CryptoDB
A Real-World Law-Enforcement Breach of End-to-End Encrypted Messaging: The Case of Encrochat
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | Encrochat was a communications network and service provider that offered modified Android smartphones offering end-to-end encrypted communication based on the Signal protocol. In 2020, French law enforcement — in collaboration with agencies in the UK and the Netherlands as well as the European Agency for Law Enforcement Cooperation (Europol) — compromised the Encrochat network and exfiltrated historical data as well as real-time messaging data and metadata for weeks. The compromise remained undetected for approximately two months, after which Encrochat administrators shut down the network. Encrochat was used by organised crime groups in Europe (and elsewhere), and the exfiltrated information was used as supporting evidence in over 6000 arrests and related prosecutions across Europe; the information also led to the seizure or freezing of over 900 million euros as criminal funds, and the seizure of hundreds of tonnes of illegal drugs. The London Metropolitan Police, which made use of the intelligence gathered, described this as “the most significant operation the Metropolitan Police Service has ever launched against serious and organised crime”. In this talk, we examine what is known about how Encrochat was compromised, and how we know what we know at this time. In particular, we will discuss: the security and cryptography features used in Encrochat; what is currently known about how law enforcement breached the Encrochat network in 2020 and a potential earlier compromise; how we pieced together what is currently known from public sources such as historical Internet data, court records, and news reports; and legal, practical, and social limitations on the attack. |
| Video: | https://www.youtube.com/watch?v=AeKRS6_zxoc |
BibTeX
@misc{rwc-2024-35360,
title={A Real-World Law-Enforcement Breach of End-to-End Encrypted Messaging: The Case of Encrochat},
note={Video at \url{https://www.youtube.com/watch?v=AeKRS6_zxoc}},
howpublished={Talk given at RWC 2024},
author={Martin R. Albrecht and Sunoo Park and Douglas Stebila and Mike Specter},
year=2024
}