A Half-Billion Intel Goldmine

Hey there, Joseph here with something that the U.S. has quietly been doing in drug trafficking cases—tapping into a massive cache of hacked messages from an encrypted chat provider. European authorities hacked Sky in 2021. Now there are multiple cases inside the U.S. where DHS has obtained access to those chats and using them too. The full story follows below.

This article was produced in collaboration with Court Watch, an independent outlet that unearths overlooked court records. To subscribe to Court Watch, click here.

U.S. agencies are increasingly accessing parts of a half-billion encrypted chat message haul that has rocked the global organized crime underground, using the chats as part of multiple drug trafficking prosecutions, according to a 404 Media review of U.S. court records. In particular, U.S. authorities are using the chat messages to prosecute alleged maritime drug smugglers who traffic cocaine using speedboats and commercial ships.

The court records show the continued fallout of the massive hack of encrypted phone company Sky in 2021, in which European agencies obtained the intelligence goldmine of messages despite Sky being advertised as end-to-end encrypted. European authorities have used those messages as the basis for many prosecutions and drug seizures across the continent. Now, it’s clear that the blast radius extends to the United States.

“The charges against Radonjic arose from an extensive federal investigation into the criminal activities of a vast international drug trafficking organization in which Radonjic and his co-conspirators used commercial container maritime vessels that transited from South America to the United States and Europe to transport massive quantities of cocaine for cartels located in the Balkans,” a recently unsealed affidavit in support of a search warrant, signed by a Department of Homeland Security, Homeland Security Investigations (HSI) Special Agent, reads. Milos Radonjic, also known as “Pirate of the Unknown,” allegedly tried to transport more than two and a half tons of cocaine using those commercial vessels, and was arrested just before he planned to captain a racing yacht in an international competition in Italy in October 2023. The Montenegrin was extradited to the U.S. in July. 

The newly unsealed document now clearly links at least part of Radonjic’s prosecution to Sky messages. It says that “Radonjic and his co-conspirators used a variety of messaging applications, including Sky ECC, Signal, iMessage, and Facetime to communicate and coordinate the process of loading the cocaine onto the vessels,” and says that the U.S. government obtained records of Radonjic’s Sky communications from European law enforcement. There is no indication that U.S. authorities have access to the full, half-billion cache of messages. Instead, court records indicate U.S. authorities are receiving data related to specific devices belonging to people they are investigating.

Included in Radonjic’s Sky messages were “explicit planning and discussion of narcotics trafficking, photographs of parts of one ship that was used to transport narcotics, the geolocation data for that ship, and references to the specific attempts to load cocaine aboard the ship,” the record adds.

A screenshot of the Sky app. Image: 404 Media.

The messages also include information that ties Radonjic to the Sky phone itself, including an image of a receipt showing Radonjic’s name, address, and phone number; details of international travel that correspond to border crossings and travel reservations in Radonjic’s name; photographs of a vehicle that was registered to a member of Radonjic’s yacht racing team, and “a reference to what appears to be a birthday on Radonjic’s daughter’s true birthdate,” the court document says.

The search warrant itself seeks access to multiple mobile phones held by Radonjic when he was arrested: an iPhone 14 and two Samsung devices, according to the document. Radonjic previously gave consent to Italian authorities to search the iPhone and provided his passcode, but claimed he had forgotten the passcode for the two Samsung devices. 

“It is also common for international narcotics traffickers to claim to have forgotten the passcodes to their incriminating cell phones, even if they consent to searches of their personal phones. Indeed, it would be highly unusual to travel with multiple personal cellphones and only know the password for one of them,” the HSI agent writes, adding that the phones are currently in HSI custody in the Eastern District of New York. HSI in part wants access to these phones because it believes “a search of the Devices will reveal evidence of crime, including attribution evidence that corresponds to evidence from the Sky ECC data.” In other words, it could further link Radonjic to any incriminating evidence included in the hacked messages.

Michael Weil, Radonjic’s U.S. federal public defender, declined to comment. DHS did not respond to a request for comment.

A screenshot of the Sky app. Image: 404 Media.

Sky’s business involved installing its encrypted messaging app onto Android and iPhone devices. This app, as well as sending end-to-end encrypted chats, let customers request a device wipe from Sky, deleting all content on the phone. Although the business started as legitimate, the devices became popular among serious organized criminals, and law enforcement pivoted from investigating individual users of devices to the company itself. This followed shutdowns of other encrypted phone companies that catered to criminals such as Ennetcom and Phantom Secure.

In March 2021, Belgian police said it had managed to decrypt around half a billion Sky messages. Soon after, as Sky users panicked and some threw away their devices, the U.S. Department of Justice indicted Sky’s CEO Jean-Francois Eap and a Sky distributor called Thomas Herdman. Eap then vowed to clear his own name. The case is ongoing with little movement as Eap remains free in Canada. Herdman is currently in a French prison.

The Radonjic prosecution is not the only case in the U.S. using Sky data. In October 2022, a grand jury indicted Goran Gogic, a former heavyweight boxer who also allegedly used commercial container ships to smuggle cocaine from South America into the United States and Europe. In a press release U.S. authorities said the seizure of the MSC Gayane at the Port of Philadelphia was “one of the largest in U.S. history,” and that Gogic allegedly transported more than $1 billion worth of cocaine. 

A search warrant unsealed earlier this year links Gogic’s prosecution to a review of Sky messages as well. “The evidence against GOGIC includes, inter alia, communications he conducted over the Sky ECC network,” the document, also written by an HSI Special Agent, reads. It adds that the U.S. government has obtained data on two of Gogic’s Sky phones. Those messages include references to specific cocaine seizures for which Gogic is charged, as well as an “explicit solicitation” by Gogic to arrange the murder of someone that Gogic believed to be a law enforcement informant, the document adds. (Thomas Brewster from Forbes, and author of The Wiretap newsletter, shared the court document with 404 Media). 

A photo from the complaint against Didani. Image: U.S. DOJ

Once again, those Sky communications also include information that ties the devices directly to Gogic, including airline and hotel records that correspond to Gogic’s movements; audio recordings of Gogic’s voice; selfies with his face obscured but which otherwise match Gogic’s appearance; a reference to a birthday dinner on Gogic’s birthday, and photographs of someone who appears to be Gogic’s young child.

From the documents, it is clear that where alleged criminals felt most safe—in the encrypted chats of Sky—they divulged secrets and personal details that made it much easier for law enforcement to link their real identities to their criminal personas and activities. This also applies to cases built on data taken from Anom, the encrypted phone company the FBI secretly ran and backdoored, and Encrochat, another encrypted phone provider that European authorities hacked.

And in what appeared to be the first public U.S. case which later used Sky data, authorities indicted Ylli Didani with drug trafficking charges in 2021. As part of that, Didani allegedly discussed building a submersible torpedo for moving the narcotics. Court records explicitly mentioned his use of Sky and that U.S. authorities had gained access to those messages. Assistant United States Attorney Mark Bilkovic, who is working on the case, declined to comment.