On 13/03/2021 14:25, Ivan J. wrote:
On Fri, Mar 12, 2021 at 06:52:17AM +0000, jim bell wrote:
BleepingComputer: Europol 'unlocks' encrypted Sky ECC chat service to make arres
ts.
[1]https://www.bleepingcomputer.com/news/security/europol-unlocks-encrypted-sky-
ecc-chat-service-to-make-arrests/
Funny, because I've met drug dealers who all had/have burner
Blackberries with Sky ECC, and they all their ops went through the
messaging app. From what I've seen (and remember) the app seems to have
had some kind of message selfdestruct, and an additional unlock decoy
password that is supposed to erase the local messages when input.
Plus sometimes a remote message destruct by the service in emergency -
which can sometimes be considered to be the crime of illegally
obstructing a criminal investigation.
A (not-so-brief) history
The (in)famous PGP Blackberries were first sold by ghostpgp, TopPGP etc.
from about 2000. Blackberry themselves never made a PGP blackberry.
Network-limited crypto phone networks (initially exclusively using PGP
Blackberries), where only people on the network could be contacted and
people are identified by pseudonyms rather than by phone numbers,
started in about 2012. By 2016 Ennetcom was the biggest limited network.
Afaik no direct cryptanalytic attack against the PGP Blackberries has
ever succeeded, though several hardware-, phishing-, software-,
security- and law- based attacks have.
Around Jan 2016 it became widely known that the Police could examine the
contents of at least some PGP Blackberries after they seized them, and
over the next 18 months there were many breaks in service and
occasionally security in limited networks. As a result both PGP
Blackberry limited networks and PGP Blackberries themselves went
somewhat out of fashion.
The main method the Police used was to break up the limited networks by
seizing servers and arresting operators for associated crimes like money
laundering or assisting criminals, rather than trying to obtain
plaintext evidence against users.
Defunct PGP Blackberry network limited companies include:
Ennetcom (19k-40k users). Servers with 48 hours of messages seized in
April 2016, those and other messages decrypted shortly thereafter - the
Ennetcom servers were generating the PGP private keys... Number of users
arrested unknown but more than a few, including some convicted of murder.
PGP Safe May 2017. 4 people in the company arrested for money
laundering. Few if any users arrested.
Phantom Secure (20k users). Highly customised PGP Blackberries. Was
broken up in 2017 but not message-security-broken. CEO was busted under
RICO, refused to add backdoor, got 9 years. No? users were arrested.
Both ordinary and network-limited PGP Blackberries are still available.
Next in the limited networks (but not PGP Blackberry) game came
Encrochat (60k users). They used their own non-PGP crypto software on
mostly Android phones, optionally Blackberries.
They were widely message-security-broken in 2020. No arrests in the
company afaict, which was apparently a bit more respectable than Phantom
Secure or Sky Global. About 1,000 users arrested.
The method used in this break is interesting, a LE malware attack: the
French Police sent a "software update" to all the phones in use, which
then sent the plaintext contents of the stored messages in the phones to
the Police at intervals. The system servers were not directly affected.
Most recently there is SkyECC (70k users) from Sky Global, again using
their own software and mostly Android phones with a Blackberry option.
Widely message-security-broken according to LE in 2021. Sky Global's CEO
is under indictment for RICO. Many users have been arrested.
Sky Global claim that an unconnected and unauthorised "reseller" of fake
"SkyEcc" phones sold the phones which were message-security-broken, and
their system is still secure. Doubtful, but not impossible.
One thing (among many) which confuses me about this is that Sky Global
claim they knew about the fake phones for several years - so why did
they still allow the fake phones connectivity and crypto services?
Peter Fairbrother
