Encrochat busted by NCA

Author
Discussion

Dont Panic

1,389 posts

53 months

Thursday 2nd July 2020
quotequote all
Well done to all involved. Just as well they wernt defunded eh?

anonymous-user

Original Poster:

56 months

Thursday 2nd July 2020
quotequote all
Murph7355 said:
La Liga said:
I don't want to set them off, but a security priority for Brexit is retaining (if possible) the same relationship with and access to Europol (along with the relevant databases).
Set who off?

I voted Leave and think this would be eminently sensible too.

Isn't our intelligence and security service capability well regarded globally too?
Setting off anyone who wants to derail topics into leave vs remain in the general sense.

It's one part of the on-going negotiation that I hope we manage to pull off.

anonymous-user

Original Poster:

56 months

Thursday 2nd July 2020
quotequote all
Having been reading a few bits and pieces about it, I am already being remarketed to by one of the would be successors! Omerta Digital which says it is based in Dundee... and makes "fully encrypted, anti surveillance, security hardened smartphones for privacy concerned individuals & businesses"




Ziplobb

1,372 posts

286 months

Thursday 2nd July 2020
quotequote all
Murph7355 said:
Set who off?

I voted Leave and think this would be eminently sensible too.

Isn't our intelligence and security service capability well regarded globally too?
agreed - lets make this thread about Brexit crowd are out today

its not like Great Britain security services never helped anyone or got help before 1973 is it ? If my history serves me correctly we were very active in europe between 1939 and 1945. I have read loads of stories about our security services being heavily involved with the US during the 'cold war' and i dont think the US a European country.

The only reason the sharing of information will stop is because people like Barnier et al will do it out of spite - never forget that the security of europe and the world will be potentially put at risk by unelected morons like him.

Gareth79

7,747 posts

248 months

Thursday 2nd July 2020
quotequote all
Mannginger said:
The article literally says they knew they'd been compromised:

Article said:
On 13 June EncroChat realised the platform had been penetrated and sent a message to its users urging them to throw away their handsets.
It could still have been somebody on the inside who enabled it - by the sounds of it the chat servers were compromised, and presumably they pushed a new version of the software which dumped the stored messages out somehow. An insider could have created a weakness to enable the hacking, or assisted in hiding it.

Given the extreme risks to that person it seems less likely than the security services simply hacking their own way in though.

anonymous-user

Original Poster:

56 months

Thursday 2nd July 2020
quotequote all
it also sounds as if KPN gave a bit of assistance

Mgd_uk

369 posts

106 months

Thursday 2nd July 2020
quotequote all
JPJPJP said:
it also sounds as if KPN gave a bit of assistance
I would have a guess at this too, maybe DNS redirection / re-routing traffic destined for one destination to another and MITM attack with some “fixed” SSL certs.

Electro1980

8,462 posts

141 months

Thursday 2nd July 2020
quotequote all
Earthdweller said:
I’m firmly in the camp of not telling the enemy everything

Some things are better left unsaid

There are mechanisms to protect the methods and the source available in the legal system

I wonder whether it’s another case if politics getting in the way of effective policing

Politicians wanting a “big” success to crow about
It seems this was all kept quite until it was all over. Now all of the users seem to have moved off, due to being aware, the NCA has shared some details. This is a really important part of police work. It reassures the public, and lets the criminals know they are not safe, both because the police now have a big list of users who they can look in to and also because they got in and disrupted the system for three months without being noticed. It will reduce criminals confidence that they are safe.

Far Cough

2,278 posts

170 months

Thursday 2nd July 2020
quotequote all
rxe said:
Problem is, just as in music piracy, every attack makes you stronger. The next system won't have "servers" to attack, will be far more distributed, and much easier to refute your involvement with.
It's difficult to refute it when you have one in your possession. They exist for one reason and one reason only despite the waffle on the sellers website. This will then put the owner under the microscope.

A bit like Laser jammers - Not illegal to own per se but everyone knows why you got it !!

Fundoreen

4,180 posts

85 months

Thursday 2nd July 2020
quotequote all
While I am always impressed to hear of big busts like this it seems so big that it could effect the UK economy due to a percentage loss of GDP.
I seem to remember they started to include criminal activity as part of GDP to make the numbers look better.
Good job though.

untakenname

4,982 posts

194 months

Thursday 2nd July 2020
quotequote all
I think for any smart criminal it would be best to assume that every method of communication is compromised so go back to old school methods of using dual meanings and code words.

The article mentions that 90% of the French users were criminals but that still leaves 10% which surely have had their data violated in contravention of GDPR?

Looks like they would have been better off just using a distribution non centralised app that has end to end encryption.

Condi

17,398 posts

173 months

Thursday 2nd July 2020
quotequote all
untakenname said:
The article mentions that 90% of the French users were criminals but that still leaves 10% which surely have had their data violated in contravention of GDPR?
GDPR still allows for law enforcement to use data legitimately.

hidetheelephants

25,329 posts

195 months

Thursday 2nd July 2020
quotequote all
JPJPJP said:
Having been reading a few bits and pieces about it, I am already being remarketed to by one of the would be successors! Omerta Digital which says it is based in Dundee... and makes "fully encrypted, anti surveillance, security hardened smartphones for privacy concerned individuals & businesses"
Do the handsets come with a free peh?

SteadyAsSheGoes

5,984 posts

215 months

Thursday 2nd July 2020
quotequote all
I was really pleased to read this in the news earlier. The police can get quite a bit of criticism at times but I'm chuffed to see them taking out organised crime in such a big way like this. It almost feels like all the income tax I pay is actually toward towards something worthwhile.

Fittster

20,120 posts

215 months

Thursday 2nd July 2020
quotequote all
Is it still possible to buy drugs?

numtumfutunch

4,762 posts

140 months

Thursday 2nd July 2020
quotequote all
Fittster said:
Is it still possible to buy drugs?
I have some Calpol if you're discrete about it

DeltonaS

3,707 posts

140 months

Thursday 2nd July 2020
quotequote all
JPJPJP said:
Vice has a couple of stories about it

https://www.vice.com/en_uk/article/3aza95/how-poli...
I already found it striking how many people were detained and drug labs were rolled up this past month her in the NL.

Now we know why.

andyb28

787 posts

120 months

Thursday 2nd July 2020
quotequote all
I am quite surprised that this business, which is they say "The National Crime Agency (NCA) told Sky News that the company itself has not been accused of criminal activity" therefore a legit business can just have its domain name hijacked and then deploy malware on a private network.

Does that mean they can do the same the next time they have an iPhone they want to get into? Sorry Apple, we are taking your domain name.

Don't get me wrong, it's great that a load of scumbags have been caught, but it just doesn't sit right how they went about it. Is that really legal?

Countdown

40,257 posts

198 months

Thursday 2nd July 2020
quotequote all
andyb28 said:
I am quite surprised that this business, which is they say "The National Crime Agency (NCA) told Sky News that the company itself has not been accused of criminal activity" therefore a legit business can just have its domain name hijacked and then deploy malware on a private network.

Does that mean they can do the same the next time they have an iPhone they want to get into? Sorry Apple, we are taking your domain name.

Don't get me wrong, it's great that a load of scumbags have been caught, but it just doesn't sit right how they went about it. Is that really legal?
Doesn't bother me smile


untakenname

4,982 posts

194 months

Thursday 2nd July 2020
quotequote all
Condi said:
untakenname said:
The article mentions that 90% of the French users were criminals but that still leaves 10% which surely have had their data violated in contravention of GDPR?
GDPR still allows for law enforcement to use data legitimately.
I'm not sure it does, using the similar reasoning then if people on the same ISP (say BT or Virgin for example) look at something dodgy does that give the crime agency the right to intercept and look through all the users of the ISP's data?