Belgian Federal Computer Crime Unit reportedly broke into the encrypted chat application Sky Ecc.

[The_Hawkeye]

 

 

Summary

Officers of Belgium’s federal judicial police are involved in a major series of raids targeting organised crime and drug dealing. After an investigation that started more then two years ago, yesterday night police have raided 200 properties in the Belgian provinces of Limburg, Antwerp and elsewhere. Over 1,500 officers are taking part in this operation. The basis for the raids was the fact that the Belgian Federal Computer Crime Unit reportedly broke into the encrypted chat application Sky Ecc, which was announced as "unbreakable" and "The World's Most Secure Messaging Platform". The police was able to capture 1 billion of encrypted messages of which 500 million have already been decrypted

 

 

Quotes

Quote

Francophone broadcaster RTBF reports that many years of investigation precede today’s operation.  Officers belonging to the Federal Computer Crime Unit reportedly broke into the encrypted chat application Sky Ecc.  Suspects are believed to have used telephones on which the camera, blue tooth and GPS functions had been taken out of service, but police were able to read millions of messages in the run up to today’s raids.

 

Cyber security consultant Tim Cools, who used to work for the Federal Police Crime Unit explains that the Sky Ecc system is particularly well designed: “I think it’s quite something if the police managed to break into this system.  I would put my money on an infiltration operation meaning that somebody gave the police access.”

 

Sources

https://www.vrt.be/vrtnws/en/2021/03/09/200-properties-raided-across-belgium-in-drugs-probe/

https://www.brusselstimes.com/news/belgium-all-news/159039/cracking-of-encrypted-text-messaging-service-sky-ecc-app-dealt-major-blow-to-organised-crime/

 

[HarryNyquist]

4 hours ago, The_Hawkeye said:

Cyber security consultant Tim Cools, who used to work for the Federal Police Crime Unit explains that the Sky Ecc system is particularly well designed: “I think it’s quite something if the police managed to break into this system.  I would put my money on an infiltration operation meaning that somebody gave the police access.”

This is a stupid statement, Tim. It can't be a well-designed system, or for that matter a secure system, if the possibility is there that anyone can be given access if they ask.

[Heliian]

1 minute ago, HarryNyquist said:

This is a stupid statement, Tim. It can't be a well-designed system, or for that matter a secure system, if the possibility is there that anyone can be given access if they ask.

Not hard to believe it was cracked, that's how this works.  Its the security keeping up with the jones'.  The u.k. did something similar a while back. 

[CarlBar]

2 hours ago, HarryNyquist said:

This is a stupid statement, Tim. It can't be a well-designed system, or for that matter a secure system, if the possibility is there that anyone can be given access if they ask.

 

Given the wording i'd assume he means the Belgian police either sent an undercover into the business or alternatively got the indirect aid of someone allready within the company, doesn't sound like he's saying they got a warrant or the like.

[Bombastinator]

7 hours ago, HarryNyquist said:

This is a stupid statement, Tim. It can't be a well-designed system, or for that matter a secure system, if the possibility is there that anyone can be given access if they ask.

Social engineering has been the best in for malware for how many years?

[The_Hawkeye]

4 hours ago, CarlBar said:

 

Given the wording i'd assume he means the Belgian police either sent an undercover into the business or alternatively got the indirect aid of someone allready within the company, doesn't sound like he's saying they got a warrant or the like.

To be clear, almost no details are currently known on what they did and how they achieved to break in. Yesterday the news just broke about the fact that they did it, using 1600 policemen, performed 200 raids, made 48 arrests (including some well known lawyers apperently), captured 17 tons of cocaine, 1.2 millions of euros of cash and multiple fire arms. Which is an impressive feat by itself, but for me the "techy" part of it was really that they managed to break into an ecosystems specifically used by (top)criminals because it was seen as safe and un-hackable. For example SkyECC offered a bounty of 5 million USD if someone managed to break their encryption. 

 

Some more facts about the cryptophone/SkyECC ecosystem: 

• The Belgian attorney general expects there to be 171k of SkyECC phones active in the world 
• Of which 70k in the middle east and 18k in the Benelux (12k Netherlands, 6k Belgium)
• In Belgium they are mainly used in criminal activities around the ports of Antwerp
• A 3-monthly subscription is costing you between 1349 and 1539 euro, depending on the type of phone used
• The phone hardware (based on an iPhone or Pixel4) is stripped of the camera(s), microphone, GPS and USB connection
• The phone can only communicate with other cryptophones using end-to-end encryption
• The app can be cloaked as a calculator 
• The phone can be remotely wiped

I'm sure that many more details will follow in the days/weeks/months to come and who knows, they might turn it into a movie  

 

Source (in Dutch): https://www.standaard.be/cnt/dmf20210309_98162894

[Bombastinator]

4 hours ago, CarlBar said:

 

Given the wording i'd assume he means the Belgian police either sent an undercover into the business or alternatively got the indirect aid of someone allready within the company, doesn't sound like he's saying they got a warrant or the like.

By warrant you are referring to the way such things work in your country Belgium is really old and they are near France. Napoleonic law has some serious differences with Edwardian law, and it’s the Belgian polices job to be intimately familiar with such things.  An example for americans: common law marriage is an artifact of napoleonic law and only exists in states that were origionally French properties.  A total of two iirc.  In most of America common law marriage doesn’t exist.

Edited March 10, 2021 by Bombastinator

[Bombastinator]

6 minutes ago, The_Hawkeye said:

To be clear, almost no details are currently known on what they did and how they achieved to break in. Yesterday the news just broke about the fact that they did it, using 1600 policemen, performed 200 raids, made 48 arrests (including some well known lawyers apperently), captured 17 tons of cocaine, 1.2 millions of euros of cash and multiple fire arms. Which is an impressive feat by itself, but for me the "techy" part of it was really that they managed to break into an ecosystems specifically used by (top)criminals because it was seen as safe and un-hackable. For example SkyECC offered a bounty of 5 million USD if someone managed to break their encryption. 

 

Some more facts about the cryptophone/SkyECC ecosystem: 

• The Belgian attorney general expects there to be 171k of SkyECC phones active in the world 
• Of which 70k in the middle east and 18k in the Benelux (12k Netherlands, 6k Belgium)
• In Belgium they are mainly used in criminal activities around the ports of Antwerp
• A 3-monthly subscription is costing you between 1349 and 1539 euro, depending on the type of phone used
• The phone hardware (based on an iPhone or Pixel4) is stripped of the camera(s), microphone, GPS and USB connection
• The phone can only communicate with other cryptophones using end-to-end encryption
• The app can be cloaked as a calculator 
• The phone can be remotely wiped

I'm sure that many more details will follow in the days/weeks/months to come and who knows, they might turn it into a movie  

 

Source (in Dutch): https://www.standaard.be/cnt/dmf20210309_98162894

That 5 million thing is interesting.  Was it claimed?

[Drama Lama]

Holy waffles 

[Bombastinator]

Just now, Drama Lama said:

Holy waffles 

..Batman...  that’s it! Waffles!  *punches his palm with is his fist*

[The_Hawkeye]

1 hour ago, Bombastinator said:

That 5 million thing is interesting.  Was it claimed?

No that it's known today, could be a little strange though: 

• Today: Hey I've cracked your encryption, please give me my 5 million
• Tomorrow: Oh by the way, we've listened in to your customers communications and are now making around 50 arrests, so sorry not sorry?????

[Bombastinator]

4 minutes ago, The_Hawkeye said:

No that it's known today, could be a little strange though: 

• Today: Hey I've cracked your encryption, please give me my 5 million
• Tomorrow: Oh by the way, we've listened in to your customers communications and are now making around 50 arrests, so sorry not sorry?????

If they actually cracked the encryption they can claim the money.  If they socialengineered it though they can’t.  Could be an indicator.  5 million might be enough for a police department to do something like that. Also might not though.

[Neftex]

probably a long con, something like sky employed undercover agent programmer that fucked with the code some time later

[The_Hawkeye]

New development SKY ECC claims it was not hacked!

 

Quote

VANCOUVER, British Columbia, March 09, 2021 (GLOBE NEWSWIRE) -- Sky ECC received notification of several articles published in Belgium and the Netherlands alleging that Belgian and/or Dutch authorities have cracked or hacked SKY ECC encrypted communication software. SKY ECC maintains, after thorough investigation, that all such allegations are false.

 

SKY ECC authorized distributors in Belgium and the Netherlands brought to our attention that a fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices, and security features of authorized SKY ECC phones were eliminated in these bogus devices which were then sold through unauthorized channels.

 

source: https://www.globenewswire.com/news-release/2021/03/10/2190026/0/en/SKY-ECC-platform-remains-secure-and-no-authorized-Sky-ECC-device-has-been-hacked.html

[Bombastinator]

1 hour ago, Neftex said:

probably a long con, something like sky employed undercover agent programmer that fucked with the code some time later

Sleeper agent is I think the term.  

[GimmeGaming]

On 3/9/2021 at 7:32 PM, The_Hawkeye said:

 

 

Summary

Officers of Belgium’s federal judicial police are involved in a major series of raids targeting organised crime and drug dealing. After an investigation that started more then two years ago, yesterday night police have raided 200 properties in the Belgian provinces of Limburg, Antwerp and elsewhere. Over 1,500 officers are taking part in this operation. The basis for the raids was the fact that the Belgian Federal Computer Crime Unit reportedly broke into the encrypted chat application Sky Ecc, which was announced as "unbreakable" and "The World's Most Secure Messaging Platform". The police was able to capture 1 billion of encrypted messages of which 500 million have already been decrypted

 

 

Quotes

 

Sources

https://www.vrt.be/vrtnws/en/2021/03/09/200-properties-raided-across-belgium-in-drugs-probe/

https://www.brusselstimes.com/news/belgium-all-news/159039/cracking-of-encrypted-text-messaging-service-sky-ecc-app-dealt-major-blow-to-organised-crime/

 

Were the raids done on Saturday night? I was driving through Belgium on my way to Cherbourg in France and the Belgian police were all over the place and were checking every car but not related to covid as when they looked at my car they checked me and they were comparing me to something on their phone, when I didn't match it, they sped off just saying goodbye. This happened twice.