EU hacking operation ‘like having an inside person in every top organised crime group’

Electronic decryption and methods will benefit Garda hugely

Cash seized in Operation Venetic, an investigation on Encrochat, a military-grade encrypted communication system used by organised criminals trading in drugs and guns. Photograph:  WMROCU/PA
Cash seized in Operation Venetic, an investigation on Encrochat, a military-grade encrypted communication system used by organised criminals trading in drugs and guns. Photograph: WMROCU/PA

In the last decade, law enforcement has been engaged in an technological arms race with criminal gangs constantly trying to find new ways of communicating without being spied on.

Irish gangland criminals, including the now Dubai-based Kinahan gang, have in the past primarily relied upon PGP (Pretty Good Privacy) phones to do business.

These devices, essentially heavily modified Blackberry phones, are almost impossible to break into without the proper code. As an added layer of security, the Kinahans were known to distribute new PGP phones, which cost about €1,500 each, to senior gang members every few weeks.

The Garda Cyber Crime Bureau is seeking to spend about half a million euro on a “decryption suite” to break into “electronic devices, mobile phones and electronic files”.
The Garda Cyber Crime Bureau is seeking to spend about half a million euro on a “decryption suite” to break into “electronic devices, mobile phones and electronic files”.
French police estimated up to 90 per cent of the Encrochat  network’s 60,000 users were criminals.
French police estimated up to 90 per cent of the Encrochat network’s 60,000 users were criminals.

The devices proved so hard to crack that senior gardaí called for the introduction of new laws allowing investigators to demand passcodes from suspects on arrest.

READ SOME MORE

As far as these devices are concerned, the only major intelligence victory recorded by gardaí was when one quick-thinking officer used his own phone to photograph a message on the PGP device of Imre Arakas immediately after the hitman's arrest in 2017. Seconds later the message was remotely deleted, presumably by the person issuing orders to the Estonian to murder James "Mago" Gately.

Other than these rare intelligence coups, encrypted devices largely remained a black box for law enforcement agencies. However a sophisticated operation led by French police and revealed this week has changed that dynamic significantly.

The operation targeted Encrochat, a service which shares many of the same features as PGP but which was viewed, until last month at least, as being significantly more secure.

The phones, costing about €1,000 each, are Android devices, with the camera, microphone and GPS removed. Users must then sign up for the secure messaging service at a cost of €1,500 every six months.

Perceived impenetrability

The devices can only send text and images, no phone calls. Messages are encrypted on the device before being sent over the network, making them all but impossible to intercept. The devices are not available for general sale; usually a prospective buyer has to be recommended by an existing user.

Such was the perceived impenetrability of the service, criminals used it with impunity to plan murders, send photographs of weapons consignments and negotiate large drug deals.

French police estimated up to 90 per cent of the network’s 60,000 users were criminals.

Then, in the middle of the coronavirus pandemic, gangs started to notice more drug shipments than usual being seized and that their members were being arrested with increasingly regularity.

In the Netherlands alone, police arrested 100 suspects, seized 8,000kg of cocaine and dozens of automatic weapons and shut down 19 synthetic drug labs.

In the UK, the National Crime Agency (NCA) arrested 746 people and stopped 200 planned murders.

These developments can all be traced back to a French-led operation to infiltrate and dismantle Encrochat using technology never previously employed. The French used Encrochat’s own network to upload a malware virus which then intercepted and read the messages on the device before they could be encrypted and transmitted.

The infiltration began as far back as April, meaning millions of messages were intercepted. These were then filtered by the French and Dutch authorities and shared with police agencies across the EU.

The interceptions only came to an end in mid-June when Encrochat realised its security had been breached.

In a message to users, Encrochat said: “Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device.” It advised users to “power off and physically dispose your device immediately”.

Encrochat infiltration

It is difficult to overstate the impact of the Encrochat infiltration. “It was as though we were sitting at the table where criminals were chatting among themselves really,” said Dutch police chief Jannine van den Berg.

A senior NCA official compared it to “having an inside person in every top organised crime group in the country”, adding that it was “broadest and deepest-ever UK operation into serious organised crime”.

In the UK, it has already led to the arrests of police officers and officials, and seemingly legitimate businessmen.

However, the operation raises questions for privacy and civil liberties campaigners. Encrochat is a legal service and it is not a crime to own a device. The French say the seemingly indiscriminate nature of the interceptions are legal under French law but this will surely be tested once cases start coming to trial.

The arrests to date may be only the tip of the iceberg. Authorities are still sifting through the data trove and many more operations are likely in the pipeline.

However it remains to be seen what impact, if any, the infiltration will have on organised crime operations in Ireland.

This week the Garda declined to answer questions, as did Europol, the agency which helped co-ordinate the operation. Senior gardaí have privately briefed that no arrests are expected in the immediate future on foot of the infiltration .

However, Garda intelligence focused units are notoriously secretive, even more so than their counterparts on the continent.

There has been an unmistakable uptick in significant arrests and drugs seizures by gardaí in recent weeks. If Encrochat was the source for some of these it would not be surprising if gardaí wanted to keep that fact quiet for as long as possible.

Gang dismantling

It is also tempting to speculate that Encrochat was on the mind of Assistant Garda Commissioner John O’Driscoll on Monday when he promised further operations were in train to dismantle the Kinahan gang.

There have already been arrests north of the Border as a result of the breach where five people are in custody facing a total of 44 charges, including conspiracy to murder.

Information is being shared with the Garda. It is fair to say that, given the use of Encrochat by Irish criminals and the interconnected nature of modern organised crime, some of it is sure to prove useful.

In recent years, Garda units, including the Special Detective Unit, the Drugs and Organised Crime Bureau and the National Surveillance Unit, have quietly upgrade surveillance technology.

Most of this remains a closely guarded secret, but some fruits have been seen, including the conviction of nine men for planning the murder of Patrick Patsy Hutch in 2018, which heavily depended on electronic surveillance.

However, given the relative small size of the organisation, something like the Encrochat operation remains firmly outside of the Garda’s abilities, though there are ongoing efforts to bridge the gap.

According to a tendering document, the Garda Cyber Crime Bureau is seeking to spend about half a million euro on a "decryption suite" which will be used to break into "electronic devices, mobile phones and electronic files".

Until now the bureau has mainly relied on off-the shelf decryption technology to break into seized devices and extract evidence, often with mixed results.

“The necessity for an enhanced decryption ability is becoming increasingly important as, going forward, mobile phone devices move progressively towards whole device encryption,” the document states. “It is now considered a strategic imperative within this bureau that a robust decryption solution is available within the forensic process.”

Conor Gallagher

Conor Gallagher

Conor Gallagher is Crime and Security Correspondent of The Irish Times