In one of the biggest law enforcement operations against encrypted communications, authorities around the world have arrested 6,558 people and seized $985 million (EUR900 million) in illicit proceeds in the takedown of encrypted phone network EncroChat.
A joint investigation — initiated by French and Dutch authorities — intercepted and analyzed over 115 million conversations that took place over the encrypted messaging platform among more than 60,000 users, Europol announced on Tuesday.
“The successful takedown of EncroChat followed the efforts of a joint investigation team (JIT) set up by both countries in 2020, supported by Eurojust and Europol. Since then, close to EUR 900 million in criminal funds have been seized or frozen,” Europol said in a press release. Eurojust is an EU agency that coordinates law enforcement actions among member states.
Based on accumulated figures from all authorities involved, three years after EncroChat’s encryption was broken by law enforcement, 6,558 individuals have been arrested, including 197 high-value targets. Seizures also include 30.5 million pills of chemical drugs, 103.5 tons of cocaine, 163.4 tons of cannabis, 971 vehicles, 271 estates or homes, 923 weapons, and 40 airplanes.
Takedown of EncroChat
EncroChat was an encrypted messaging platform that was increasingly being used by organized crime groups. The French Gendarmerie and judicial authorities have been investigating phones that used the secured communication tool since 2017. The authorities discovered that the phones were regularly found in operations against organized crime groups and that the company was operating from servers in France.
“Eventually, it was possible to put a technical device in place to go beyond the encryption technique and have access to the users’ correspondence,” Europol and Eurojust said in a joint statement.
In early 2020, EncroChat was one of the largest providers of encrypted digital communications, with a very high share of users presumably engaged in criminal activity, the authorities said. “User hotspots were particularly present in source and destination countries for cocaine and cannabis trade, as well as in money laundering centers,” according to the joint statement.
The French authorities decided to open a case with Eurojust in the Netherlands in 2019. Data related to the case was first shared with the Netherlands.
In France, where the operation took place under the code name “Emma 95,” the Gendarmerie set up a task force in March 2020 with more than 60 officers. In the Netherlands, the operation went under the code name “Lemont,” and hundreds of investigators — with authorization of the examining magistrate — constantly followed the communications of thousands of individuals in order to analyze and act on the intercepted data stream.
The interception of EncroChat messages came to an end on June 13, 2020, when the company realized that a public authority had penetrated the platform. “EncroChat then sent a warning to all its users with the advice to immediately throw away the phones,” Europol said.
EncroChat operations
EncroChat phones were advertised as guaranteeing perfect anonymity, with no traceability to users. “It also had functions intended to ensure the automatic deletion of messages and a specific PIN code to delete all data on the device. This would allow users to quickly erase compromising messages, for example at the time of arrest by the police,” Europol said.
In addition, the devices could be erased remotely by the reseller or a help desk. “EncroChat also sold crypto for around $1,100 (EUR 1,000) each, on an international scale. It also offered subscriptions with worldwide coverage, at a cost of $1,640 (1,500 EUR) for a six-month period, with 24/7 support,” Europol said.
The use of encrypted communications by organized crime groups has been on the radar of law enforcement authorities around the world. In March 2021, SkyECC, another encrypted communication platform, was dismantled in a joint operation by judicial and law enforcement authorities in Belgium, France, and the Netherlands. Many users of EncroChat, once the operation was dismantled, changed over to the Sky ECC platform.
In the same year, the US Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. As a result of that operation, 800 arrests were made across 118 countries. Europol called it the “biggest ever law enforcement operation against encrypted communication.”
Communications Security, Cybercrime