How the Gendarmerie Nationale brought down EncroChat

How the Gendarmerie Nationale brought down EncroChat Cybersecurity

A coalition involving the National Gendarmerie and the Dutch police has helped dismantle the gigantic encrypted criminal network EncroChat and lead to almost a thousand arrests. A national investigation unit with 60 gendarmes was mobilized and a technical device was used to crack the encryption of its communication system.

The announcement of the dismantling this Thursday of the encrypted messaging service EncroChat, whose servers were installed in France, sounded like a thunderclap. Thanks to effective cooperation between the French and Dutch police and judicial authorities, supported by the Europol criminal and Eurojust judicial police agencies, this vast communication network used by more than 60,000 users worldwide, 90% of whom have been criminals. up to date. Nearly a thousand people were arrested thanks to this operation. Identified since 2017, EncroChat has helped to hide the actions of all kinds of criminals in all kinds of criminal cases (drugs, firearms, kidnappings, murders …) thanks to the creation of an encrypted communication network and the sale of associated smartphones, also called EncroChat. These have various functionalities allowing their user to be completely anonymous.

“EncroChat phones have been presented to customers as the guarantee of perfect anonymity (no association of the device or SIM card with the customer’s account, acquisition under conditions guaranteeing the absence of traceability) and a perfect discretion both of the encrypted interface (dual operating system, the encrypted interface being hidden to be undetectable) and of the terminal itself (removal of the camera, microphone, GPS and USB port) “, Said a press release from Eurojust. “EncroChat also had functions aimed at ensuring“ impunity ”for users (automatic deletion of messages on their recipients’ terminals, specific PIN code intended for the immediate deletion of all data on the device, deletion of all data in the event of consecutive seizure of a bad password), functions apparently specially developed to allow quickly erasing the compromising messages, for example at the time of an arrest by the police “. Sold for 1,000 euros, these terminals were backed by a global coverage subscription service for 1,500 euros for 6 months for 24-hour support.

Geographical distribution of EncroChat phones identified following the dismantling of this encrypted communications network. (credit: Eurojust / Europol)

An investigation unit and 60 gendarmes involved

It has been since 2018 that the French gendarmes and judicial authorities have been mobilized on EncroChat with first the opening of a preliminary investigation by the C3N (center for combating digital crimes) on November 15 in order to carry out initial technical investigations, before a referral by the JIRS (Specialized Interregional Jurisdiction) prosecutor’s office in Lille less than a month later. The investigation conducted by the gendarmes led to the opening of judicial information including among the charges: the supply, transfer and import of a means of cryptology not ensuring exclusively functions authentication or integrity control without prior declaration, the association of criminals, the acquisition and possession of war materials, drugs …

As part of this dismantling operation, the judicial police sub-department created a national investigation unit called Emma 95, located in Pontoise, within the C3N. “Reinforced by seasoned investigators from the Research Sections (SR) from all over France and from the 4 central offices (OCLTI, OCLAESP, OCLDI, OCLCH), it currently has 60 gendarmes employed full time and spread over the missions of analysis of data and technical and judicial investigations, ”explains Eurojust in a document on the survey on EncroChat in France. To penetrate the EncroChat network, a hack tool was developed, soberly officially qualified as a “technical device” which allowed access to communications in an unencrypted manner, deployed by the central criminal intelligence service of the National Gendarmerie, and whose design as well as operation are covered by secret defense.

Skewer

746 arrests related to the dismantling of the EncroChat network have already taken place in Great Britain. (credit: NCA)

In the Netherlands, the “Lemont” operation, for its part, mobilized several hundred investigators to follow up on the communications of thousands of criminals. “The investigation has so far resulted in the arrest of more than 100 suspects, the seizure of drugs (more than 8,000 kilos of cocaine, and 1,200 kilos of methamphetamine), the dismantling of 19 synthetic drug laboratories , the seizure of dozens of (automatic) firearms, luxury watches and 25 cars, including vehicles with hidden compartments, and nearly 20 million euros in cash, “specifies Eurojust. The repercussions of the dismantling were felt most in Britain where the police force made 746 arrests and allowed the seizure of £ 54 million, 77 firearms and more than 2 tonnes of drugs according to the National Crime Agency .

Benefits over several years

The interception of EncroChat messages ended on June 13, 2020, when the company realized that a public authority had entered the platform. EncroChat then sent a warning to all of its users with the advice to immediately throw away their phones. “Today our domain has been illegally seized by government entities and an attack has been launched to compromise our units […] Due to the sophistication of this attack and the malicious code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling the network to fight the attack. You are advised to shutdown and separate from your terminal immediately, ”EncroChat told its users.

“Although activities related to EncroChat have ended, this complex operation has revealed the global dimension of serious and organized crime and the connectivity of criminal networks that use advanced technologies to cooperate nationally and internationally. The effects of the operation will continue to resonate in criminal circles for many years, as the information has been provided to hundreds of ongoing investigations and, at the same time, has triggered a very large number of new criminal investigations into organized crime on the European continent and beyond ”.

Source: www.lemondeinformatique.fr

Rate article