When the French gendarmerie, Dutch police, and the UK’s National Crime Agency (NCA) infiltrated the EncroChat encrypted phone network last summer, organized crime groups worldwide opted to switch to a new phone supplier. That supplier was Sky ECC, now the largest supplier of crypto communications worldwide, with 70,000 customers.
Sky ECC bills itself as the “most secure messaging platform you can buy” and is so confident of the impregnability of its systems that it offers a handsome reward for anyone who can break the encryption of one of its phones.
But in a re-run of last year’s French and Dutch operation against the EncroChat encrypted phone network, Belgian and Dutch police were able to infiltrate the platform and harvest hundreds of thousands of supposedly unbreakable messages.
They have shared the intercepted material with a “large number” of overseas investigations services after reading encrypted traffic “live”. The NCA, which played a crucial role in disrupting EncroChat working with the Dutch police and the French gendarmerie, has yet to comment on whether it has benefited from intelligence from the Sky operation.
Sky ECC said in a statement last night that allegations that the Belgian and Dutch authorities had cracked the company’s communications software were “false” and that its service had been restored after an outage.
The company said its distributors had alerted it that a fake phishing application, branded Sky Ecc, had been loaded into insecure phones and sold through unauthorized channels.
“Sky ECC did not authorize or cooperate with the investigative authorities or those involved with the distribution of the fake phishing application,” said the company.
News of the attack broke yesterday, causing panic for encrypted phone users worldwide as Dutch police took down and seized a Sky ECC server.
More than 1,600 Belgian police officers, in some cases accompanied by Belgian special forces, took part in simultaneous raids between 5am and 11am yesterday on 200 homes, arresting 48 suspects.
Those detained included three lawyers in Antwerp who were using Sky ECC cryptophones, according to Dutch broadcaster HLN.
Dutch police raided 75 homes and arrested more than 30 people, recovering at least 28 firearms from raids on suspected drug dealers in Rotterdam.
The haul included €1.2m in cash, along with diamonds and jewelry, eight luxury vehicles, 14 weapons, three cash machines, and police uniforms.
Belgian prosecutors initially refused to confirm or deny that Sky ECC had been breached but confirmed at a press conference last night that police had broken the network’s decryption.
Sky ECC resellers told customers that the network had not been compromised, claiming that people had distributed a fake version of the Sky software on unauthorized phones – putting some users at risk.
“Not many people believe this message as it seems rather convenient as an excuse,” one source told Computer Weekly. “It’s looking too late for their company as lots of these phones will have gone down the drain first thing this morning.”
Planning started over two years ago.
Eric Van Duyse, the spokesman for the Belgian Federal Prosecutor’s Office, described the operation – overseen by an investigating judge in the city of Menchlen – as the most extensive police investigation ever undertaken in the country.
Belgian police said they took action after cryptophones were being used in increasing numbers by criminal groups.
Some 185 encrypted phones have been recovered in police operations across the country, many of which were fitted with Sky ECC encryption software.
Last year, the operation against Sky ECC was given the go-ahead by Belgian prosecutors after two and a half years of planning.
The attack mirrored the French and Dutch infiltration of EncroChat last year by conducting a two-stage attack on the network.
In the first phase, police intercepted and stored encrypted communications from the Sky ECC network while experts worked out how to decrypt them.
In the second phase, which lasted three weeks, police could read “live” data sent across the Sky ECC network.
Decrypting the messages required international cooperation through research and collaboration between encryption experts, Belgian federal prosecutor Frédéric Van Leeuw said last night.
With over three million messages sent every day worldwide across Sky ECC, investigators said they had to prioritize.“The highest priority was messages that showed possible danger to life,” said Van Leeuw.