EncroChat, an encrypted phone network hacked by police in 2020, was found to be a meeting place for criminals who traded weapons, drugs and openly discussed murders or kidnappings in messages. However, this led not only to a number of arrests, but also to lawsuits from the criminals themselves – they considered such evil illegal.
Malware that law enforcement secretly installed on an encrypted system, exposed more than 100 million messages that showed the inner workings of the criminal world.
In October 2020, German lawyer Christian Ledden spoke to potential clients about just one thing: his clients, who were facing criminal charges, claimed to have used EncroChat and were concerned that their devices had been hacked and could potentially reveal evidence of crimes.
Course
EXCEL FOR BUSINESS
Master Excel in just 1.5 months and increase the efficiency of business processes in your company.
REGISTER!
“I had 20 such meetings,” Ledden says. “Then I understood – a natural disaster is approaching.”
The suspects were searched, and thousands of kilograms of drugs were seized. Many EncroChat users across Europe, including the UK, Germany, France and the Netherlands, are already in prison, with some cases still pending.
However, some are questioning the police hacking operation. Lawyers argue that the hacked messages should not be used as evidence in court, saying rules on data sharing were broken and the suspects did not receive fair trials.
At the end of 2022, one such case in Germany was referred to the highest court of Europe, and if it is considered in favor of the suspects, it could potentially “blow up” hundreds of other similar cases. Experts say this has a negative impact on trust in end-to-end encryption around the world.
“Even bad people have rights. We do not protect criminals. We protect the rights of the accused,” says Ledden.
EncroChat hack
EncroChat was founded in 2016 and had about 60,000 registered users at the time of the hack in 2020.
Users paid thousands of dollars to use a specially configured Android phone that, according to the EncroChat company’s website, could guarantee anonymity. Among the phone’s “secure features” are encrypted chats, notes and calls using a version of the Signal protocol, as well as the ability to “alarm delete” everything on the phone and real-time customer support.
The police likely did not crack the network’s encryption, but instead compromised EncroChat’s servers in Roubaix, France, and finally downloaded malware onto the device. While little is known about how the hack occurred or what type of malware was used, according to court documents, 32,477 of 66,134 EncroChat users in 122 countries affected.
In many European countries, courts have ruled that EncroChat messages can be used as evidence. However, these decisions are now being denied. Each country is known to have its own legal system with separate rules regarding the types of evidence that can be used and the processes that prosecutors must follow. For example, in Great Britain it is generally forbidden to use “intercepted” evidence in court.
Appeals in higher courts
In October, the Berlin Regional Court referred the EncroChat case to the Court of Justice of the European Union (CJEU), one of the continent’s highest courts. The authority must make a 14-point decision on how the data was transferred by Europe and how it was used in criminal cases.
Ledden, who is not involved in the case that went to the CJEU but is coordinating with a dozen other lawyers, says judges have offered people bargains and reduced sentences for guilty pleas in some of the early cases.
The lawyer used several lines of defense: often raising the question of what legal basis was used to justify the collection of data from people’s devices and examining the data itself.
You don’t know how the French got the data. The only thing that is clear is that these are not complete data, because there are gaps and the information is not fully deciphered,” says the lawyer.
The date when the case will be considered by the EU Court has not yet been determined. In another high-profile lawsuit, two British EncroChat users appealed to the European Court of Human Rights. Also in October, the French Court of Cassation questioned EncroChat’s previous court decisions and said they should be reviewed.
What EncroChat users were doing
The data obtained after hacking became a real treasure for law enforcement officers. Organized crime arrests in Germany rise by 17% and UK arrests at least 2,800. Among them: two men who planned to carry out a shooting for the purpose of revenge (sentenced to 18 years each); a drug dealer who sold 8 kilograms of cocaine and heroin (imprisoned for 14 years); six more people were arrested for smuggling ecstasy and sentenced to 140 years.
In the Netherlands, six people were arrested after police discovered seven shipping containers converted into “torture chambers” – they did not have time to use them thanks to the fact that the criminals’ phones were hacked.
Last June, police in the Dominican Republic reportedly arrested the alleged masterminds of the EncroChat network.
France’s National Gendarmerie military police, Britain’s National Crime Agency and Germany’s federal investigative police agency declined to comment on the court cases. Jan Op Gen Oort, a representative of Europol, says that the investigation was carried out as part of the work of the joint investigative team:
“The data in the case was collected on the basis of the provisions of French law and with a judicial authorization through the framework of international judicial and law enforcement cooperation.”
Encryption hunters
EncroChat is not the only encrypted phone network hacked by the police. Law enforcement conducted operations against Ennetcom, Sky ECC, and Anom (the FBI secretly took control of the latter and operated the network), underscoring the strong focus on encryption.
For years, police have complained that encryption makes it difficult to access data, and laws in Europe and the US are being proposed to weaken it. Hacking phone networks that are believed to be encrypted and highly secure (some may be legitimate and others more shady) also raises questions about law enforcement tactics and transparency.
“We see that law enforcement is effectively normalizing a practice that sets a dangerous precedent in terms of surveillance,” said Laure Bodrigae-Gerard, legal director of European criminal justice nonprofit Fair Trials.
One court in Finland has already ruled that data collected by the FBI from Anom cannot be used – the gravity of the alleged crimes did not justify the way the data was accessed, local reports said. Meanwhile, Italy’s Supreme Court said the methods used to access Sky ECC messages must be disclosed.
More than 100 Dutch lawyers have warned that the police are walking a “slippery slope” by using hacking attacks and hiding their methods. In an open letter, human rights activists noted that Signal or WhatsApp could become targets in the future:
“These services are already under suspicion based only on using strong encryption and protecting their own privacy.”
Source: Wired, BBC