Police hack Encrochat (secure chat used by organised criminals)

[Ferris]

I don't see the advantage of that over encrypted text.

I bet they could hide in plain sight using something like reddit. Shitposting images with encrypted messages buried in them using steganography.

I've often though changing everything into dates on excel is a good way to encrypt data. It stores very large numbers in a way that is completely incomprehensible to anyone.

[touchingcloth]

Why can't criminals go back to the old school yet far more secure ways of communicating?

"'ere, Gary - we're going to 'snurgle' the bank at 4PM sharp, and if Barry snitches we'll chop his 'shawls' off. Keep an eye out for Sting and the 'fleece'."

[Sebastian Cobb]

Remember, the whole problem here is that you can not trust modern kit, at any level. So the encryption needs to happen on a device that can be fully audited, then the message transmitted in a safe way (so no direct networking, as wifi and ethernet chips are suspect)

That's what dead drop prevents. I suppose there is the potential issue of the usb transport medium having something like confickr on it, but you could make very basic bespoke hardware to decrypt text from a usb stick.

[imitationleather]

I don't know why people are saying it's good this happened.

Where are we supposed to get our fucking drugs from now?!

[touchingcloth]

That's what dead drop prevents. I suppose there is the potential issue of the usb transport medium having something like confickr on it, but you could make very basic bespoke hardware to decrypt text from a usb stick.

Encrypt it by hand with a one-time pad, send the message in the clear, job done. Just keep them pads secure.

[Sebastian Cobb]

Encrypt it by hand with a one-time pad, send the message in the clear, job done. Just keep them pads secure.

I already said that! Even strong private keys/pgp is probably fine.

[touchingcloth]

I already said that! Even strong private keys/pgp is probably fine.

Ha, sorry, missed it.

It's interesting to think that this whole affair comes down to criminals being happy to spend thousands of pounds because they can't be arsed doing the more secure things more manually, and it's the slight laziness and lack of attention to detail which has been their undoing. Like the guy mentioned who went to the bear competition without logging out of his admin account, it's really a slightly more technical version of the same thing on the criminals' side.

[Blumf]

That's what dead drop prevents. I suppose there is the potential issue of the usb transport medium having something like confickr on it, but you could make very basic bespoke hardware to decrypt text from a usb stick.

I still don't think you fully understand the problem I'm addressing. You can not trust modern hardware!! No, you can't make a bespoke USB device, the USB spec is too complex for that and relies on chipsets with firmware in them (I think you might be thinking about USB 'condoms' that just protect you whilst charging from a suspect device, not data transfer)

You'd need to make a device that is simple enough to be fully auditable. Once you add in file system support and everything else needed for a USB or network connection, and the raw circuits free from firmware laden chips, you're really pushing it.

[steveh]

These are devices which can be used by people quite low down the chain so they need to be simple to use and not look out of place. Also if you have separate encryption / decryption devices then key sharing becomes a problem.

[Ferris]

Two words for you lads: Smoke Signals.

No rozzer in the world will decode that shit.

[imitationleather]

Do a load of k and use telepathy.

[Sebastian Cobb]

I still don't think you fully understand the problem I'm addressing. You can not trust modern hardware!! No, you can't make a bespoke USB device, the USB spec is too complex for that and relies on chipsets with firmware in them (I think you might be thinking about USB 'condoms' that just protect you whilst charging from a suspect device, not data transfer)

You'd need to make a device that is simple enough to be fully auditable. Once you add in file system support and everything else needed for a USB or network connection, and the raw circuits free from firmware laden chips, you're really pushing it.

I understand what you're saying. But you have a normal computer that has network connectivity and decrypts the message.

You have a second, custom built simple device that can read the file and decrypt it with no network connectivity. It's quite unlikely but possible I suppose that the machine could be exploited to dump the message back to usb and hide it (although they wouldn't know what USB key you're using).

But writing that made me think of a slightly older tech that would make this even more frictionless!

IR BLASTER on PC -> device that can decrypt with secret key. You could do it with a fucking arduino.

[Ferris]

Do a load of k and use telepathy.

I was going to suggest carrier pigeons but this is some galaxy brain shit.

[Sebastian Cobb]

We could go back to the way of leaving coded messages on people's heads like Ceaser did.

Lots of you could sign up as message carriers!

[Sebastian Cobb]

Dutch police have found a soundproof torture chamber in amongst this.

https://www.theguardian.com/world/2020/jul/07/dutch-police-arrest-six-men-after-discovery-of-torture-chamber

[Bence Fekete]

😈 SEX DUNGEON 😈

[græskar]

Dutch police have found a soundproof torture chamber in amongst this.

https://www.theguardian.com/world/2020/jul/07/dutch-police-arrest-six-men-after-discovery-of-torture-chamber

Absolutely chilling. I'm actually feeling quite sick now after reading this.

[Dewt]

I understand what you're saying. But you have a normal computer that has network connectivity and decrypts the message.

You have a second, custom built simple device that can read the file and decrypt it with no network connectivity. It's quite unlikely but possible I suppose that the machine could be exploited to dump the message back to usb and hide it (although they wouldn't know what USB key you're using).

But writing that made me think of a slightly older tech that would make this even more frictionless!

IR BLASTER on PC -> device that can decrypt with secret key. You could do it with a fucking arduino.

What you're describing is pretty commonly used. People will call it an air-gapped machine. It's commonly used for signing something with a private key, 'offline'.

Scarily it is possible to listen to the a CPU and extract private keys in some circumstances.

[Sebastian Cobb]

Yeah I know, I already mentioned dead drop which is now apparently called securedrop.

[amputeeporn]

Dutch police have found a soundproof torture chamber in amongst this.

https://www.theguardian.com/world/2020/jul/07/dutch-police-arrest-six-men-after-discovery-of-torture-chamber

https://time.com/5863677/netherlands-arrest-torture-chamber/

Video here - there's nothing gruesome about it - spotless clean, but it will make your blood run cold...

[touchingcloth]

How do we know this was intended for torturing rather than dentistry? The articles all state quite clearly that they installed a dentist's chair rather than a torture one.

[JaDanketies]

I hope none of the drugs I bought have funded these torture chamber folk.

Even with this significant bust of hundreds of high level drug importers, the impact on availability will be negligible. Legalise!

[pigamus]

I'm sorry to say that mention of "hedge cutters" made made me laugh

[touchingcloth]

I'm sorry to say that mention of "hedge cutters" made made me laugh

Me too. Did you also have a vision of that scene from Scarface being played out with hedge cutters rather than a chainsaw? Did it morph into the bad lads going through the full range of garden tools - a strimmer, secateurs, herb scissors, an auger for bulbs? Just me?

[canadagoose]

an auger for bulbs

Well, it'd be effective.

[touchingcloth]

For people who have ditched their Encrochat kit, what do you recommend as an alternative?

[JaDanketies]

For people who have ditched their Encrochat kit, what do you recommend as an alternative?

could ya not just use a burner Nokia, Protonmail and PGP encryption? Maybe on a TOR messageboard, and Linux with TAILS?

[touchingcloth]

could ya not just use a burner Nokia, Protonmail and PGP encryption? Maybe on a TOR messageboard, and Linux with TAILS?

Just tried this and am in jail now. Suggestions?

[Sebastian Cobb]

did you smuggle another phone in up your bot-bot?

[MidnightShambler]

These phones don't cost 3k in a one-off payment, they cost 3k a month to maintain and update. Think of a fire stick or similar, it's basically that. The system they were using, even though it's now been broken into, was incredibly secure, hence why it took years of constant attempts by the most sophisticated forces on the planet to get into them. Luckily for them, lots of the right people were aware of the breach before the net closed and ceased interactions. Good old fashioned bribery is still alive and well, right to the top. They haven't nicked anything like the amount of people they could have done otherwise.
Although it's been quite a funny discussion to read, you're all talking about this this like it's a piece of piss to evade detection and that multi-billion pound criminal empires somehow knew less than a load of computer science students and office workers with a Rasberry Pi on a comedy website.

At the end of the day, complacency gets you caught far quicker than any of this. My mate has just been nicked in Jersey with an ounce of extremely pure cocaine up his arse, he's facing 10yrs. He'll serve them too. He flew in from Liverpool because there's been a drought in Jersey due to Covid-19 and had a return ticket for a day or two later. Stopped at a customs check, black scouser with a ticket home tomorrow, says he's loooking for work? Likely story, get in the room. Bingo.
He only took a small amount just to test the water the first time but he was as sloppy and arrogant as fuck. A similar thing happened to my ex-s brother in the Shetlands (google it if you have to), when he was having Charlie mailed to him monthly, thinking it was a sleepy place. Complacent, 5 years.

Essentially, some risks have to be taken and you can't keep sending letters or using burners, it's too long winded and things happen quickly. The next thing is already in motion anyway, the coppers are always playing catch-up.

And don't be friends with me, I'm clearly a jinx.