US indicts Sky Global CEO for providing encrypted phones to criminal gangs
The US Department of Justice has charged on Friday the CEO of Sky Global, the parent company behind Sky ECC, a mobile encrypted communications platform primarily used by criminal organizations.
Jean-Francois Eap, Sky Global CEO, a Canadian citizen, was indicted on Friday, along with Thomas Herdman, a former distributor of Sky Global encrypted devices.
Both were charged under the Racketeer Influenced and Corrupt Organizations Act (RICO), a law that has been rarely used to go after technology companies.
Sky Global sold encrypted phones to criminal gangs
Sky Global sold custom-made Android, BlackBerry, or iPhone smartphones that had no GPS sensors, camera functions, and a panic button that could wipe all their contents.
The phones were preconfigured to connect to the Sky ECC platform through a series of custom chat apps that allow members of the same criminal gang to carry out encrypted communications.
On Friday, US prosecutors said the company "knowingly and intentionally" sold its services to criminal gangs to help them prevent law enforcement from actively monitoring their communications and obstruct criminal investigations by "remotely delete evidence of such activities" from its network whenever needed.
Investigators said Sky Global instituted an "ask nothing/do nothing" approach toward its 70,000 clients and even implemented cryptocurrency transactions on its website to protect their identities.
Sky Global's fall
The Sky Global indictment in the US comes after three days earlier, on Tuesday, March 9, Belgian and Dutch authorities seized Sky ECC servers.
Authorities also arrested 78 suspects following 275 home searches across the two countries.
Belgian police said they first started investigating the company after they kept finding phones on drug mules arrested in the port city of Antwerp, a gateway into Europe for international drug trafficking rings.
Belgian investigators had a breakthrough in mid-February when they found a way to intercept more than a billion cleartext messages sent on the Sky ECC platform.
Sky Global denied any involvement, claiming in a press release that Belgian and Dutch officials had actually seized devices and arrested suspects using a "fake phishing application falsely branded as SKY ECC" that had no connection to the company.
The statement didn't convince US officials, though, who had been investigating the company for months, together with Europol, French, Belgian, and Dutch officials.
The DOJ estimated the company's profits in the range of hundreds of millions of US dollars, some of which it laundered through a network of shell companies.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.