Cybercrime , Encryption & Key Management , Fraud Management & Cybercrime
Australian Police Arrest Alleged Head of Ghost Encrypted App
International Law Enforcement Dismantles End-to-End Encrypted Messaging ServiceAn international law enforcement operation dismantled the Ghost encrypted messaging service in a takedown that resulted in the arrest of 51 suspects across three continents including alleged members of the Italian Mafia and motorcycle gangs.
See Also: Supporting Malware Analysis at Scale
Authorities said during a Wednesday press conference in Brussels that the operation halted "a number of threats to life" and resulted in the seizure of a drug lab after Australian police infiltrated the messaging service. Police located servers in France and Iceland and arrested Ghost's alleged administrator, a 32-year-old Australian man identified as Jay Je Yoon Jung.
Ghost, founded nearly 10 years ago, gained popularity among criminals for its advanced security. It deployed three encryption standards, allowed users to auto-delete old messages and wipe their devices remotely.
Jung was a resident of a quiet Sydney suburb; Australian media reported that he lives with his parents. He allegedly sold modified smartphones embedded with Ghost for $2,350 each, offering a six-month subscription and tech support along with each sale. The devices cannot make calls, send SMSs or access the Internet. Jung faces five criminal counts, including supporting a criminal organization and identity fraud.
About 700 Australian law enforcement officers rounded up 38 people across four states on Tuesday. Authorities told public broadcaster ABC that police infiltrated Ghost after obtaining a handset. "It was really some very smart software engineering and modification of updates to those devices to essentially turn them into surveillance devices," an Australia Federal Police official said.
Europol and Eurojust coordinated the takedown among nine governments, including police from Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States. Users of Ghost also included organized crime figures in the Middle East and South Korea. Australian police were able to prevent the death or serious injury of as many as 50 individuals, David McLean, assistant commissioner of the Australian Federal Agency, said during the Brussels press conference. Irish police arrested 11, confiscated drugs worth 16 million euros and seized 350,000 euros in cash along with cryptocurrency and more than 150 electronic devices, said Justin Kelly, assistant commissioner of the Irish National Police.
"Criminals thought they would and could hide behind technology to coordinate drugs and weapons traffic, extreme violence and money laundering across borders," said Europol Executive Director Catherine De Bolle. "No matter how advanced the technology, no matter how secure they think their communications are, we will find them."
The takedown is one of a series of international law enforcement operations targeting encrypted communication networks. French and Dutch police in 2020 penetrated encrypted messaging service EncroChat, an operation that authorities last year said led to the arrests of 6,558 individuals worldwide and the recovery by police of 900 million euros in criminal funds (see: EncroChat Disruption Leads to Arrest of Over 6,000 Suspects).
Belgian and Dutch police in 2021 targeted Sky ECC, another now-defunct encrypted messaging service (see: Police Target Criminal Users of Sky ECC Cryptophone Service).
Ghost did not have the same number of users as those two chat networks, Europol Deputy Executive Director Jean-Philippe Lecouffe said during the press conference. The disruption of those other services fragmented the criminal market for encrypted chat, he said. "Sometimes the smaller networks get the most bottom criminals and the most interesting information," he added. Lecouffe also made the by-now standard plea from law enforcement for tech providers not to offer unbreakable end-to-end encryption, calling access to communications among criminals "the lifeblood of our operations."
Cybersecurity advocates have pushed back against attempts by governments to create a weakness in end-to-end encrypted messaging, arguing that hackers would ultimately discover and exploit the flaw. The European Court of Human Rights earlier this year ruled that end-to-end encryption is essential to preserving the right to privacy in digital communication systems, and privacy advocates have argued that lawful access mechanisms to messages would be a conduit to mass surveillance. Tech companies have generally resisted police calls for no end-to-end encryption, citing a need to retain user trust in online messaging.
French authorities in late August arrested and charged Telegram CEO Pavel Durov for complicity with hacking, child sexual abuse material and refusal to cooperate with law enforcement authorities (see: Indictment of Telegram CEO Threatens End-to-End Encryption).
Updated Sept. 18, 2024 20:13 UTC: This story has been updated with additional detail throughout.
With reporting from Information Security Media Group's Jayant Chakravarti in Pune, India and David Perera in Washington, D.C.