Hey Kaitlyn, Joseph here with some news on encrypted communications. Police have hacked into Ghost, which is an encrypted communications platform allegedly used heavily by drug traffickers. I think more than anything this operation shows a fundamental shift in the world of serious organized crime: criminals are moving away from big encrypted phone providers (like Sky, Encrochat, and Anom, because authorities shut them down) and now relying on a much more decentralized series of smaller providers. That, and consumer access apps like Signal. I think that has a ton of implications for all of us, as it will dictate what law enforcement do next. The full story follows below. Police in Australia have hacked into “Ghost,” an encrypted communications platform used by organized criminals, collected users’ messages, and arrested its alleged administrator, according to announcements from various law enforcement agencies. Based on those messages, agencies across Europe, North America, and Australia have conducted raids in the last few days. Countries involved in the wider operation include Canada, France, Iceland, Ireland, Italy, the Netherlands, Sweden, and the United States. The action is just the latest in law enforcement’s continued focus on the encrypted phone industry. The last large operation was Anom, in which the FBI secretly managed its own encrypted phone company to collect tens of millions of messages. Given Ghost’s relatively small size compared to some of the other, previously shut down encrypted phone companies, the operation highlights a broader shift in organized crime. Criminals are moving away from massive brand names like Sky or Encrochat which had tens of thousands of users, to a decentralized collection of smaller players, or to consumer communication apps like Signal. Ghost had several thousand users around the world, and around thousand a messages were sent globally each day, authorities say.
This segment is a paid ad. If you’re interested in advertising, let's talk.
Generative AI companies are pushing the boundaries of creating realistic-looking video content from simple text prompts. But these innovations are also catching the attention of malicious forces—child predators, terrorist organizations, and hate groups are actively exploiting these new tools to further their dangerous agendas.
In ActiveFence’s latest report, we provide in-depth analysis of how these threat actors are weaponizing AI-generated videos. We reveal how child predators are bypassing safety measures to create video-based child abuse material. We examine how terrorists are incorporating AI video into their propaganda. Our report also explores strategies used by hate groups to produce videos that spread extremist ideology and radicalize viewers.
By understanding these tactics and technologies, companies and safety teams can better prepare to counter the misuse of generative AI—and protect their platforms from exploitation.
Read the report now.
FBI Supervisory Special Agent Brendan Dunford said during an Europol press conference Wednesday that these encrypted communication platforms warranted “a worldwide response by law enforcement” because they have an outsized impact in facilitating criminal activity around the globe. Europol, the European Union's law enforcement coordination body, hosted an Operational Taskforce (OTF) in March 2022 involving several of the countries to exchange intelligence, the agency said. In a press release, Europol said 51 suspects were arrested, including 38 in Australia, 11 in Ireland, one in Canada and one in Italy. That person in Italy allegedly belonged to a mafia group, Europol added. Europol said threats to life were prevented, and weapons and drugs worth more than 1 million Euros were seized. Europol said that servers for Ghost were found in France and Ireland, and financial assets were in the United States. On Tuesday, a spokesperson from the Australian Federal Police (AFP) told 404 Media the agency was “undertaking a significant operation across NSW [New South Wales], Victoria, Western Australia and South Australia.” “AFP Operation Kraken is targeting alleged organised criminals accused of using a secret platform to import illicit drugs and plan other serious crimes in Australia and around the globe,” the spokesperson added. On its apparent website, Ghost described itself as the “secure encrypted communication service of the future.” “Have a peace of mind and protect your sensitive business information from prying eyes. Ghost offers industry-leading tools that enable confident communications no matter where you go,” it adds. 💡 Do you know anything else about this shutdown? Do you sell similar phones? I would love to hear from you. Using a non-work device, you can message me securely on Signal at +44 20 8133 5190. Otherwise, send me an email at joseph@404media.co. Australian authorities allege, however, that Ghost was designed specifically for use by criminals. In one instance, six men from a criminal syndicate allegedly used the network to fabricate a terrorist plot, involving weapons and explosives, as well as plan drug importations. Multiple Australian outlets published images provided by the AFP of the alleged Ghost creator, named as Jay Je Yoon Jung. ABC reported that Australian authorities have been aware of Ghost for seven years, but did not know the alleged administrator was Australian until 2021. The outlet added that Jung allegedly launched the network nine years ago when he was 23. The Sydney Morning Herald reported that the AFP used a “virus-like program” to infiltrate the alleged administrator’s computers. The virus then sat dormant until the administrator sent updates to the Ghost phones, the outlet added. “The AFP was able to modify those updates, which basically infected the devices, enabling the AFP to access the content on devices in Australia,” the Sydney Morning Herald reported a briefing statement as saying. Law enforcement agencies around the world have targeted encrypted phone platforms for years, but only recently did those actions make major headlines. This drumbeat of activity started with the Dutch shutdown of a company called Ennetcom in 2016. Dutch police were then able to decrypt a mass of messages that were supposed to be end-to-end encrypted on the service. Dutch police also arrested owners of other smaller companies, like PGPSure. As I show in my book about the encrypted phone industry, this was part of the inspiration for prosecutors and FBI officials in San Diego to try to get a backdoor into Phantom Secure, another provider. That ultimately failed, but the FBI did shut down the company and arrest its CEO, sending criminals around the world into a scramble to find another platform to communicate on. In the wake of that shutdown, a confidential human source provided the FBI with an opportunity to run their own encrypted phone company and intercept messages that way. That was the start of Anom, which grew to a comparable size to Phantom Secure. Anom led to the largest sting operation ever, with around nine thousand law enforcement officials acting in a coordinated series of raids. After the FBI came clean about running Anom, another company popular with criminals called Ciphr decided to close itself down. In 2020, European authorities hacked into Encrochat, another major encrypted phone company, and obtained user messages. That sent shockwaves through the organized crime world, especially in the UK where Encrochat was a primary phone of choice. The agency responsible for the hacking was the French military police, which has since gone on to be involved in the investigation of Telegram CEO Pavel Durov. Then in 2021, European authorities announced they had broken into Sky, the four-hundred pound gorilla of the encrypted phone industry. Belgian police said they had decrypted a staggering half a billion Sky messages. Those messages, and those from Encrochat, have been the basis of prosecutions of alleged serious drug traffickers and other criminals around the world. Then in February 2023, Dutch authorities announced they had obtained user messages from another platform called Exclu. Today, the only major provider left is likely No. 1 BC, which I previously reported in a collaborative investigation is used by the Italian mafia. Multiple phone resellers have told me that some of their clients have since moved onto using Signal on a security-focused operating system like the open source and free to download GrapheneOS. That shift to smaller players and more widely available apps is reflected in a NSW Crime Commission report from October 2023. It says that the encrypted criminal communications market in Australia “changed at an unprecedented pace” between 2022 and 2023. Serious organized crime groups largely stopped using traditional encrypted phone companies due to security, accessibility, and stability concerns, the report reads. Instead, they have been increasingly replaced with “encrypted messaging communications applications, such as Threema, Signal and Wickr, which are installed on ‘hardened’ handsets with VPNs, secure operating systems and falsely subscribed SIM cards.” The report also says that Australian organized crime groups “have invested in the development of bespoke encrypted messaging applications for both their own in-house use and to sell to other syndicates.” Europol echoed this too, saying in its press release that criminals are “turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity.” In the press conference, Deputy Executive Director Operations at Europol Jean-Philippe Lecouffe broadened the discussion to private communication companies more generally. “Private companies are part of this story too. They have the power and the responsibility to ensure their platform[s] are not becoming playgrounds for criminals. We urge these private companies to play their part. Access to communication between suspects is critical for law enforcement,” he said. Telegram and other consumer apps were not mentioned by name. The Europol press official heading the conference did not answer 404 Media's question on whether the partners on stage would target consumer apps like Signal now. The Telegram account linked to from the Ghost website did not respond to a request for comment. Its profile says it was “last seen within a month.”
|