European law enforcement agency Europol recently announced its role in an international effort to take down Ghost, an encrypted messaging platform used by dangerous criminal networks “to facilitate serious and organised crime”. According to the agency’s press release on Wednesday (September 18), “Ghost was used as a tool to carry out a wide range of criminal activities, including large-scale drug trafficking, money laundering, instances of extreme violence and other forms of serious and organised crime.” The legal efforts were the culmination of a two-year plan that involved nine countries. Ghost’s servers were located in France and Iceland, its owners in Australia, and their financial assets in the US. According to the press release, 51 suspects have been arrested so far. There has also been a large-scale seizure of weapons and drugs, as well as over €1 million (roughly $1 million) in cash. Ghost was favoured for its security features, user anonymity, and self-destruction of messages using a specific code. But this was not the first time multiple law enforcement agencies collaborated to take down a platform linked to international crime. Here is a look at three other major instances. 1. Taking down Encrochat On July 2, 2020, Europol announced that it had teamed up with French and Dutch law enforcement to take down Encrochat, an encrypted service favoured by large-scale organised crime networks. Encrochat provided modified smartphones that enabled encrypted communication among its subscribers. In 2020, Vice called Encrochat the “WhatsApp for gangsters”. What began as a routine investigation in 2017 by the French Gendarmerie (a branch of the French armed forces operating under the Interior Ministry) snowballed into a bigger inquiry. The French authorities began regularly finding criminals with Encrochat phones, and found that the company’s servers were located in France. With EU funding the endeavour in 2019, the investigation (dubbed “Project EMMA”) obtained information on the functioning of the encryption. This led to the Gendarmerie planting malware that allowed law enforcement to read messages on the phones before they were sent, and record screen passwords. According to Vice, “The malware was designed to conceal itself from detection, disable the phone’s factory reset, record the screen lock password, and clone application data.” An Encrochat communication in June 2020 estimated that at least 50 per cent of the company’s phones had been hacked. The operation was a major success. In a press release dated June 27, 2023, Europol announced that over 6,500 suspects had been arrested and sentenced to up to 7,134 years. Cash worth around €740 million was seized. 2. ANOM, the FBI’s Trojan Horse The closure of a Canadian encrypted messaging company in 2018 created a vacuum in the market for international criminal organisations. This is where ANOM came in. ANOM devices resembled jail-broken Android smartphones, stripped of their basic call, messaging and GPS functionalities. Instead, they contained a “secure” encrypted messaging service hidden behind the Calculator app. The phones could only communicate with other ANOM phones on a closed network. The catch? The devices were designed and released by the FBI into the market, in what was called “Operation Trojan Shield”. The Australian Federal Police, Europol, Swedish law enforcement, Netherlands and New Zealand police also collaborated in this effort. Designed by an arrestee-turned-informant in an FBI investigation, these devices allowed law enforcement agencies to track all communication. While users believed their messages were being deleted, a copy of sent messages was stored in a server in a third country and made available to the FBI periodically. Through word-of-mouth and a controlled release, the use of the ANOM phones gained traction in mid-2019, initially in Australia and then worldwide. This worked with considerable success. ANOM users openly shared details of clandestine transactions such as details of narcotics shipments, and ways to evade law enforcement. On June 8, 2021, the US Department of Justice announced that the operation had resulted in 800 arrests and massive drug seizures, as well as firearms, and currencies valued at over $48 million. Over 50 secret drug labs were busted. 3. Phishing out Sky ECC users Sky ECC was the encrypted communications network run by Sky Global, a former networking provider based in Canada. The effort to take down Sky ECC was smaller in comparison, and involved Belgian, French and Dutch law enforcement. In an effort similar to ANOM, investigators released, marketed and sold devices resembling the Sky ECC phones but loaded with phishing software that allowed them to read the users’ communications in real-time. On March 9, 2021, coordinated police raids were undertaken in Belgium and the Netherlands, after they tracked communications among 70,000 Sky ECC users. Many Encrochat users had switched over to Sky ECC following the shutdown of Encrochat. According to The Brussels Times, over 1,000 convictions were reported in this case by December 2023, while nearly €183 million was seized as of March 9, 2024.
