Europol launched “major interventions” against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70,000 users of the Sky ECC service since mid-February.
Sky ECC, which focuses on selling mobile phones with specialized, private communications, denies that the messages on its platform were decrypted. However, sweeping arrests across Belgium, France and the Netherlands reported by Europol, in coordination with those countries’ law-enforcement authorities, seem to indicate otherwise. And Europol said it’s not done with the collected data, which it hopes will lead to additional actions and prosecutions.
Europol said Sky ECC has about 170,000 users who send around 3 million messages every day, adding that 20 percent of those users are in Belgium and the Netherlands.
“By successfully unlocking the encryption of Sky ECC, the information acquired will provide insights into criminal activities in various E.U. Member States and beyond, and will assist in expanding investigations and solving serious and cross-border organized crime for the coming months, possibly years,” Europol said in its announcement.
This latest operation follows the EncroChat bust from last July, when the U.K.’s National Crime Agency seized the service’s servers and broke up organized-crime activities being conducted across encrypted messages — including money laundering, where to hide drugs and even murder. More than 700 arrests were made in that bust, and the remaining customers moved over to Sky ECC, Europol said.
This month’s crackdown began in Belgium, Europol explained, when police seized devices from suspects who were found to be using Sky ECC to organize and communicate.
In Belgium alone, the operations involved more than 1,600 Belgian police officers, some escorted by special forces, and raids on 200 individual residences.
Dutch police reported that they conducted 75 home raids, arrested 30 suspects and seized millions in cash, eight cars, weapons, cash machines and police uniforms.
A statement from Dutch law enforcement from March 9 said the operation it called “Argus” included the seizure of Sky ECC servers.
Sky ECC Denies Messages Were Decrypted
Sky ECC refutes that messages were breached, posting a notice on its homepage saying, “Dutch police confirms that they are investigating a fake Sky ECC phone,” the company said. “This phone was developed by someone who has been passing themselves off as an official reseller for some years.”
What Sky ECC said is an imposter phone.
The reseller is called SKYECC.EU, and Sky ECC provided photos of the phone seized by Dutch authorities, for comparison to an authentic Sky ECC phone.
“This ‘E.U.’ phone is not one of ours and is not sold by us,” says Jean-François Eap, CEO of Sky ECC. “We know that someone has been passing themselves off as an official reseller of Sky ECC for some time, and we have been trying to shut it down through legal channels for almost two years.”
Europol and Sky ECC have not responded to Threatpost’s requests for additional comment.
A real Sky ECC device.
Sky ECC advertises that it is so confident in its security that it offers a $5 million prize for anyone who can break in. It also denied that any of the law enforcement agencies behind this recent roundup have asked for the payout.
“The Belgian police’s claim that they sent bank-accounts details to Sky ECC to claim our ‘5 Million Dollar Hack’ prize is entirely false,” Eap added.
“Sky ECC has not been contacted by any authorities in connection with any investigations currently being reported,” Eap said. “The confusing references to Sky ECC instead of SKYECC.EU are very damaging. If authorities have based any assessment of Sky ECC on account of SKYECC.EU, they are severely mistaken about the nature of Sky ECC and its operations.”
Eap added the company is actively working on the problem.
“We are gathering as much information as quickly as we can in order to provide accurate information to the public, the media, and the authorities alike,” he explained. “We hope that by remaining clear and transparent, we provide a foil to the sensationalist reporting and claims made over the past 2 days.”
Are Private Communications Extinct?
Until more evidence surfaces, Brandon Hoffman, CISO at Netenrich, told Threatpost there’s no way to really know what happened beyond the facts that arrests were made and that Sky ECC is still operational.
“On one hand, it’s hard to believe an organization like Europol would make a false claim or an overblown claim, yet that could be tactic used by them to push criminals into a less secure platform or one they have more hooks into,” Hoffman said. “On the other hand, the operators of Sky ECC would be facing the collapse of their entire business model if they had this issue, and it stands to reason they have done everything in their power to ensure the messaging remains secure.”
The question is, how many Sky ECC customers are willing to gamble on whether Europol is bluffing? Or, will many just move on to another encrypted messaging service, similarly to when they migrated from EncroChat last summer?
Tim Wade, who works at Vectra hunting cyberattackers, told Threatpost that law enforcement’s seizure or intercepting of private communications, for any purpose, should be viewed as a dangerous infringement on basic rights.
“Private communication are essential for free and fair societies,” Wade said. “Sidestepping the validity of the claims about compromising Sky ECC, it’s critical that we recognize that criminals misusing encryption is a price worth paying to promote individual privacy, and enjoy the benefits that such privacy provides to our culture.”
Check out our free upcoming live webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community:
- March 24: Economics of 0-Day Disclosures: The Good, Bad and Ugly (Learn more and register!)
- April 21: Underground Markets: A Tour of the Dark Economy (Learn more and register!)
