CYFOR Blog

EncroChat was infiltrated by police forces across Europe, disrupting the global encrypted phone network used extensively by criminals since 2016.

As stated by Europol, the company provided an encrypted phone network widely used by the criminal fraternity via servers in France. After years of unsuccessful attempts, police forces finally exploited the network and were able to collect hundreds of millions of encrypted messages sent through the system.

What is EncroChat?

EncroChat was one of the world’s largest encrypted communications services and estimated to have 60,000 users across Europe, including 10,000 users in the UK. It is not entirely certain who operated the company, although its servers were located in France.

Encrochat provided a secure communications network where messages could not be easily intercepted. Users were given a specially modified mobile device called an EncroPhone, which could not be used to make voice phone calls. Instead, it came pre-loaded with private messaging apps which could send text and picture messages to other Encrochat users.

Hosted on Encrochat’s own servers, the devices contained other security mechanisms, such as a burn facility, which allowed phone data to be erased remotely. Phone data would also be wiped unless a 15-digit passcode was entered correctly. The handsets operated via Wi-Fi signal, rather than mobile phone networks. Features such as the camera, microphone and GPS were disabled for added security.

These security measures made EncroPhones popular amongst celebrities, high net-worth individuals and organised crime gangs, all of whom valued the secrecy and anonymity the platform provided.

Why did criminals use EncroChat?

The system was well organised and gained many trusting users over the years. Criminals felt secure enough to chat freely about everything: names of customers, drug deliveries, and even assassinations. And their trust was understandable, given what EncroChat had to offer:

• Phones were dual boot, so users could alternatively start the Android operating system and their phones would look like a normal, old-fashioned model.
• The phones had a “wipe all” button that would delete all the stored conversations in case of an arrest or other emergency.
• No messages were stored on servers so they could not be seized and decrypted later.
• OTR, unlike PGP, cannot be fully reconstructed even if you have both encryption keys.

EncroChat users paid thousands of dollars per year, per device to use this service. The hefty fees may explain why the majority of the EncroChat clientele could be found on the wrong side of the law. After law enforcement agencies had taken down or compromised other providers, many European criminals flocked to EncroChat. An estimate by the French police indicated that 90 per cent of users were engaged in criminal activity. However, of the 60,000 end users, only 800 were arrested.

The EncroChat Infiltration

In early June 2020, Encrochat users received a text message saying that their data was no longer secure. Users were advised to dispose of their EncroPhone immediately. The statement said their servers had been seized by ‘government entities’. Encrochat then took the decision to cease operations permanently.

The encrypted messaging system first came to the attention of the French Gendarmerie in 2017, after it was repeatedly linked to criminal activity.

They eventually discovered that EncroChat was operating from servers based in France and were eventually able “to put a technical device in place” which allowed them to access the encrypted messages sent over the company’s network. Although it is not clear what this device was, it suggests the investigators were able to deploy some form of technical implant on the network rather than break the encryption protecting the messages in transit.

This information divulged from this process was shared with law enforcement agencies across Europe, including the UK’s National Crime Agency (NCA). Codenamed Operation Venetic, authorities were ‘listening in’ on conversations between Encrochat users for months before the security breach was identified.

EncroChat Digital Forensics

As specialists in digital forensics and with expertise in criminal defence investigations, CYFOR are well placed to comment on the validity of EncroChat evidence that is being presented in courts across the country. Our experienced case managers provide dedicated account management to each individual case and are acutely aware of the sensitivity and time-critical nature of instructions. Contact our team for more information on our EncroChat forensic services and digital forensic capabilities.