This week, Europol and law enforcement officials from nine countries (the United States, Canada, France, Italy, Ireland, Australia, Sweden and the Netherlands) reported the successful destruction of the Ghost encrypted communications platform.
The platform, like Encrochat, Sky ECC, Phantom Secure, and Anom, was reportedly used by organized crime groups, mainly involved in drug trafficking and money laundering.
Ghost scheme from the Australian Federal Police
Ghost has been around since 2015 and offered its users an advanced security and anonymization system, allowed them to pay for subscriptions with cryptocurrency, had three layers of encryption, and a self-destruct message system that erased all evidence on both the sender's and recipient's devices.
According to authorities, thousands of people around the world used Ghost to exchange approximately 1,000 messages daily, and an extensive global network of resellers promoted the platform to potential customers.
The cost of a subscription to Ghost was $2350 for six months. This amount included the modified device itself (as a rule, in such cases, modified smartphones are used, in which there is no camera, microphone, GPS module, USB port, and so on), as well as technical support services.
Confiscated Ghost devices
The investigation into the platform, led by Europol, began back in March 2022 with the participation of law enforcement officers from the United States, Canada, France, Italy, Ireland, Australia, Sweden and the Netherlands.
According to representatives of the National Department of Cyber Command at the French Ministry of the Interior, for several years they have been providing the task force with technical resources that helped decrypt Ghost's messages. For example, the Australian police were able to modify software updates that were regularly released by administrators.
"Essentially, we infected the Ghost devices, which allowed us to access content on the devices in Australia," said Ian McCartney, deputy commissioner of the Australian Federal Police.
As a result, experts were able to find Ghost servers in France and Iceland, find the owners of the platform in Australia, and trace assets associated with Ghost to the United States.
Examining all the evidence collected over the years allowed authorities to organize coordinated raids in different countries, resulting in the arrest of 51 people: 38 in Australia, 11 in Ireland, one in Canada and one in Italy (it is claimed that this person played a "big role" in the Sacra Corona Unita group). At the same time, additional arrests are expected in Australia and other countries in the coming days.
It is also reported that during the searches, the authorities liquidated the drug laboratory and seized weapons, prohibited substances and more than one million euros in cash.
The main operators and managers of the platform have already been charged with five counts.
The head of Ghost is called 32-year-old Jay Je Yoon Jung, who was arrested in Sydney. According to ABC, Australian authorities have known about Ghost for seven years, but until 2021 they did not know that the alleged administrator of the platform was Australian.
If the defendants are found guilty, they could face up to 26 years in prison.
The Australian Federal Police has dubbed the operation "Kraken" and claims that the Ghost was used in Australia and overseas to import illegal drugs and order assassinations.
"Ghost has been used by hundreds of criminals, including Italian organized crime, biker gang members, organized crime in the Middle East and Korea," law enforcement officers write.
Australian police report that 376 Ghost smartphones were active in the country. As a result of tracking 125,000 messages and 120 video calls since March this year, it was possible to prevent the distribution of more than 200 kg of illegal drugs, as well as the murder, abduction or harm to the health of 50 people. Also, as a result of the liquidation of the platform, 25 units of illegal firearms were seized.
As noted by 404 Media, on the official website, Ghost was described as a "secure encrypted communication service of the future."
"Have peace of mind and protect sensitive business information from prying eyes. Ghost offers industry-leading tools that enable confident communication wherever you are," the ad read supposedly legal platform.
Interestingly, Europol officials themselves note that the elimination of Ghost and similar services in the past (Sky ECC, EncroChat and Exlu) ultimately leads to a fragmentation of the encrypted communications landscape, which makes it difficult to investigate and detect crimes.
"In response to [our] actions, criminals have begun to use a variety of less common or custom-designed means of communication, which provide varying degrees of security and anonymity," Europol explains. "This strategy helps attackers avoid exposing all of their criminal operations and networks within a single platform, thereby reducing the risk of interception."
These words of law enforcement officers are confirmed by journalists of 404 Media. According to them, at present, the only major player in the market of secure communications for criminals seems to be No. 1 Business Communication (No. 1 BC), which is actively used by the Italian mafia.
At the same time, distributors of secure phones told the publication on condition of anonymity that their customers have recently switched to using Signal and the secure GrapheneOS operating system.
Changes in the encrypted communications landscape were also noted in a report (PDF) by the New South Wales Crime Prevention Commission published in October 2023.
This document states that between 2022 and 2023, the market for encrypted communications for criminals in Australia "changed at an unprecedented pace." For example, serious organized crime groups have largely stopped using traditional encrypted platforms due to problems with their security, availability, and stability.
Instead, criminals are increasingly using "encrypted messaging apps such as Threema, Signal, and Wickr, which are installed on 'hardened' phones with VPNs, secure OS, and gray SIM cards."
The report also noted that Australian organised crime is "investing in the development of dedicated encrypted messaging apps, both for their own use and for sale to other syndicates".
• Video:
Source
