Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com


Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Posted: 11 Mar 2021 12:00 AM PST

Cybercrime , Encryption & Key Management , Endpoint Security

Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages
Police Target Criminal Users of Sky ECC Cryptophone Service
Source: Sky ECC website

Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations.

See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce

Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via various plans, with a six-month subscription running from $950 to $2,600.

Despite the service being encrypted, investigators in Belgium, France and the Netherlands say that since February, they have been monitoring 3 million messages exchanged daily by Sky ECC's 170,000 global users and disseminating intelligence to law enforcement agencies.

"This has resulted in the collection of crucial information on over 100 planned, large-scale criminal operations, preventing potential life-threatening situations and possible victims," according to the EU's law enforcement intelligence agency, Europol.

On Tuesday, police in Belgium and the Netherlands executed a number of arrest warrants and conducted house searches and seizures aimed at disrupting Sky ECC and its users. Officials say that more than 20% of Sky ECC's user base is located in Belgium and the Netherlands.

Belgian police say that this week, they arrested 48 suspects and searched more than 200 houses as part of their investigation.

Encrypted-Only Messages and Photos

Police say a number of international criminal syndicates used Sky's cryptophones to hide their activities.

Source: Sky ECC website

"On devices supplied by SKY ECC, all apps are blocked except those of SKY ECC itself," Belgian police say. "Through this app, only encrypted, written or recorded messages and photos can be sent and received, and only to and from another user of a SKY ECC phone."

Police say anyone able to physically access a Sky device cannot extract data from it - such as contacts, messages or phone history - and "it is not possible to do anything else with these devices, such as sending text messages or making phone calls." In addition, the devices are set to automatically "erase all data" stored on the device "after a certain period of non-use or in the event of seizure by the police."

Sky Says Network Remains Secure

Despite the police action, the Sky ECC website states that the "SKY ECC platform remains secure and no authorized SKY ECC device has been hacked."

Officials at Sky ECC also dispute the law enforcement allegations that it is the "platform of choice for criminals," saying it is designed for "legitimate personal and business affairs."

Source: Sky ECC website

"SKY ECC believes that the individual right to privacy is paramount for anyone acting within the law," Jean-François Eap, Sky ECC's CEO, says in a statement.

"The platform exists for the prevention of identity theft and hacking, the protection of personal privacy rights and the secure operation of legitimate personal and business affairs," Eap says. "With the global rise of corporate espionage, cybercrime and malicious data breaches, privacy and protection of information is the foundation of the effective functioning for many industries including legal, public health, vaccine supply chains, manufacturers, celebrities and many more."

Sky ECC's statement says the service "experienced temporary interruptions in connection with its servers" on Monday and Tuesday, but that "services are now back to normal." It adds that "SKY ECC has not been contacted by any investigative authority" and that "SKY ECC servers do not store any user data, messages or backups."

Follows EncroChat Disruption

News of the Sky ECC disruption follows European police in June 2020 disrupting another cryptophone provider, EncroChat, after gaining access to its encrypted cellular network and monitoring messages. EncroChat sold smartphones for about $1,000, with a six-month service plan running $1,700.

Police say EncroChat's administrators shut down the service after discovering that it had been penetrated by police (see: European Police Hack Encrypted Communication System).

Intelligence gleaned from that operation led to numerous arrests, including 100 arrests in the Netherlands, as well as the seizure of illegal narcotics and firearms and destruction of 19 drug labs. Police in Britain also reported making 746 arrests and seizing a large amount of cash, plus dozens of firearms and over 2 tons of illegal narcotics. Arrests were also carried out in France, Sweden and Norway.

Police say that after EncroChat was disrupted, many customers switched to Sky ECC. "Investigations into the tool started in Belgium, after mobile phones seized during searches showed the use of Sky ECC by suspects," Europol says.

Belgian police say they first began probing Sky ECC's cryptophone service at the end of 2018. In mid-February, investigators say, they became able to "unlock" the encryption Sky ECC used.

Investigators say they have amassed a wealth of data to analyze. "By successfully unlocking the encryption of Sky ECC, the information acquired will provide insights into criminal activities in various EU member states and beyond and will assist in expanding investigations and solving serious and cross-border organized crime for the coming months, possibly years," Europol says.

Sky ECC Cites 'Fake Phishing Application'

Officials have not described how they were able to access Sky ECC users' data.

But Vice reports that Sky ECC's administrators believe that law enforcement officials created a fake version of the company's app, loaded it onto phones and then sold these phones via "unauthorized channels" to individuals seeking to gain access to the service.

Sky ECC says in its statement: "Authorized distributors in Belgium and the Netherlands brought to our attention that a fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices, and security features of authorized SKY ECC phones were eliminated in these bogus devices which were then sold through unauthorized channels."

Criminals Continue to Use Encryption

The Sky ECC disruption is a reminder that the criminal use of encrypted communications continues. But despite efforts to curtail such activity via government policies or fresh laws, some security experts say it's not clear such approaches would ever prevent criminals from finding a way to employ encryption.

"Encryption is a very difficult and sensitive topic because, I mean, from our perspective, it is very clear we need strong encryption," Philipp Amann, head of strategy at Europol, told Information Security Media Group in an October 2020 interview. "We don't want to have any backdoors - it's a building block of our internet. But then how do we deal with the criminal abuse of encryption? So that's a very difficult space, especially for law enforcement."

Sky ECC and EncroChat are not the only encrypted communications services to have been targeted by police. In 2018, Dutch police dismantled encrypted messaging handset provider BlackBox, while the FBI disrupted the secure smartphone service called Phantom Secure.

As those takedowns and the police operation targeting Sky ECC demonstrate, law enforcement agencies can disrupt communications networks used by criminals - even when they're encrypted.

"Note, no encryption backdoors were needed in this case," security expert Brian Honan says of the Sky ECC police operation.

Nevertheless, some Western government officials continue to demand that the use of strong encryption by communications networks be banned and only weak encryption - containing a backdoor for police access with a court order - be allowed.

Many security experts, however, continue to emphasize that backdoors can be abused by anyone, including crime gangs and unfriendly nation-states. They stress that strong encryption remains essential for safeguarding not just government operations, but also businesses and individuals.

Encrypted Chat Took Over. Let’s Encrypt Calls, Too - WIRED

Posted: 21 Apr 2017 12:00 AM PDT

The Guardian Project's OSTN experiment attempted to create exactly that sort of comprehensive, open communication suite. It focuses on using existing open, interoperable communication standards, employing classic protocols like ZRTP, which was developed in the mid 2000s by PGP creator Phil Zimmerman, and SRTP, which was developed in the early 2000s at Cisco. It also coordinates and controls its voice calls using the Session Initiation Protocol, developed by the telecom industry in the mid 1990s.

That retro backbone didn't come by choice; there simply aren't a lot of more modern open protocol options available. Most big VoIP plus encryption advances have come from private companies like Skype (now owned by Microsoft), Google, and Apple, who offer varying degrees of encryption protection for calls and tend to value locked-in users over interoperability. That left OSTN with old tools.

"While they're very powerful, these are things that are 10, 20, 30 years old in terms of the architecture and the thinking," Freitas says. "They're definitely showing their age."

And while a few smaller services, like PrivateWave and Jitsi, have adopted OSTN, the decision by larger companies to go it alone has limited its open-protocol dreams. That's especially a shame for people who need absolute guarantees of security.

Rolling Your Own

With proprietary apps, it can be hard for a user to tell if end-to-end encryption is enabled on both ends. Or, in the case of apps whose encryption protocols have not been fully vetted, whether it works as advertised to begin with.

"For mainstream services, crypto is a nice add-on to give users the idea that they can feel more secure, but that's completely different than when your [customers] are people who are under threat," says Bjoern Rupp, the CEO of the boutique German secure communication firm CryptoPhone. "If you have to fear for your life, not all secure communication systems are designed for that."

Encryption die-hards can host their own system using open standards like OSTN, similar to how you might host your own email server. Though it takes some technical knowhow, it's an option that gives users real control and that isn't possible with closed systems. Another option is to use a security first service like CryptoPhone that offers an integrated, one-stop solution.

CryptoPhones can only call other CryptoPhones, but the company made that choice so it could control the security and experience of both hardware and software. To reconcile this closed system with transparency, the company is open source and invites independent review. It also has over a decade of experience. "CryptoPhone has been making high-end commercial products for secure voice calling for a long time," the Guardian Project's Freitas says. "They had these crypto flip phones, which were awesome."

Central Processing

None of which leaves the average consumer with widespread encrypted calling that works across multiple services. There may be some help on the way, though, in the form of a new, open, decentralized communication standard called Matrix that includes end to end encryption for chat, VoIP calling, and more. Matrix could be a clean, easy to implement standard underlying other software. For instance, if Slack and Google Hangouts both used the Matrix standard, you would be able to Slack someone from Hangouts and vice versa, similar to how you can send emails to anyone using their email address, regardless of what provider they use.

"The net owes its existence to open interoperability," says Matthew Hodgson, technical lead of Matrix. "Then people build silos to capture value, which is fair enough, but you get to a saturation point where the silos start really stifling innovation and progress through monopolism."

The catch, of course, is getting buy-in from companies that have little incentive, or getting new services built on a standard like Matrix to take off. Walled gardens tend to produce more profit than open ones.

Still, having these new options is an important first step. And combined with the broader proliferation of encrypted voice-calling apps, change finally seems to be coming from a lot of directions at once. "I think there's a longer-term project going on called the internet," Freitas says. "Some of us still believe in it."

This story has been updated to reflect that Wire introduced encrypted calling in 2014, not 2016 as previously stated.

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

VPN browser extensions: Why you shouldn't use then - Tech Advisor