Cyber Crime

Real-World Law Enforcement Hack of Hackers End-to-Encrypted Chat Messenger

Law enforcement authorities successfully penetrated EncroChat, an encrypted chat program that is frequently used by criminals, in a ground-breaking operation that has shocked the world of organized crime.

This operation led to the arrest of hundreds of individuals involved in illegal activities across Europe and the seizure of substantial amounts of drugs, weapons, and cash.

The breach of EncroChat, once considered impenetrable, marks a significant victory in the ongoing battle against organized crime and raises important questions about privacy, security, and the limits of encryption technology.

This article discusses the successful efforts of the authorities to penetrate and gain control over the entire EncroChat instant messenger, which is commonly utilized by cybercriminals for communication.

The EncroChat Network

EncroChat offered encrypted phones at a high price, promising anonymity and security through end-to-end encrypted messaging (E2EE), with features designed to remove identifying information.

These devices, which cost around £900 each, with a subscription fee of £1,350 for six months, were tailored for privacy, with GPS, microphone, camera, and USB port all physically disconnected.

EncroChat’s services included encrypted messaging, ZRTP-based VOIP calls, and encrypted note-taking, operating on a dual-boot system with both EncroChat and Android OS.

The Breach

The operation to penetrate EncroChat began in December 2018 when a French court-authorized law enforcement to copy EncroChat’s virtual machines from a server in Roubaix, France. This led to legal maneuvers allowing authorities to install “computer data capture devices” on the server and intercept communications.

According to the presentation submitted at The Crypto Conference 2024, By March 2020, law enforcement had injected malware into EncroChat’s update servers, enabling them to collect both historical and live data from the devices.

This malware transmitted all stored data on the devices to the authorities and forwarded chat messages to French police servers in real-time without altering the encryption, thus maintaining the appearance of secure communication.

The breach resulted in more than 6,500 arrests and the seizure of over 900 million euros in assets. EncroChat, realizing the extent of the compromise, issued a warning and shut down its service in June 2020.

The operation revealed the scale of EncroChat’s use among criminals for coordinating illegal activities, including drug trafficking, violent attacks, and large-scale transports of illegal goods.

Are you from the SOC and DFIR Teams? – Analyse linux Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

The EncroChat breach has sparked a debate on the ethical and legal implications of law enforcement’s use of hacking and malware to combat crime.

While the operation has been hailed as a significant success in disrupting organized crime, it also raises concerns about privacy, the security of communication technologies, and the potential for abuse of such surveillance capabilities.

The operation’s reliance on malware and the covert interception of communications without users’ knowledge challenge traditional notions of privacy and legal process.

The successful breach of EncroChat represents a turning point in law enforcement’s approach to tackling encrypted networks used by criminals.

It underscores the vulnerabilities inherent in even the most secure communication systems and highlights the ongoing tension between privacy rights and the needs of law enforcement.

As technology continues to evolve, the balance between these competing interests will remain a contentious and critical issue for society.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.


BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt…

1 day ago

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files…

2 days ago

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes. Resecurity researchers have recently revealed that…

2 days ago

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million Ecuadorian citizens. The announcement was made…

2 days ago

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach.…

2 days ago

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon…

2 days ago