Police Target Criminal Users of Sky ECC Cryptophone ServiceInvestigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages
Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations.
See Also: Automating Security Operations
Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via various plans, with a six-month subscription running from $950 to $2,600.
Despite the service being encrypted, investigators in Belgium, France and the Netherlands say that since February, they have been monitoring 3 million messages exchanged daily by Sky ECC's 170,000 global users and disseminating intelligence to law enforcement agencies.
"This has resulted in the collection of crucial information on over 100 planned, large-scale criminal operations, preventing potential life-threatening situations and possible victims," according to the EU's law enforcement intelligence agency, Europol.
On Tuesday, police in Belgium and the Netherlands executed a number of arrest warrants and conducted house searches and seizures aimed at disrupting Sky ECC and its users. Officials say that more than 20% of Sky ECC's user base is located in Belgium and the Netherlands.
Belgian police say that this week, they arrested 48 suspects and searched more than 200 houses as part of their investigation.
Encrypted-Only Messages and Photos
Police say a number of international criminal syndicates used Sky's cryptophones to hide their activities.
"On devices supplied by SKY ECC, all apps are blocked except those of SKY ECC itself," Belgian police say. "Through this app, only encrypted, written or recorded messages and photos can be sent and received, and only to and from another user of a SKY ECC phone."
Police say anyone able to physically access a Sky device cannot extract data from it - such as contacts, messages or phone history - and "it is not possible to do anything else with these devices, such as sending text messages or making phone calls." In addition, the devices are set to automatically "erase all data" stored on the device "after a certain period of non-use or in the event of seizure by the police."
Sky Says Network Remains Secure
Despite the police action, the Sky ECC website states that the "SKY ECC platform remains secure and no authorized SKY ECC device has been hacked."
Officials at Sky ECC also dispute the law enforcement allegations that it is the “platform of choice for criminals," saying it is designed for "legitimate personal and business affairs."
“SKY ECC believes that the individual right to privacy is paramount for anyone acting within the law,” Jean-François Eap, Sky ECC's CEO, says in a statement.
“The platform exists for the prevention of identity theft and hacking, the protection of personal privacy rights and the secure operation of legitimate personal and business affairs," Eap says. "With the global rise of corporate espionage, cybercrime and malicious data breaches, privacy and protection of information is the foundation of the effective functioning for many industries including legal, public health, vaccine supply chains, manufacturers, celebrities and many more.”
Sky ECC's statement says the service "experienced temporary interruptions in connection with its servers" on Monday and Tuesday, but that "services are now back to normal." It adds that "SKY ECC has not been contacted by any investigative authority" and that "SKY ECC servers do not store any user data, messages or backups."
Follows EncroChat Disruption
News of the Sky ECC disruption follows European police in June 2020 disrupting another cryptophone provider, EncroChat, after gaining access to its encrypted cellular network and monitoring messages. EncroChat sold smartphones for about $1,000, with a six-month service plan running $1,700.
Police say EncroChat's administrators shut down the service after discovering that it had been penetrated by police (see: European Police Hack Encrypted Communication System).
Intelligence gleaned from that operation led to numerous arrests, including 100 arrests in the Netherlands, as well as the seizure of illegal narcotics and firearms and destruction of 19 drug labs. Police in Britain also reported making 746 arrests and seizing a large amount of cash, plus dozens of firearms and over 2 tons of illegal narcotics. Arrests were also carried out in France, Sweden and Norway.
Police say that after EncroChat was disrupted, many customers switched to Sky ECC. "Investigations into the tool started in Belgium, after mobile phones seized during searches showed the use of Sky ECC by suspects," Europol says.
Belgian police say they first began probing Sky ECC's cryptophone service at the end of 2018. In mid-February, investigators say, they became able to "unlock" the encryption Sky ECC used.
Investigators say they have amassed a wealth of data to analyze. "By successfully unlocking the encryption of Sky ECC, the information acquired will provide insights into criminal activities in various EU member states and beyond and will assist in expanding investigations and solving serious and cross-border organized crime for the coming months, possibly years," Europol says.
Sky ECC Cites 'Fake Phishing Application'
Officials have not described how they were able to access Sky ECC users' data.
But Vice reports that Sky ECC's administrators believe that law enforcement officials created a fake version of the company's app, loaded it onto phones and then sold these phones via "unauthorized channels" to individuals seeking to gain access to the service.
Sky ECC says in its statement: "Authorized distributors in Belgium and the Netherlands brought to our attention that a fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices, and security features of authorized SKY ECC phones were eliminated in these bogus devices which were then sold through unauthorized channels."
Criminals Continue to Use Encryption
The Sky ECC disruption is a reminder that the criminal use of encrypted communications continues. But despite efforts to curtail such activity via government policies or fresh laws, some security experts say it's not clear such approaches would ever prevent criminals from finding a way to employ encryption.
"Encryption is a very difficult and sensitive topic because, I mean, from our perspective, it is very clear we need strong encryption," Philipp Amann, head of strategy at Europol, told Information Security Media Group in an October 2020 interview. "We don't want to have any backdoors - it's a building block of our internet. But then how do we deal with the criminal abuse of encryption? So that's a very difficult space, especially for law enforcement."
Sky ECC and EncroChat are not the only encrypted communications services to have been targeted by police. In 2018, Dutch police dismantled encrypted messaging handset provider BlackBox, while the FBI disrupted the secure smartphone service called Phantom Secure.
As those takedowns and the police operation targeting Sky ECC demonstrate, law enforcement agencies can disrupt communications networks used by criminals - even when they're encrypted.
"Note, no encryption backdoors were needed in this case," security expert Brian Honan says of the Sky ECC police operation.
Nevertheless, some Western government officials continue to demand that the use of strong encryption by communications networks be banned and only weak encryption - containing a backdoor for police access with a court order - be allowed.
Many security experts, however, continue to emphasize that backdoors can be abused by anyone, including crime gangs and unfriendly nation-states. They stress that strong encryption remains essential for safeguarding not just government operations, but also businesses and individuals.