https://www.dailymail.co.uk/news/article-11810243/Man-50-sold-guns-gangsters-Britain-using-EncroChat-jailed-19-years.html

A man who supplied weapons to criminal gangs across the UK has been
jailed for more than 19 years.

Michael Derrane, 50, from Morpeth in Northumberland, transferred
firearms and multiple kilos of class A and B drugs to crime groups for
a profit, according to the National Crime Agency (NCA).

The NCA said Derrane used the encrypted messaging system EncroChat to
orchestrate the illegal trades in Newcastle, Manchester, Leeds, the
Midlands and London.

As part of Operation Venetic, the UK law enforcement crackdown on
EncroChat users, Derrane was arrested
=======
From Wikipedia - https://en.wikipedia.org/wiki/EncroChat

"EncroChat handsets emerged in 2016 as a replacement for a previously
disabled end-to-end encrypted service.[6] The company had revealed on
31 December 2015 the Version 115 of EncroChat OS, which appears to be
the first public release of their operating system.[7] The earliest
version of the company's website archived by the Wayback Machine dates
to 23 September 2015.[8]

According to a May 2019 report by the Gloucester Citizen, EncroChat
was originally developed for "celebrities who feared their phone
conversations were being hacked".[9] In the 2015 murder of English
mobster Paul Massey, the killers used a similar service providing
encrypted BlackBerry phones based on PGP. After the Dutch and Canadian
police compromised their server in 2016, EncroChat turned into a
popular alternative among criminals for its security-oriented services
in 2017–2018."

On 3/1/23 8:40 PM, mike@notyahooie.com wrote:
> The NCA said Derrane used the encrypted messaging system EncroChat
> to orchestrate the illegal trades in Newcastle, Manchester, Leeds,
> the Midlands and London.

I've not yet read the article, but arresting someone that uses
encryption does not mean that the encryption was broken.

People are arrested everyday that use HTTPS, thus encryption, yet
contemporary TLSv1.3 hasn't been broken.

--
Grant. . . .
unix || die

On Wed, 1 Mar 2023 21:10:37 -0700, Grant Taylor <gtaylor@tnetconsulting.net>
said in Message-ID: <ttp7k2$ff2$1@tncsrv09.home.tnetconsulting.net>:

> On 3/1/23 8:40 PM, mike@notyahooie.com wrote:
> > The NCA said Derrane used the encrypted messaging system EncroChat
> > to orchestrate the illegal trades in Newcastle, Manchester, Leeds,
> > the Midlands and London.
>
> I've not yet read the article, but arresting someone that uses
> encryption does not mean that the encryption was broken.
>
> People are arrested everyday that use HTTPS, thus encryption, yet
> contemporary TLSv1.3 hasn't been broken.

Gentlemen, this is fairly old news. The EncroChat servers were breached by the
French authorities as early as 2019, using a technique similar to that used to
gain access to the BlackBerry network a couple of years earlier.

EncroChat

Enter EncroChat, a European communication network and service provider.
EncroChat offered its users the ability to send encrypted messages, make
encrypted call (EncroTalk) and write encrypted notes (EncroNotes). This is
achieved through specially modified Android phones running the Encro
software which not only provided high levels of encryption on the device,
but also routed all data through a central server located in France which
provided end-to-end encryption of calls and messages. In addition an
EncroChat phone includes a panic button on the phone which when pressed
causes the contents of the phone to be immediately wiped, and a user can
also send a "kill pill" to self-destruct the contents of the phone.

EncroChat made it relatively straightforward to acquire a "Military Grade"
encrypted phone (or so they were marketed). While initially developed and
marketed to celebrities wanting a higher level of privacy, the service was
quickly adopted by the criminal fraternity and by 2017, EncroChat phones
were widely regarded by law enforcement as the device of choice for OCGs.
OCGs using the EncroChat service were able to make encrypted phone calls,
send encrypted messages that disappeared from both sender and recipient
within a set amount of time, and completely wipe a phone by the very action
of the police entering a PIN number provided to them by the user. Using the
EncroChat service OCGs were able to operate with complete privacy, and the
police found their attempts to investigate criminal activity frustrated at
every turn.

ENCROCHAT BREACHED

And then law enforcement agencies cracked EncroChat wide open.

In 2019, a joint operation between UK, French and Dutch police broke into
EncroChat’s service, putting a piece of malware on to the French server and
potentially the carbon units themselves, allowing them to interrupt the
panic wipe feature, access messages sent between users and record lock
screen PINs. By April 2020 European agencies, including the NCA in the UK,
had access to millions of text and hundreds of thousands of images. Under
the codenames Operation Venetic (NCA) and Eternal (Metropolitan police)
agencies began to analyse the huge amount of data that had been gathered
and began to make hundreds of arrests, seizing millions of pounds of drugs,
cash and weapons in the process.

THERE WILL BE MORE TO COME

Dame Cressida Dick, the Metropolitan Police Commissioner, said: "this is
just the beginning. We will be disrupting organised criminal networks as a
result of these operations for weeks and months and possibly years to
come."

Nikki Holland, director of investigations at the NCA, said: "this is the
broadest and deepest ever UK operation into serious organised crime." There
is every reason to believe that the number of arrests arising out of the
hack of EncroChat will rise as the police work their way through the
evidence that they have obtained.

Whilst the current target is serious organised crime, it is thought that
the NCA is sharing its intel with various other government agencies, such
as HMRC, and so we would expect the scope of the investigations spawned by
the EncroChat hack to widen over the coming months and years.

ENCROCHAT SHUTS DOWN

In June 2020 EncroChat, realising that it had been compromised, sent a
message to its users advising that they dispose of their devices
immediately. The service has since been permanently shut down. However, the
European agencies had had access to the service for months, and the damage
had already been done. It is now just a matter of time as these agencies
sift through the enormous amount of data at their fingertips.

https://www.reeds.co.uk/insight/encrochat-hack/

On 3/2/23 1:24 PM, The Stuff of Legend wrote:
> Gentlemen, this is fairly old news. The EncroChat servers were breached
> by the French authorities as early as 2019, using a technique similar
> to that used to gain access to the BlackBerry network a couple of
> years earlier.

Nothing about what you shared indicated that authorities /broke/ or
/cracked/ the encryption used.

Getting inside the network another way is completely independent of the
encryption used.

xkcd 538 -- Security -- comes to mind
- https://xkcd.com/538/

--
Grant. . . .
unix || die

On 02 Mar 2023, Grant Taylor <gtaylor@tnetconsulting.net> posted some
news:ttr4m9$oro$1@tncsrv09.home.tnetconsulting.net:

> On 3/2/23 1:24 PM, The Stuff of Legend wrote:
>> Gentlemen, this is fairly old news. The EncroChat servers were breached
>> by the French authorities as early as 2019, using a technique similar
>> to that used to gain access to the BlackBerry network a couple of
>> years earlier.
>
> Nothing about what you shared indicated that authorities /broke/ or
> /cracked/ the encryption used.
>
> Getting inside the network another way is completely independent of the
> encryption used.
>
> xkcd 538 -- Security -- comes to mind
> - https://xkcd.com/538/

All it takes is a tech inside a DC cage with a USB drive. Plug it in, the
OS does the rest when it reads the drive file system. Takes less than a
minute to compromise a system. Pull the drive on the way out and nobody
is the wiser.

A COLO looks impressive on the outside and even more internally. But
techs are badged to work in them to save time getting in and out. There
are blind spots and it is not uncommon for equipment grid / cage locations
to be misidentified on access requests.

Familiarity breeds contempt and opens doors.

Wikipedia:

"Intelligence and technical collaboration between the NCA, the National Gendarmerie and Dutch police culminated in gaining access to messages after the National Gendarmerie put a "technical tool" on EncroChat's servers in France."

Looks like attackers had physical access to servers, and encryption was not point-to-point. Either that, or Encrochat was a trap from the very beginning.

On 02 Mar 2023, rat <rat@dc.nest> posted some
news:5d96169f39a348427c931bbab9c44401@dizum.com:

> On 02 Mar 2023, Grant Taylor <gtaylor@tnetconsulting.net> posted some
> news:ttr4m9$oro$1@tncsrv09.home.tnetconsulting.net:
>
>> On 3/2/23 1:24 PM, The Stuff of Legend wrote:
>>> Gentlemen, this is fairly old news. The EncroChat servers were
>>> breached by the French authorities as early as 2019, using a
>>> technique similar to that used to gain access to the BlackBerry
>>> network a couple of years earlier.
>>
>> Nothing about what you shared indicated that authorities /broke/ or
>> /cracked/ the encryption used.
>>
>> Getting inside the network another way is completely independent of
>> the encryption used.
>>
>> xkcd 538 -- Security -- comes to mind
>> - https://xkcd.com/538/
>
> All it takes is a tech inside a DC cage with a USB drive. Plug it in,
> the OS does the rest when it reads the drive file system. Takes less
> than a minute to compromise a system. Pull the drive on the way out
> and nobody is the wiser.
>
> A COLO looks impressive on the outside and even more internally. But
> techs are badged to work in them to save time getting in and out.
> There are blind spots and it is not uncommon for equipment grid / cage
> locations to be misidentified on access requests.
>
> Familiarity breeds contempt and opens doors.

There are cameras above some cages but many of those team members
monitoring activity have no direct view of a tech working inside a
cabinet or rack.

They can see when a server is pulled out in front for example because that
is where the cameras are aimed, but any access of port or USB connections
on the back of the server are not visible.

On 3/2/23 4:22 PM, rat wrote:
> All it takes is a tech inside a DC cage with a USB drive.

That is not breaking encryption. That's attacking the system a
different way.

--
Grant. . . .
unix || die

Grant Taylor <gtaylor@tnetconsulting.net> wrote in
news:tts3fo$lq2$2@tncsrv09.home.tnetconsulting.net:

> On 3/2/23 4:22 PM, rat wrote:
>> All it takes is a tech inside a DC cage with a USB drive.
>
> That is not breaking encryption. That's attacking the system a
> different way.

There is no need to break encryption when there is a means to access
stored data, which in many cases is completely unsecured.

On 3/4/23 12:43 AM, rat wrote:
> There is no need to break encryption when there is a means to access
> stored data, which in many cases is completely unsecured.

Agreed.

But (one of) the implication(s) of the OPs post was that the encryption
had been broken. There is no evidence that is the case.

--
Grant. . . .
unix || die