproof.

Law enforcement agencies began collecting data from Encrochat on April 1st. According to the BBC, the encryption code was likely cracked in early March. It’s not clear exactly how officials hacked the platform, which is now shut down.

It’s not unusual for criminals to communicate via encrypted apps and devices. In 2018, the FBI arrested Vincent Ramos, the CEO of Phantom Secure, a company that was selling custom BlackBerrys to drug cartels. When Ramos pleaded guilty, he admitted that the encrypted handsets were used to facilitate sales of cocaine, heroin and methamphetamines and that Phantom Secure remotely wiped the devices if they were obtained by law enforcement.

In the US, politicians promoting the EARN IT Act want to penalize companies for using end-to-end encryption. In theory, that may prevent platforms like Encrochat and Phantom Secure, but the bill would make changes to Section 230 of the Communications Decency Act, and doing that could have far-reaching consequences. For starters, it might lead to social media platforms censoring anything that might prompt a legal challenge -- or shutting down altogether.

For now at least, we can be happy that officials busted Encrochat users. In addition to the arrests, police in the UK say they prevented kidnappings and executions, “mitigating over 200 threats to life.”

“Together we’ve protected the public by arresting middle-tier criminals and the kingpins, the so-called iconic untouchables who have evaded law enforcement for years, and now we have the evidence to prosecute them,” NCA Director of Investigations Nikki Holland said in a statement.