3rd February 2021
Share this blog post:
“An unparalleled victory for law enforcement against the Untouchables.”
That’s how one senior police source described Europol’s Earth-shattering Spring 2020 hack of EncroChat, the secure double-ended encryption service favoured by thousands of criminals across the world.
Breaking EncroChat’s secure communications network led to the arrest of thousands of alleged organised crime gang members across Europe and beyond – including at least 1,000 arrests in the UK alone. It also led to the seizure of several tonnes of drugs, mostly cocaine and cannabis, as well as scores of weapons and vast amounts of data and documents on how organised criminals launder their proceeds of crime. In short, the move led to a treasure-trove of information law enforcement agencies could use against alleged organised crime figures: several hundred million messages in total.
Europol had become one of the first agencies to infiltrate the highly-secure, and legal, encrypted mobile phone communications networks hijacked in recent years by organised crime to mask their activities.
But it was not until much later in 2020 that the ground-breaking public-interest hack’s true success was confirmed in the UK. In November, the High Court ruled that the UK National Crime Agency’s use of the data it obtained through the EncroChat hack was lawful and, therefore, may be admissible as evidence in UK courts.
Until that point, it was unclear whether the methods used by law enforcement to obtain evidence of alleged illegal activities would be admissible during prosecution proceedings.
So why was the move by law enforcement so risky? And what exactly was the EncroChat hack?
In March 2020, and following months of deep suspicions about some EncroChat users’ activities, hackers deployed by police teams from France and the Netherlands compromised the EncroChat system using malware. In short, hackers compromised EncroChat’s server in Roubaix, France, and sent bogus updates to all users, which allowed officials to intercept and read millions of messages sent by criminal gangs (and many innocent parties).
It was a classic “man-in-the-middle” (MiTM) attack, which involves a third party intercepting communications between two other agencies.
EncroChat began life as a legitimate secure communications network. But because of the nature of it’s offering, the service quickly grew to become one of the networks of choice for illicit activity. Of its estimated 60,000 users, around 9,000 reside in the UK.
For months after the hack, law enforcement could monitor and act upon the content of messages sent between organised criminals and the arrests and disruption began to spoken about across crime networks. Shortly after the MiTM attack, EncroChat tried to block the external attack (not knowing who was behind it), but it was too late. Months later, the firm announced its network had been compromised, withdrew the service and, eventually, Europe’s police forces revealed they were behind the MiTM attack.
But that was merely the start of a major legal battle in the UK. Lawyers representing some of the alleged criminals arrested following the hack, argued in court that the NCA’s use of EncroChat data which, they claimed, had been obtained illegally could not form the basis of prosecutions. For months, the issue was up-in-the-air – until the High Court in London ruled that, in future, it will be for individual judges to determine the admissibility of such evidence.
The absence of a blanket ban on the NCA’s use of such data has been met with a huge sigh of relief by law enforcement officials across the UK. And while other appeals against the use of EncroChat data are likely in the British courts, for the time being prosecutors can take forward cases involving the arrests of alleged criminals using EncroChat’s information.
The move has been seen as a watershed moment in recent law enforcement history – showing, as it does, that encrypted networks can be compromised when there is a public interest in doing so.
As a journalist, I have a few reservations about a wider clampdown on encrypted communications. But there is little doubt that the benefits of Europol’s activity, and the public interest argument for taking action against the likes of EncroChat’s users, outweigh the downsides.
The EncroChat-linked case is an extraordinary case study in the modern battle against organised crime. It highlights the difficulties law enforcement officials have in tackling gangs which use fast-changing technologies.
If you want to delve further, then I suggest you start by going through the back catalogue of journalist Joseph Cox, who has written about this far more extensively than me. Cox is a senior writer at Motherboard, the technology arm of Vice News, which unearthed much of the police activity in the EncroChat-linked case. His, and Motherboard’s wider, work has been excellent and can be found here.
I can also thoroughly recommend an excellent podcast on the issue (in which Cox appears) by the Global Initiative Against Transnational Organised Crime (GI-TOC), which can be found here. Both sources of information are first-class.
I’ll post updates on further appeals against the High Court judgement made by alleged criminals and their lawyers. In the meantime, sit back and watch the ramifications of the EncroChat hack unfold as more court cases get heard…
Share this blog post:
30th March 2023
New Thinking Archive: Braverman and UK Asylum Seekers
Quite rightly, the treatment of UK immigrants and asylum seekers is back in the news. There’s a lot to say about the UK government’s handling of these delicate policy issues,…
Read now
22nd March 2023
New Thinking Archive: China and Illicit Trade
This week, another article from the New Thinking magazine archive – on the reality of China’s illicit trade. Timely, given President Xi’s recent visit to Moscow. A few interesting, and…
Read now