The dark phones (Encrochat) — Criminals are building their own communication system

Matthieu Regnery
10 min readJul 20, 2020

--

The technical insights of ultra secure communication systems, meeting criminal business needs and challenging law enforcement for a decade.

Communication is crucial in any group and organised crime is no exception. Logistics, payment, production, order or delivery, everything has to be coordinated. Mobile phones are an obvious and ubiquitous mean to deal with these operations but carriers need to comply with several surveillance laws in almost every country. Even bought anonymously, metadata and technology enable eavesdropping and geolocation. To reduce the risk, some traffics now take place on dark markets on the web, allowing end customer to trade with a provider, sometimes through a third-party. However, these places are not handy for real-time, on the move operations and communications. They are therefore not really suitable for business-to-business relationships.

Last but not least, organised crime groups (OCG) want to protect themselves and seek to remove the weakest point. They need to prevent intelligence and data collection from arrested members or collaborators, whether they are smart or stupid. By controlling communication assets, they eliminate number of weaknesses and risk of leaks. Similarly to the dark net, some developers engineered smartphones to provide extended privacy capabilities. We will call them “dark phones”.

They now provide a user friendly, ultra secure platform for criminals to exchange and coordinate.

Technology is evolving, so are criminals

Law enforcement around the globe are seizing different kind of phones during drug arrests. But since 2011, some of them stands out as they are protected by a strong password, equipped with a no name SIM card and not attached to a phone number. Even, tearing the first models apart, they have been deprived from microphone and camera. What are these secure phones? It started with modified Blackberry handsets. Blackberry has been a provider for enterprise fleets. Their solution enabled deep customisation of features on the end points. They also provided central servers acting as distribution centers, either hosted or on premises. This technology, known as Mobile Device Management, is widely used nowadays in companies to control their assets in terms of cyber security and information leak. Organised crime is not a big company, but some smart tech savvy criminals and cartels saw an opportunity to use this model. Indeed, they act as a corporation and sell their fleet to anyone willing to be part of the communication network. Usually provided at first to high ranked members, the phones become then necessary to every contact, above, below or external who are in business with them. Because they do not interoperate with conventional systems, they become exclusives and underground.

Ultra secure devices and platform

Even if breaches happened, the devices are among the most secure in the world and so are the softwares and servers. Starting with the phone itself, the central authority can enforce policies that disable camera, voice or text usage, applications, location services or USB connectivity, enforce strong passwords, data at rest encryption and restrict emails to PGP encrypted ones only. With those policies, forensic examination or conventional eavesdropping is close to impossible. Moreover, usual Blackberry fleets tranfer data only through a central Blackberry server, located at Blackberry or on-premise. The phone creates an encrypted tunnel to exchange data. At the end, the user can only send or receive PGP encrypted emails, transiting via an encrypted tunnel on a dedicated server. Even the SIM card is almost completely untraceable as criminal communication systems use machine to machine plans which can provide data access worldwide while not being entitled to disclose identity of customers.

Like on the darknet, exchanges are anonymous and traces are controlled (eg. tor browser).

Another critical feature comes from the enterprise world. A remote wipe of the device is built in, enabling provider to erase all data on-demand. Central servers could be considered as a weak point and they are. However, organisations use services of very good engineers to secure their software and infrastructure. Trade-off between technology and security is often in favour of security (ie disabling cameras).

With this technology, law enforcement are blind, unable to trace SIM cards, intercept and analyse data traffic (even metadata) and recover data from seized devices. Even at a carrier level, data transmission is permanent and cannot enable to map correspondents. As the account is not correlated to the phone or the SIM, some criminals regularly change the hardware to scramble even more their activity. Any interception or geolocation that could have been placed on an IMEI (end point identification number) or an ICCID (SIM card identification number) is therefore ephemeral. Only few traces are left, at rest, encrypted on a very secure device, drowned into a massive data traffic or in criminal controlled central infrastructure.

Illustration : Darkphone communication system

Law enforcement challenge

At the game of cat and mouse, the mouse is usually faster than the cat. Law enforcement discovered these secure communication systems, run by criminals for criminals around 2012 and started to investigate. They encountered multiple obstacles. First because the phones themselves are secured and encrypted. Second because these darkphone organisations are unknown and few people believe than criminals can run them.

In 2015, a court report of Ontario superior court of justice states that « RCMP technological laboratory destroyed this illusion and extracted from this phone 406 e-mails, 25 address book entries and other information all of which had been protected ». In another report, British-Columbia supreme court judgement claims that « encrypted emails were extracted from the Blackberries and decrypted by the RCMP Technical Assistance Team ». This first breach into criminal phones was a huge success, as conversation were extremely operational:

RP to Spaceshuttle 12:34 p.m. — “Hey. Has he left his house?”
Spaceshuttle to RP 12:40 p.m. — “Ye were downtown right now.”
RP to Spaceshuttle 12:41 p.m. — “Don’t DT with a bunch of people around. Always tomorrow. Don’t want it called in.”
Spaceshuttle to RP 12:45 p.m. — “We found him”
RP to Spaceshuttle 12:47 p.m. — “K is it a safe scenario. Don’t get it called in seriously if there is a bunch of witnesses wait for your next opportunity”
Spaceshuttle to RP 12:49 p.m. — “We have his car in sight in a underground”
RP to Spaceshuttle 12:49 p.m. — “KK. If its good do it.”

(source: R. v. Vu, 2015 BCSC 1073, canlii.org)

One year later, Dutch services seized the servers of Ennetcom, a provider of Blackberry PGP encrypted phones and communication, after hacking their system and locating their infrastructure. In 2017, they dismantled PGPSafe and seized again the servers. In 2018, Phantom Secure is taken down by the FBI. All these companies have been selling Blackberry secure phones to criminals. At this time, law enforcement are able to decrypt emails in seized devices, disrupt service and find some data and encryption keys in servers but at a small scale. Criminals are also becoming more tech savvy and fancy new technologies such as encrypted instant messaging application (ie WhatsApp). New providers such as SkyECC, Encrochat or Ciphr promise even more secure communications with features such as ephemeral messages, panic button, no data on servers or smart card encryption. They also advertise modern applications, with video, pictures, documents or calls over data (VoIP) enabling real-time secure communication. We will see later Encrochat features in much more details.

Illustration: Time scale of technologies and law enforcement take down

Law enforcement need to keep up with the technology once again. Finding vulnerabilities in these systems is crucial for a lot of high profile cases and being able to retrieve the data often brings material evidences. However, the research and breakthroughs have to remain as secret as possible to keep the advantage. As trials are often public, fact that extraction has been possible is released but vendors argue the password was weak and the panic/wipe features have not been used. User negligence!

That is a different story that took place with Encrochat infiltration.

Encrochat story

Encrochat phones started to come in law enforcement hands in 2017, at least identified as secure phones. Indeed, they come with two separate operating systems. When the phone is booted, a normal Android is shown with usually no user data. A specific key combination allows user to switch to secure mode and boot the custom Encrochat operating system. Therefore field officers may miss this and think the phone is new or not used. They may be told to shutdown the device as soon as possible to prevent remote wipe and data corruption, often by removing the battery. First level forensic examiners would boot the phone, observe an empty system and discard the evidence. Nice trick huh! It does not stop here.

Even when the secure system is booting, it requires an at least 15 character long password to decrypt the data.

Then the system is protected by a screen lock with an at least 6 character long passcode. Once entered, few applications are installed, part of Encrochat Suite (EncroChat, EncroNotes, Currency, Backup, Wipe). EncroNotes is a memo application which can be configured with yet another password. Cracking these passwords is near to impossible for two reasons: they are long enough and they are entangled with a hardcoded key inside the device processor, impossible to retrieve. It has to be cracked on the device, therefore with a very limited power. Moreover, it would require full access on this phone, which has also been anticipated by Encrochat engineers. They customised the certificate inside the hardware in order to ensure only their software can be booted. That is only possible with a partnership with the manufacturer and a very good knowledge of low level programming. This is the reason Encrochat phones are very specific, and restricted to one model.

Even if you are lost with the technique at this point, to make a long and technical story short, the hardware and software of these phones have been engineered to resist forensics at a state level. Server side has also been engineered as would be an end-to-end messaging application. Actually, Signal code is used to generate the keys and transport. Ciphers, protocols and source of randomness are strong. Messages are encrypted on the phone and are then distributed via a message broker.

source: encro.co.uk

Even tapping in this piece of software would only provide encrypted content.

So what went wrong?

Encrochat administrators detected a malware on their handsets. Indeed, the only way to retrieve plain text content is to get it at the source, before it is actually encrypted, directly on the device either sender or recipient. Most of the time, such law enforcement software intrusions (eg. govware) are strictly regulated. In France they are defined by law and techniques are often classified. However this successful infection gave access to millions of instant messages or media sent or received by the 50k+ users of Encrochat. Game over.

Why criminals will continue to use these systems ?

As soon as Encrochat announced it has been breached, Omerta, a similar provider, offered a 10% discount to switch. Some Encrochat resellers now advertise SkyECC solution on their webpage. Why do not they simply use WhatsApp or Signal and have the traffic drowned into normal people’s? Why use this really expensive service, targeted by law enforcement? Simply because it is a lot more stealth and secure, despite the breaches, technically difficult to find but still possible. No ID document needed to open a line (15 days grace period in France), no geolocation, no legal obligation from providers, carriers can not provide any correspondent, features are controlled and locked on the secure network (ie an idiot can not use the phone to send pictures of his holidays to friends or family and be caught). It includes remote and panic wipe with 24/7 support in case of arrest and payment is anonymous.

No big forensic vendor is actively researching vulnerabilities as it is only a fraction of examinations conducted every day, which makes the risk of data gathering much lower. Alternatives could include burner phones, which are somehow anonymous but ephemeral and feature less. They often keep last messages and calls in their memory and are not stealth on the carrier side. Or walkies-talkies which are trace less and completely anonymous but only works synchronously and with a limited range.

In the end, these systems provide a very limited fingerprint on networks and money transfer, and a very secure, modern and user friendly communication suite. Business needs are met.

What about the money, key of everything ?

Organised crime groups usually have no problem with expensive equipment and well structured laundering systems. Although some providers will accept credit card or Paypal payment through a third party, they will always prefer cash or crypto money.

Encrochat in few figures

In the journey of buying an Encrochat phone, you first had to establish contact on the web site or with a phone owner. Then you were directed to the nearest reseller depending on your location. Even if these resellers own a shop, they usually set an appointment and give you the device along with instructions hand to hand, in exchange of cash. Price is expensive, around 1500€ for the handset and a 6 months service. Renewals are not cheap either, around 1200€ for 6 more months. One popular Encrochat feature was a 30min VoIP encrypted call included in the 6 month plan. You could trade 1 month to recharge 30min so around 200€. Not every privacy concerned user can afford such plan! With 50k+ users, Encrochat was making around 75M€ every 6 months, a profitable business.

In this journey of understanding these dark phones, we demonstrated why criminals are building them and why they will continue to use them despite spectacular breaches like the recent Encrochat one. Cutting one head is not enough as others will regrow very soon. However, dismantling this network has been a tremendous steps in understanding criminal protocols and a huge warning that nothing is perfectly secure. Impunity that could be felt though this secure systems has ended. New challenges are waiting for law enforcement and organised crime. Mouse and cat game is not over.

--

--

Matthieu Regnery
Matthieu Regnery

Written by Matthieu Regnery

I enjoy digital forensics, breaking things to understand how they work, reversing and desoldering. Keeping learning (PhD student at Lausanne University)

No responses yet