Belgian and Dutch police take down encrypted criminal chat platform Sky ECC
Law enforcement agencies from the Netherlands and Belgium have shut down today Sky ECC, a company that provided a secure encrypted messaging platform to criminal organizations across the world.
Authorities said they infiltrated the platform in mid-February 2021 and have managed to intercept live messages exchanged through the company's servers.
Officials said they used the access they gained last month to collect information on Sky ECC customers and help prevent violent crimes, such as kidnappings, shootings, and murders.
More than 100 arrests already; more to come
Today, Dutch and Belgian police officers carried out raids in both countries.
In the Netherlands, Dutch investigators raided 75 homes and offices and made 30 arrests part of Operation Argus.
In Belgium, more than 1,500 police officers carried out 200 house searches and arrested 48 suspects part of Operation A-Limit. According to local media, most of the suspects were arrested around the port city of Antwerp, a gateway for shipping drugs into and out of Europe, with investigators also seizing $1.2 million in drug trafficking money.
Many EncroChat customers moved to Sky ECC
Dutch Police said Sky ECC launched last year after a similar police investigation shut down Encrochat, a company that provided a similar secure platform and encrypted phones to cybercriminals.
Officials said that many criminal gangs moved from Encrochat to Sky ECC, and the new company amassed more than 70,000 users by the end of 2020, with more than 11,000 located in the Netherlands and another 6,000 in Belgium.
Sky ECC's main product was its proprietary messaging mobile app that allowed gang members to exchange encrypted communications via a private global network of servers.
Customers could install the app on Android, BlackBerry, and iPhone devices, and the app would prevent their data from being leaked to the underlying OS or other phone trackers.I=
In addition, customers could also buy custom phones that had already been secured by Sky ECC, which had no cameras, GPS sensors, and did not allow users to install third-party apps. These phones, which cost between 800 and 2,200 euros to rent for a period of six months, also included a panic button to erase all their content in case of emergency or an arrest.
$5 million prize
In a contest put up on its website last year, the company was so confident in its technology that it offered to pay a $5 million prize to anyone who hacked its systems.
Belgian police said began investigating the company after they seized a container with 2.8 tons of cocaine last year in Antwerp and found Sky phones on suspects they arrested.
Neither Dutch nor Belgian police say how they breached the company's network beyond releasing a generic statement of gaining the ability to read live messages. Belgian police said they alone intercepted around one billion messages from Sky ECC devices.
Belgian police said Sky ECC refused to work with investigators in past cases.
Update, March 10: A Sky ECC spokesperson contested the accuracy of police statements in a press release. Sky ECC claimed that law enforcement did not breach their platform, but a cloned system set up by an unauthorized party.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.