3 July 2020

European police dismantle EncroChat encrypted phone network


European police dismantle EncroChat encrypted phone network

In what appears to be one of the largest law enforcement operations to date, European police in cooperation with Europol and Eurojust dismantled EncroChat, an encrypted phone network widely used by criminal networks.

Over the last few months the law enforcement agencies have been intercepting messages exchanged between criminals to plan serious crimes. By infiltrating the encrypted communications platform the police across Europe gained access to millions of messages leading to arrests of hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden.

EncroChat’s website described its service as a “user-friendly secure instant messaging client” with “guaranteed security” using end-to-end encryption and servers that never store messages, users data or keys used to decipher exchanges. EncroChat phones sold to customers came with dual operating systems (Android OS and the EncroChat OS) and multiple functions designed to provide anonymity, such as encrypted interface, Secure Boot, tamper-proofing, and a brute force resistant FIPS 140-2 certified hardware cryptographic engine, automatic deletion of messages on the terminals of their recipients, specific PIN code used for the immediate deletion of all data on the device.

An investigation into EncroChat platform began in 2017, when the French Gendarmerie and judicial authorities discovered that EncroChat phones were regularly used by organized crime groups and that the company was operating from servers in France.

“Eventually, it was possible to put a technical device in place to go beyond the encryption technique and have access to the users' correspondence,” the Europol said.

In April 2020 a joint investigation team (JIT) was created between France and the Netherlands, with the support of Dutch and French Desks at Eurojust and Europol.

As part of a joint operation, which went in France under the code name “Emma 95” and in the Netherlands was known as “Lemont”, the police officers monitored the communications between thousands of suspects, which resulted in the arrest of 60 suspects in the Netherlands, the seizure of drugs and the dismantling of 19 synthetic drugs labs.

The operation ended on June 13, 2020, when EncroChat realized that the police has compromised the platform. The company then sent a warning to all its users advising them to immediately dispose of the phones.

Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024