EncroChat hack shows there’s no such thing as secure communications

French police managed to penetrate a super-secure smartphone platform and catch loads of baddies, but what does this mean for the rest of us?

Scott Bicheno

July 2, 2020

4 Min Read
EncroChat hack shows there’s no such thing as secure communications

French police managed to penetrate a super-secure smartphone platform and catch loads of baddies, but what does this mean for the rest of us?

“DISMANTLING OF AN ENCRYPTED NETWORK SENDS SHOCKWAVES THROUGH ORGANISED CRIME GROUPS ACROSS EUROPE,” declares the Europol press release. It goes on to talk about the “impressive results” yielded by the successful hacking of secure smartphone platform EncroChat, which was favoured by criminals precisely because that was supposed to be impossible.

As a result, said criminals plotted freely over the platform, which combines specially adapted smartphones with a secure comms service. Once it was hacked, all the French coppers had to do was sit back and read their nefarious machinations, pausing only to nick some of them every now and then.

Eventually the charitable French shared the information gleaned from said hack, first with Dutch police and then others across Europe, including the UK. Our Old Bill was especially pleased with its results, announcing “NCA and police smash thousands of criminal conspiracies after infiltration of encrypted communication platform in UK’s biggest ever law enforcement operation.”

Here are the spoils of the UK operation so far:

  • 746 suspects

  • £54 million in criminal cash

  • 77 firearms, including an AK47 assault rifle, sub machine guns, handguns, four grenades, and over 1,800 rounds of ammunition

  • More than two tonnes of Class A and B drugs

  • Over 28 million Etizolam pills (street Valium) from an illicit laboratory

  • 55 high value cars

  • 73 luxury watches

The crowing from such energetic picking of low-hanging fruit didn’t end there. The National Crime agency couldn’t resist sharing some of the messages it intercepted from the baddies:

  • “This year the police are winning.”

  • “NCA as u know well are sophisticated and relentless.”

  • “If NCA then we have a big problem.”

  • “The police are having a field day.”

It seems UK crims were already in such awe of the NCA that it’s surprising they didn’t render the whole operation unnecessary by simply throwing in the towel months ago.

“A dedicated team of over 500 NCA officers has been working on Operation Venetic night and day, and thousands more across policing,” said NCA Director of Investigations Nikki Holland. “And it’s all been made possible because of superb work with our international partners. Together we’ve protected the public by arresting middle-tier criminals and the kingpins, the so-called iconic untouchables who have evaded law enforcement for years, and now we have the evidence to prosecute them.”

While it was decent of Holland to give a nod to the people who did the actual hacking, that was not an example Chief Constable Steve Jupp felt compelled to follow. “Serious organised crime is complex but working together with our Regional Organised Crimes Units and the National Crime Agency we have achieved an unparalleled victory against the kingpin criminals whose criminal activity and violence intimidates and exploits the most vulnerable,” said Jupp. “By dismantling these groups, we have saved countless lives and protected communities across the UK.”

Even the Home secretary, Priti Patel, got involved in the self-congratulation fest. “This operation demonstrates that criminals will not get away with using encrypted devices to plot vile crimes under the radar,” said Patel. “I will continue working closely with the NCA and others to tackle the use of such devices – giving them the resources, powers and tools they need to keep our country safe.”

There is, of course, nothing more satisfying than seeing hordes of euro-baddies caught with their pants down by the modern-day equivalent of Turing’s Enigma cracking operation. From a policing and justice perspective we applaud all involved, a somewhat redundant gesture in the UK as they’ve already done such a great job of doing so themselves. Having said that, who can blame them, given the reputational virus they caught from the US in recent weeks?

Amid all this jubilation, however, let’s not lose sight of what underpins it all – the state hacking of a commercial secure messaging service – which begs the question of whether any messaging platform can be considered secure and free from the prying eyes of the state. How confident can anyone now be that their messages, which may not necessarily be incriminating, but may well generate at least awkwardness in the wrong hands, are secure?

EncroChat’s website boasts of its ability to “eliminate all possibilities for security trespassing and privacy exposure.” That went well didn’t it? But the PR disaster is not limited to EncroChat – how can the likes of Signal and even WhatsApp claim to be secure when an entire platform devoted to being just that has just been breached? As for the rest of us, it looks like the end of the lockdown has arrived just in time, as noisy pubs stand as one of the few remaining places where we can be confident of having a private chat.

About the Author(s)

Scott Bicheno

As the Editorial Director of Telecoms.com, Scott oversees all editorial activity on the site and also manages the Telecoms.com Intelligence arm, which focuses on analysis and bespoke content.
Scott has been covering the mobile phone and broader technology industries for over ten years. Prior to Telecoms.com Scott was the primary smartphone specialist at industry analyst Strategy Analytics’. Before that Scott was a technology journalist, covering the PC and telecoms sectors from a business perspective.
Follow him @scottbicheno

Get the latest news straight to your inbox.
Register for the Telecoms.com newsletter here.

You May Also Like