Show vulnerabilities with patch / with exploit
3 July 2020

European police dismantle EncroChat encrypted phone network


European police dismantle EncroChat encrypted phone network

In what appears to be one of the largest law enforcement operations to date, European police in cooperation with Europol and Eurojust dismantled EncroChat, an encrypted phone network widely used by criminal networks.

Over the last few months the law enforcement agencies have been intercepting messages exchanged between criminals to plan serious crimes. By infiltrating the encrypted communications platform the police across Europe gained access to millions of messages leading to arrests of hundreds of suspects in several countries including France, Netherlands, the UK, Norway, and Sweden.

EncroChat’s website described its service as a “user-friendly secure instant messaging client” with “guaranteed security” using end-to-end encryption and servers that never store messages, users data or keys used to decipher exchanges. EncroChat phones sold to customers came with dual operating systems (Android OS and the EncroChat OS) and multiple functions designed to provide anonymity, such as encrypted interface, Secure Boot, tamper-proofing, and a brute force resistant FIPS 140-2 certified hardware cryptographic engine, automatic deletion of messages on the terminals of their recipients, specific PIN code used for the immediate deletion of all data on the device.

An investigation into EncroChat platform began in 2017, when the French Gendarmerie and judicial authorities discovered that EncroChat phones were regularly used by organized crime groups and that the company was operating from servers in France.

“Eventually, it was possible to put a technical device in place to go beyond the encryption technique and have access to the users' correspondence,” the Europol said.

In April 2020 a joint investigation team (JIT) was created between France and the Netherlands, with the support of Dutch and French Desks at Eurojust and Europol.

As part of a joint operation, which went in France under the code name “Emma 95” and in the Netherlands was known as “Lemont”, the police officers monitored the communications between thousands of suspects, which resulted in the arrest of 60 suspects in the Netherlands, the seizure of drugs and the dismantling of 19 synthetic drugs labs.

The operation ended on June 13, 2020, when EncroChat realized that the police has compromised the platform. The company then sent a warning to all its users advising them to immediately dispose of the phones.

Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020