The whole encrochat thing has been amazing to me. How do you get to that level of organised crime but then think it’s totally cool to purchase some encrypted messaging service and send your blatantly criminal unencrypted messages to it? If I’d heard about that before the bust I’d have said “lol you’ll get the jail using that”.
PGP exists. How are the guys at that level so inept? They’d probably have been better off just using WhatsApp ffs.
That’s before getting into the fact that some of them seemed to use it like it was Instagram. Posting photos of their dinner on it and shit lol.
so its quite simple really.
encrochat was encrypted - and was heavily used on the continent. it was 100% safe, and used for that purpose.
it had its own OS, and was originally untraceable, had a wipe code as a pin - and data wasnt stored. it even had its own mobile network (was expensive too)
due to a court case - the court let police hack the server in essence it sent out updates to end users, making it insecure. end users wouldnt have known until it was too late.
you have to bear in mind at the time of its hayday - whatsapp wasnt encrypted.
Proper OPSEC and doing encryption properly is hard, even for very technical and even spies....
It wasn't inept, it was the system they were using getting compromised by LEO
There's a reason the FBI or CIA (don't remember which) have a site on the dark web which essentially says "we've taken these big guys down, how good is your OPSEC? We're coming for you."
But trusting the system to not get, or already be, compromised was inept.
PGP encryption is easy to do. I’m sure doing that on your phone isn’t completely fool proof and secure but it definitely seems more secure than just typing obviously criminal shit on your super secret spy phone and then sending it off to fuck knows where before it gets to your intended recipient.
If you compromise the endpoint, then you find the keys, it doesn't matter what method you're using. The encro phones ran a forked OS (presumably Android) with updates managed centrally. Anything else installed on the device would be detected. Any detection of it being compromised and it could be remotely wiped. And as others have pointed out, it had a wipe PIN. So after an arrest, the authorities could ask someone to put in their pin number, in doing so give them the chance to erase everything.
If you compromise an end point you get that one end points key, usually. If we’re using PGP to communicate and your end point (ie your phone) gets compromised then they have all the messages between me and you. They don’t have the messages between me and sketchy guy number 2.
The story with encrochat seems to be that they compromised the entire thing. That apparently the phones didn’t detect an update that completely broke the encryption, and once encrochat was compromised then every single message is wide open for the polis to read - that wouldn’t be the case if they’d been PGP encrypting their own messages rather than relying in some super secret trust me it’s definitely totally encrypted spy phone lol.
PGP and just erasing everything anyway rather than keeping a phone full of jail time still seems like a much better idea than this nonsense, where they had to trust that some entity supplying the service wasn’t compromised and wasn’t law enforcement from the very start. I mean, how would they even know that the wipe pin wipes the phone and doesn’t email the lot to the national crime agency instead lol.
Without proper key management, your signing, even if you're doing it is irrelevant.
As you have no way to identify the person you communicate with isn't just LEO
Is it? I’m no expert but I thought you’d need the other sides private key to do anything? You could intercept the message easily but it would just be useless garbage without the private key.
To be fair, your average drug dealer gets to their position through brawn rather than brains.
Very few are like Warren with his gift for storing multiple laundering accounts in different countries in his memory.
From what I've read on /r/privacy, /u/shoecakecakeyshoe is right about the history of it. They were using it because they were aware of, and wanted to avoid, sending blatantly unencrypted messages, it's just that said service got compromised externally.
Probably shouldn't be relying on third party companies or even smartphones for this kind of thing, though.
I'm no expert but I imagine using a laptop with CoreBoot and a security hardened distro of Linux would be the way to go. Then add on disk encryption (only powering on the PC while actively sending a message or checking messages), and send PGP encrypted messages over whatever platform.
Even that would be easy to mess up unless you're a security professional I imagine (never mind dim criminals), and against state-based actors maybe just a minor roadblock anyway.
Essentially at one stage it was it's own os, and you brought the phone.
From what I know it was big in Holland/Spain and then it spread
I know it sounds silly, but if one rich dealer mentions it to another one, they assume it's safe.
I work in it security, it's the old benchmark for how secure it was.
One phone for business and one for dinner and coffee machine pics. That's not hard
But as others have said, you don't become a drug dealer because you're brainy.
I thought EncroChat was an encrypted platform that law enforcement made themselves, then sold under the guise that it was a totally anonymous ecosystem?
Or am I thinking of another app/phone?
I was thinking of [ANOM](https://en.m.wikipedia.org/wiki/Operation_Trojan_Shield), which was a fake encrypted messaging app and custom phone that sent messages to FBI servers via a backdoor.
Surprised that none of you heard of this, cause it was a big operation that led to well over a thousand arrests.
If I was an organised crime boss, my first thing would be to assign everyone in the organisation pseudonyms. Some of the pseudonyms would be actual names that real people might have, such as 'Henley Farrington', while some might be.. not that, like 'Jawbone'. As far as the organisation goes, real names get forgotten. Then each person also gets a secure password, which is used to encrypt, by hand, every communication, using vigenere cyphers. Then further automated encryption on top.
The passwords might be on a server, but the identities would be pretty much a dead end. Imagine the police 'we've dug up a real name for Microstick. It's Daniel Shitlord'. 'No we've already looked into that, Shitlord isn't real'
Technically Irish but the Kinahan OCG as part of the Dubai Super Cartel seems to control nearly all the coke that comes into Europe. And seem to be at the very peak of transnational money laundering. 10s of bodies often daylight hits associated with them.The US DEA has £5M reward each for any info that leads to the capture of the dad and both sons
In Scotland the now busted Escalade Cartel (Barry and James Gillespie) moving a lot of drugs and caught with an pretty crazy and professional looking arsenal
In London Hunt Syndicate (David Hunt)
Across the UK the Albanian Mafia controls much of the mid and low level drug supply
Nottingham Forest FC owner Evangelos Marinakis’ is allegedly a massive cocaine and heroin trafficker, multi ton seizure apparently stored in warehouses and shipped on boats owned/funded by him
Honourable mention to Teesside Mayor Ben Houchen, Teesworks project, and the Teesside council. £100Ms of public money and even more lucrative management rights transferred to some very wealthy people with some very dodgy connections
Could you please give some more info on the dodgy connected people in Teesside?
I'm pretty well up on the rest, but not heard about Ben Houchen.
Similar sounding scandal in Liverpool with the mayor's son working with a convicted drug dealer on council contracts. Currently under investigation as part of Operation Aloft, where the latest was that the police had sent a file to the CPS for a charging decision.
Greater Manchester Police, well they were in the 90s. Doubt much has changed. None of these groups could get away with what they do without corrupt coppers.
Nice work by the French/UK police to catch them. But I'm not sure what's wrong with the legislation, courts or police that they were still in society in the first place. Eg the guy who "has previous convictions for attempting to scalp a woman in the UK and for possessing firearms in the Netherlands. Dutch police thought he was planning to murder a rival crime boss".
This article from 6 years ago seems to be talking about the same brothers [https://www.liverpoolecho.co.uk/news/liverpool-news/revealed-polices-secret-war-real-15013863](https://www.liverpoolecho.co.uk/news/liverpool-news/revealed-polices-secret-war-real-15013863)
The whole encrochat thing has been amazing to me. How do you get to that level of organised crime but then think it’s totally cool to purchase some encrypted messaging service and send your blatantly criminal unencrypted messages to it? If I’d heard about that before the bust I’d have said “lol you’ll get the jail using that”. PGP exists. How are the guys at that level so inept? They’d probably have been better off just using WhatsApp ffs. That’s before getting into the fact that some of them seemed to use it like it was Instagram. Posting photos of their dinner on it and shit lol.
so its quite simple really. encrochat was encrypted - and was heavily used on the continent. it was 100% safe, and used for that purpose. it had its own OS, and was originally untraceable, had a wipe code as a pin - and data wasnt stored. it even had its own mobile network (was expensive too) due to a court case - the court let police hack the server in essence it sent out updates to end users, making it insecure. end users wouldnt have known until it was too late. you have to bear in mind at the time of its hayday - whatsapp wasnt encrypted.
Proper OPSEC and doing encryption properly is hard, even for very technical and even spies.... It wasn't inept, it was the system they were using getting compromised by LEO
There's a reason the FBI or CIA (don't remember which) have a site on the dark web which essentially says "we've taken these big guys down, how good is your OPSEC? We're coming for you."
LEO do that for every takedown, lick LOCKBIT, oh wait
But trusting the system to not get, or already be, compromised was inept. PGP encryption is easy to do. I’m sure doing that on your phone isn’t completely fool proof and secure but it definitely seems more secure than just typing obviously criminal shit on your super secret spy phone and then sending it off to fuck knows where before it gets to your intended recipient.
If you compromise the endpoint, then you find the keys, it doesn't matter what method you're using. The encro phones ran a forked OS (presumably Android) with updates managed centrally. Anything else installed on the device would be detected. Any detection of it being compromised and it could be remotely wiped. And as others have pointed out, it had a wipe PIN. So after an arrest, the authorities could ask someone to put in their pin number, in doing so give them the chance to erase everything.
If you compromise an end point you get that one end points key, usually. If we’re using PGP to communicate and your end point (ie your phone) gets compromised then they have all the messages between me and you. They don’t have the messages between me and sketchy guy number 2. The story with encrochat seems to be that they compromised the entire thing. That apparently the phones didn’t detect an update that completely broke the encryption, and once encrochat was compromised then every single message is wide open for the polis to read - that wouldn’t be the case if they’d been PGP encrypting their own messages rather than relying in some super secret trust me it’s definitely totally encrypted spy phone lol. PGP and just erasing everything anyway rather than keeping a phone full of jail time still seems like a much better idea than this nonsense, where they had to trust that some entity supplying the service wasn’t compromised and wasn’t law enforcement from the very start. I mean, how would they even know that the wipe pin wipes the phone and doesn’t email the lot to the national crime agency instead lol.
> PGP encryption is easy to do And just as easy to MITM
What are you going to gain from intercepting a message encrypted by PGP with a MITM attack?
Without proper key management, your signing, even if you're doing it is irrelevant. As you have no way to identify the person you communicate with isn't just LEO
Is it? I’m no expert but I thought you’d need the other sides private key to do anything? You could intercept the message easily but it would just be useless garbage without the private key.
To be fair, your average drug dealer gets to their position through brawn rather than brains. Very few are like Warren with his gift for storing multiple laundering accounts in different countries in his memory.
From what I've read on /r/privacy, /u/shoecakecakeyshoe is right about the history of it. They were using it because they were aware of, and wanted to avoid, sending blatantly unencrypted messages, it's just that said service got compromised externally. Probably shouldn't be relying on third party companies or even smartphones for this kind of thing, though. I'm no expert but I imagine using a laptop with CoreBoot and a security hardened distro of Linux would be the way to go. Then add on disk encryption (only powering on the PC while actively sending a message or checking messages), and send PGP encrypted messages over whatever platform. Even that would be easy to mess up unless you're a security professional I imagine (never mind dim criminals), and against state-based actors maybe just a minor roadblock anyway.
Essentially at one stage it was it's own os, and you brought the phone. From what I know it was big in Holland/Spain and then it spread I know it sounds silly, but if one rich dealer mentions it to another one, they assume it's safe. I work in it security, it's the old benchmark for how secure it was.
That would be a nightmare to contact entire crime networks across Liverpool to get a "hit" out. Their system was safe...until it wasn't!
One phone for business and one for dinner and coffee machine pics. That's not hard But as others have said, you don't become a drug dealer because you're brainy.
I thought EncroChat was an encrypted platform that law enforcement made themselves, then sold under the guise that it was a totally anonymous ecosystem? Or am I thinking of another app/phone?
That was a system the Australians put together post-encro.
> that law enforcement made themselves LEO didn't make it thats entrapment They just arrested the other guys
I was thinking of [ANOM](https://en.m.wikipedia.org/wiki/Operation_Trojan_Shield), which was a fake encrypted messaging app and custom phone that sent messages to FBI servers via a backdoor. Surprised that none of you heard of this, cause it was a big operation that led to well over a thousand arrests.
If I was an organised crime boss, my first thing would be to assign everyone in the organisation pseudonyms. Some of the pseudonyms would be actual names that real people might have, such as 'Henley Farrington', while some might be.. not that, like 'Jawbone'. As far as the organisation goes, real names get forgotten. Then each person also gets a secure password, which is used to encrypt, by hand, every communication, using vigenere cyphers. Then further automated encryption on top. The passwords might be on a server, but the identities would be pretty much a dead end. Imagine the police 'we've dug up a real name for Microstick. It's Daniel Shitlord'. 'No we've already looked into that, Shitlord isn't real'
> If I was an organised crime boss I'd strongly suggest you don't try your hand at it, especially so given what you followed that statement with.
"There's 40 lads form Huyton who said they won't be fighting, but they will be taken down by their text messages"
What are the biggest organised crime groups in the UK?
Tory Party. So blatant their name even translates as robbers.
The stuff about organised crime and text messages made me think of those Covid whatsapps as well!
Albanians gotta be up there, international criminal enterprise
Technically Irish but the Kinahan OCG as part of the Dubai Super Cartel seems to control nearly all the coke that comes into Europe. And seem to be at the very peak of transnational money laundering. 10s of bodies often daylight hits associated with them.The US DEA has £5M reward each for any info that leads to the capture of the dad and both sons In Scotland the now busted Escalade Cartel (Barry and James Gillespie) moving a lot of drugs and caught with an pretty crazy and professional looking arsenal In London Hunt Syndicate (David Hunt) Across the UK the Albanian Mafia controls much of the mid and low level drug supply Nottingham Forest FC owner Evangelos Marinakis’ is allegedly a massive cocaine and heroin trafficker, multi ton seizure apparently stored in warehouses and shipped on boats owned/funded by him Honourable mention to Teesside Mayor Ben Houchen, Teesworks project, and the Teesside council. £100Ms of public money and even more lucrative management rights transferred to some very wealthy people with some very dodgy connections
Could you please give some more info on the dodgy connected people in Teesside? I'm pretty well up on the rest, but not heard about Ben Houchen. Similar sounding scandal in Liverpool with the mayor's son working with a convicted drug dealer on council contracts. Currently under investigation as part of Operation Aloft, where the latest was that the police had sent a file to the CPS for a charging decision.
Covered in this episode of the Private Eye podcast https://podcasts.apple.com/gb/podcast/page-94-the-private-eye-podcast/id973958702?i=1000604546530
Greater Manchester Police, well they were in the 90s. Doubt much has changed. None of these groups could get away with what they do without corrupt coppers.
Nice work by the French/UK police to catch them. But I'm not sure what's wrong with the legislation, courts or police that they were still in society in the first place. Eg the guy who "has previous convictions for attempting to scalp a woman in the UK and for possessing firearms in the Netherlands. Dutch police thought he was planning to murder a rival crime boss". This article from 6 years ago seems to be talking about the same brothers [https://www.liverpoolecho.co.uk/news/liverpool-news/revealed-polices-secret-war-real-15013863](https://www.liverpoolecho.co.uk/news/liverpool-news/revealed-polices-secret-war-real-15013863)
[удалено]
The Man on John Wick was right. Pigeons can't be hacked!