Police hack Encrochat (secure chat used by organised criminals)

[Sebastian Cobb]

This looks potentially huge.

https://www.vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked

This seems to have been used by organised criminals from the top-down and the French police managed to remotely deploy malware onto devices to snaffle up encrypted messages from devices after they've been decrypted. People have been raided and everyone else is fucking off with cash and going into hiding.

[Shoulders?-Stomach!]

Do we know what Graham Linehan's Encrochat reach is and if the Colchester Hard Wank Crew will now Leave Women Alone?

[touchingcloth]

Why are these idiots buying £3,000 phones for encrypted communication when they could use any number of free apps?

[Zetetic]

Network effects.

[Blumf]

I suppose it's testimony to how impossible it is to secure modern IT kit.

[Sebastian Cobb]

Why are these idiots buying £3,000 phones for encrypted communication when they could use any number of free apps?

I think the idea is it's a closed shop? The phones had been modified so they couldn't be bugged etc.

But you're right, it looks like their selling points was the weakness - the French police managed to deploy malware to exploit the common os and grab the messages once the handsets had decrypted them.

I imagine they were paranoid about public apps, it's conceivable that an app could be switched for a compromised version, that's certainly the way the law's going here with the 2nd version of the snoopers charter. If a warrant was obtained to comply with the law, whatsapp for example, could silently change keys (like how when your friend gets a new phone, but with the notification disabled) in a way that allows key escrow or disables it entirely.

It looks like the Americans are going to pass a law very similar to it shortly:
https://news.bitcoin.com/lawful-access-to-encrypted-data-act-backdoor/

I hope it both fucks up big american internet companies, as they're basically all shits and pushes forth more decentralised protocols.

[Sebastian Cobb]

I suppose it's testimony to how impossible it is to secure modern IT kit.

If they used a messaging system that was installable on any Android phone it's likely individuals could be targetted but as a whole they'd have been safer.

One of the darkweb platforms Dream Market got took down when one of the admins flew to the US to attend a beard grower's competition. They got stopped at the border and they were still logged in as admin.
https://eu-ocs.com/hipster-dark-web-drug-dealer-arrested-travelling-france-us-beard-contest/

[Noodle Lizard]

It looks like the Americans are going to pass a law very similar to it shortly:
https://news.bitcoin.com/lawful-access-to-encrypted-data-act-backdoor/

I hope it both fucks up big american internet companies, as they're basically all shits and pushes forth more decentralised protocols.

It's more likely to just become "the new normal", as did every other breach of privacy in the wake of the Patriot Act; the NSA scandals, violations by Google, Facebook etc. People have heard all these stories and the response has overwhelmingly been "we don't really care". Breaking end-to-end encryption has been an open goal for the NSA and FBI for a long time, but no one sees it as that big a deal. We've just casually grown to accept that none of our data or activity online is really private, and in doing so we've made it so the biggest companies (who tend also to be the worst offenders) are almost impossible to live without.

[Sebastian Cobb]

    In an era when everything can be surveilled, all we have left is politeness.

yeah i know but you can hope can't you.

[Bence Fekete]

Sorry in advance cos I'm not knowledgable to know if this is daft, but does anyone think it's a bit odd they haven't solved the perfect privacy software yet?

As in, given what I know about cryptography (the basics), how difficult is it really to construct an app that never exposes it's decrypted contents to anything outside of a recall to the screen to be read by the authorised user? So not only would you need access to the phone, but you would have to physically sign in (fingerprint) to activate, decrypt and read the encryption?

Am I way off? I mainly use Telegram because I know it isn't keeping ad and tracking data on me but I also understand it runs it's encryption on the users end. I also understand that if you can get into an OS (as appears to be the case here) they can just read your screen anyway and such localised security measures become moot. But I don't understand how we haven't moved past this point yet to a fully unhackable messaging system that is shielded from any internal monitoring. Feels like it has to be possible - or am I squawking like a noob?

Isn't Protonmail essentially unhackable, or is it the same as any other app and can be read from the users end with a good bug?

[Sebastian Cobb]

Well a lot of these apps are designed to encrypt in transit and decrypt at the other end. They assume your phone is fine, and I think people assume given their phone is encrypted that's fine too. I doubt many of them make much effort to encrypt the contents from other apps via keys in the code or a passphrase. Forensics apps /maleware can get information from allsorts not just leaky caches, but also things the os does, like you know how when you scroll through all your open apps? They're screenshots, so they can be of messages.

This is easy to mitigate though. Encrypt and decrypt your messages outwith your device. Not convenient though.

I'm sure some cautious people will have done this. And I'm sure this is what criminals will be doing in the future.

[Bence Fekete]

Ok ta. So it's about exploiting sloppiness too then. Like keeping a big criminal diary blog of all the drugs you've sold through your massive international drug empire on your laptop, and then getting nicked red-handed. 

[Ferris]

One of the darkweb platforms Dream Market got took down when one of the admins flew to the US to attend a beard grower's competition. They got stopped at the border and they were still logged in as admin.
https://eu-ocs.com/hipster-dark-web-drug-dealer-arrested-travelling-france-us-beard-contest/

mate

[Blumf]

If they used a messaging system that was installable on any Android phone it's likely individuals could be targetted but as a whole they'd have been safer.

I wouldn't be so sure. Plenty of things they could bring to bear on a standard Android system, even if the exact versions differ from user to user. There are entire marketplaces devoted to that.

Whatever the criminals use would need to be hardened, which pretty much limits the selection they'd have, so you're back to the single (or few) target(s) problem.

But it's pretty clear now, that against state actors, we can't even trust the hardware. CPUs, GPUs, network adapters, all loaded up to the gills with sketchy firmware and sub-systems that state security services can gain access to with a little gentle prompting of the companies involved (as we see in this case with KPN)

[Bence Fekete]

So was the main weakness in their strategy that these super-phones required updates? As in, if they'd just kept to 'business only' phones that were permanently airgapped from anything that wasn't VPN encrypted traffic, then wouldn't that be enough to guarantee pure anonymity?

I hear what you're saying about anything being compromisable but, say, a genuine out of the factory rooted system with key verified open source software could - in theory - be free from state interference no? Or are you saying that they could find a way in through the device itself, pre-factory, in the design of the thing that would always guarantee them a backdoor? That's is frightening if we're there already.

One hell of a story though. I'd love to read those transcripts.

[steveh]

The first weakness to be exploited seems to have been the servers, which allowed the authorities to drop the exploit tapping the messages onto all the phones. On a device that only used an encrypted VPN for traffic the VPN servers would still be a weak spot. Being a semi-legit company using standard data centres to which the authorities could gain access may have made them more vulnerable than a totally criminal enterprise too. Finding Android security holes to use for the 'malware' is the trivial bit.

They were also over confident in their ability to run a secure service. They were reported to have rolled their own crypto rather than using standard software because they were overly paranoid about state-known exploits. A company like theirs is never going to be able to attract the talent needed to develop a system of sufficient quality and security. Maybe all along though the aim was only to build a limited life business which could make some cash off a semi-secure system then shut up shop once it inevitably got compromised.

[touchingcloth]

A company like theirs is never going to be able to attract the talent needed to develop a system of sufficient quality and security.

That's the main thing which went through my head when reading about it all. I'm not a developer but I have a computer science degree and have always worked jobs in the software industry. Coding isn't hard per se so I can well imagine that a criminal enterprise could find some shit hot coders by offering more cash than the legitimate private sector offers. But while coding is simple enough on the face of it, the discipline of software development is hard, and I just can't imagine a shady business sorting out a decent QA team.

[Dex Sawash]

All you have to do is pay the government data guys to keep quiet.

[dissolute ocelot]

So was the main weakness in their strategy that these super-phones required updates? As in, if they'd just kept to 'business only' phones that were permanently airgapped from anything that wasn't VPN encrypted traffic, then wouldn't that be enough to guarantee pure anonymity?

I hear what you're saying about anything being compromisable but, say, a genuine out of the factory rooted system with key verified open source software could - in theory - be free from state interference no? Or are you saying that they could find a way in through the device itself, pre-factory, in the design of the thing that would always guarantee them a backdoor? That's is frightening if we're there already.

If there's a bug anywhere it's possible to exploit that, and a mobile phone has a lot of software even to transport the simplest message. In general communication stacks should be pretty robust and nearly bug-free, and you're more likely to see bugs in application software and things like video players. But as mentioned, who knows what their quality assurance is like or how customised the phone OS is?

You can design systems so that there's no/minimal non-volatile storage (Flash memory, etc), so that patches, bugfixes, exploits or third-party software are cleared when you turn it off and on again, but again it comes back to quality assurance - would you want a mobile phone that absolutely positively couldn't have any bug fixes?

And a VPN or any secure system is only as robust as the weakest element - it's always going to be possible to persuade someone to give up their crypto keys, especially if they're facing a long jail term. The best way to protect a system is if everybody knows if a key is broken, a user is compromised, or a vulnerability is found, but that kind of publicity is antithetical to a secret criminal network.

[Captain Z]

If you're a criminal enterprise looking to employ a coder then all you need is someone who can quickly type a continuous stream of text into a command prompt.

[Sebastian Cobb]

If you're a criminal enterprise looking to employ a coder then all you need is someone who can quickly type a continuous stream of text into a command prompt.

While getting sucked off if Swordfish is anything to go by.

[madhair60]

And here we want to abolish police. Could any of you hack Encrochat? Yeah, thought not.

[Pingers]

And here we want to abolish police. Could any of you hack Encrochat? Yeah, thought not.

It would be great if this is the only stuff they did. They did a good job there, 746 contenders for World's Most Unpleasant Man arrested, plus 77 firearms out of harm's way - seems a productive way to spend your time. If only they could stop harassing and spying on environmental protesters and nicking people for being black, we could all agree they're a great bunch of lads.

[Blumf]

I hear what you're saying about anything being compromisable but, say, a genuine out of the factory rooted system with key verified open source software could - in theory - be free from state interference no? Or are you saying that they could find a way in through the device itself, pre-factory, in the design of the thing that would always guarantee them a backdoor? That's is frightening if we're there already.

That's the problem. Modern components, the actual chips (CPUs, network support, even memory controllers), are riddled with sub-systems, computers in their own right, with their own (generally closed source and undocumented) firmware.

e.g. https://en.wikipedia.org/wiki/Intel_Management_Engine

I think the only thing that'd protect you at this stage is the various state agencies not wanting to show their capability publicly. So, I doubt they'd use this stuff on plain old drug dealers, even the big guys like this story. But you can't trust your IT systems, and they have used their capabilities for industrial espionage before, so... <shrug>

[Sebastian Cobb]

The way to stop it is to separate the decryption from the device carrying the message.

You don't need rinky-dink expensive phones or even end to end encryption on the messaging service then though.

A process similar to dead drop, developed by Aaron Schwarz for journos to handle sensitive content would work as it relies on an airgapped machine, that doesn't store anything to read the messages.

[steveh]

They did a good job there, 746 contenders for World's Most Unpleasant Man arrested, plus 77 firearms out of harm's way - seems a productive way to spend your time.

Though also opening up big gaps in the market for other groups to expand into - with the inevitable rise in violence as they clash over who gets what. It also provided a good learning experience for those higher up who escaped and now probably won't make the same mistakes again.

[Sebastian Cobb]

Though also opening up big gaps in the market for other groups to expand into - with the inevitable rise in violence as they clash over who gets what. It also provided a good learning experience for those higher up who escaped and now probably won't make the same mistakes again.

Yeah, tick will be called in resulting in violence, and fighting over remaining supplies. Probably a massive increase in johnnies in bellies while the smuggling infrastructure is disrupted.


I imagine the defund police people would rightly point out how the war on drugs hasn't helped anyone and drug control could be provided to addicts (and casual users for less harmful drugs) through policy.

I think Holland give their smack heads prescription morphine and have shooting galleries, much better way to approach it.

It's an impressive sting with some excellent international co-operation and takedown but the reasons behind it are all from a mostly global stance on prohibition.

[Blumf]

The way to stop it is to separate the decryption from the device carrying the message.

You don't need rinky-dink expensive phones or even end to end encryption on the messaging service then though.

A process similar to dead drop, developed by Aaron Schwarz for journos to handle sensitive content would work as it relies on an airgapped machine, that doesn't store anything to read the messages.

I was thinking, some device made with old kit (think a 68000 CPU or similar), simple keypad and LCD display. Let it encrypt the message and produce a sound output (like old 8-bit tape loading) that can survive being played over the phone or recorded to MP3.

Loses the anonymity and convenience of a smartphone though.

[Sebastian Cobb]

I don't see the advantage of that over encrypted text.

I bet they could hide in plain sight using something like reddit. Shitposting images with encrypted messages buried in them using steganography.

[Blumf]

I don't see the advantage of that over encrypted text.

Remember, the whole problem here is that you can not trust modern kit, at any level. So the encryption needs to happen on a device that can be fully audited, then the message transmitted in a safe way (so no direct networking, as wifi and ethernet chips are suspect)