Breaking News

Cracking the criminal Enigma Code: How a telecoms expert at a British university was key in breaking EncroChat phone system that led to arrest of gangs around the world

Pictured is £5 million in cash. Over the last three months, European partners and the National Crime Agency (NCA) have shared data with the MPS relating to messages sent via an encrypted communication system called Encrochat

Dawn is breaking over the Dutch village of Wouwse Plantage. The only sound is of birdsong — and the shuffle of a heavily armed and armoured police team as it creeps along the outside wall of a warehouse.

A police video will later show a block of explosive being placed against one of the nondescript building’s doors. There is a flash, a tremendous bang and, with shouts of ‘Politie!’, the squad storm inside the building, assault rifles and battering rams at the ready.

That was last month. And what the police found there, among a labyrinth of temporary offices and living quarters, was the most chilling discovery in one of the most extraordinary international police operations of our time.

Inside the warehouse were seven shipping containers. Six had been fitted out as underworld prison cells. The seventh was a purpose-built gangsters’ torture chamber, almost finished and ready to use.

It was equipped with a leather dentist’s chair into which victims could be strapped by their arms and legs. A ‘gruesome’ array of equipment had been assembled ‘to torture or put pressure on prisoners’, including pruning shears, loppers, a saw, scalpels, pliers, masking tape and black bags to put over a detainee’s head.

The grim find was just one of many in a three-year investigation, led by the French and Dutch, which was revealed earlier this week in a blaze of triumphant publicity.

By then, police had managed to penetrate and destroy multiple organised crime groups and their operations around the world, from the UK and mainland Europe to the Far East.

The unprecedented scale of their achievements was thanks largely to a small number of telecoms experts working for law enforcement agencies, whose success has been likened in some quarters to the breaking of the German Enigma code at Bletchley Park in World War II.

They were able to break the ‘military-grade’ security of the EncroChat mobile telephone network, whose tens of thousands of customers were said to have been using the service for criminal activity in ‘90 to 100 per cent of cases’.

As a result, in the UK in recent months there have been more than 700 related arrests, £54 million in cash linked to criminal activities has been recovered and dozens of firearms, including machine guns, have been seized — not to mention more than two tons of Class A and B drugs.

In one bust, officers from the Metropolitan Police found £5 million in used banknotes — the biggest single haul of cash in British policing history.

One of the biggest drug seizures involved 138kg of cocaine and 8kg of heroin, with a combined street value of £20 million. It was found in a lorry at the Port of Harwich, Essex, on June 1.

A 43-year-old man, Marcin Jadasz, from Prudnik in Poland, was arrested and has since been charged with two counts of importing a Class A drug with intent to evade a prohibition or restriction.

There were also rich pickings when police raided a factory in Rochester, Kent. There they found 28 million Etizolam pills, ready for transportation to Scotland. Known as ‘street valium’, Etizolam is said to have caused one drug death in every three north of the border in 2017.

And Greater Manchester Police’s Serious and Organised Crime Unit seized £1.7 million in cash, 15kg of cocaine, 2kg of heroin, 2kg of cannabis, 70kg of amphetamine, 500,000 Ecstasy tablets, six firearms — including machine guns — and more than 200 rounds of ammunition, as well as ten encrypted mobile phones.

They also discovered a hoard of criminal property worth hundreds of thousands of pounds, from high-powered cars to expensive jewellery.

No fewer than 37 people were arrested in that operation alone, of whom 33 were subsequently charged. They included a couple of professional boxers and a personal trainer to WAGs and pop stars. Others had conventional criminal backgrounds, having already been jailed or involved in trials for attempted murder — including that of police officers — serious violence and drug-related offences.

Such was the element of surprise that some criminals were caught almost literally with their pants down. One man arrested during a swoop in South Wales was led away wearing nothing but a pair of navy blue Y-fronts.

But however they were apprehended, almost all the suspects had one thing in common — using the EncroChat system to send messages or make calls.

Relevant data was passed on by the French and Dutch to be ‘harvested’ by British law enforcement agencies. All bar 25 of the 113 people charged by the Metropolitan Police in connection with the EncroChat-related raids — codenamed Operation Eternal by the force — have been accused of conspiracy to supply Class A drugs.

The others are alleged to have committed firearms offences or have been made subject to Proceeds of Crime Act applications.

The defendants range in age from 20 to 61 and live at addresses varying from a £3 million property in upmarket Holland Park to London’s sink estates.

One of those charged appears to be a retired ballet dancer. Another is a suburban shopkeeper.

There were also rappers, a burglar-alarm installer, a café owner, a lorry driver and a couple who were seemingly locksmiths.

Other suspects included a governor at an A-level college, a student of marketing, the manager of a vegan supermarket and someone who dabbled in jewellery and watch retailing.

The National Crime Agency, which supervised the UK analysis of the intercepted phone data, has said the knowledge it afforded helped prevent about 200 murders in this country.

Much remains unclear about how EncroChat was cracked. But using sources in the UK and mainland Europe, we can begin to piece together the fascinating and complex inside story.

We can also reveal that a telecoms expert who, until recently, worked at a British university is being hailed as an instrumental figure in cracking the criminal networks.

But nothing the police have uncovered so far quite compares with what was found at the Wouwse Plantage warehouse.

The gangsters’ attention to detail was evident. All the shipping containers had been soundproofed — to silence or muffle screams and cries for help — and lined with silver foil, apparently to hide the ‘heat signatures’ (detectable by thermal imaging cameras) of those being kept prisoner inside.

All the containers had handcuffs attached to both floors and ceilings. At a second warehouse linked to the first, police found a range of disguises and equipment for ‘precision’ kidnap operations, including fake police clothes, stop signs, bullet-proof vests and observation vans. There were also 25 firearms.

In the video of this second police raid, which shows officers entering a room containing a large number of police jackets, a member of the search team can be heard exclaiming in English ‘f*****g hell!’ in amazement at what he saw. It is not clear whether he was a British investigator seconded to the Dutch team or a colloquially bilingual Dutchman.

The identities of those believed to be behind the construction of the prison and torture chamber — and their rivals who might have ended up in the dentist’s chair — give some idea of the global importance of this multinational police operation.

Certainly the set-up did nothing to diminish the Netherlands’ reputation as a European clearing house for the trade in hard drugs, much of which end up in the UK. Critics have even described the Netherlands as on its way to becoming a ‘narco-state’.

Six men have so far been arrested on suspicion of ‘preparing for kidnapping, hostage-taking, serious assault, racketeering and participation in a criminal organisation’ in connection with the torture warehouse.

The alleged ringleader has been publicly identified by the Dutch authorities as ‘Robin Van O’, a ‘gym owner’ from Utrecht with serious criminal connections.

By means of the phone hack, police learnt of the preparations in April and kept the warehouse under close surveillance. According to Dutch sources, they were able to intercept several messages sent from the site by suspects as they prepared to put the torture chamber to use.

‘Once I have him on the chair . . . we’ll know more . . .’ ran one message. ‘But that dog [referring to the person he is looking for] is still missing.’

Police were able to warn those whom the gang were targeting by name for kidnap and torture, so they could go into hiding.

The warehouse was variously described by the suspects as a ‘treatment room’ or the ‘EBI’, which is also the name of a Dutch maximum security prison .

When the warehouse was raided on June 22, the rooms were still under construction and had nearly been completed.

The Dutch media has linked 40-year-old ‘Van O’ to the so-called Los Pepes alliance, a criminal cartel set up to rival or even replace that of the ultra-violent kingpin of Dutch-based drugs trafficking, Moroccan-born Ridouan Taghi.

Known as ‘the Moroccan Keyser Soze’ after the fictional inconspicuous crime lord played by Kevin Spacey in the film The Usual Suspects, Taghi has helped flood Europe with drugs, principally Latin American cocaine.

He has business contacts with other ‘Mr Bigs’ across the British Isles and elsewhere and is suspected of being behind several murders, among them the assassinations of the brother of a principal witness against him and the brother’s lawyer — a street killing that is viewed as an attack on the Dutch legal system itself.

With a record bounty of 100,000 euros on his head, Taghi was finally arrested at his mansion in Dubai in December last year. He is now being held in a Dutch jail, rather than a shipping container.

So what was the mysterious EncroChat network and how was it taken down?

In a conversation with the Mail last week, one UK security source wondered — not implausibly — whether EncroChat had been established from the very start as a ‘sting’ by the intelligence services to draw in, then exploit criminal communication networks.

Other sources have since said EncroChat was a private business that was then compromised by law enforcement agencies.

The latter acted because the almost sole use of EncroChat was to break the law.

Sources in the Netherlands told the Mail that the as-yet unidentified creators of EncroChat, or those who originally invested in it, were Dutch.

However, the commercial servers — the computers that managed the network messages sent and received by EncroChat users — were sited on the edge of the French industrial city of Lille.

That is one reason the French police, supervised by local magistrates, took the lead — in partnership with their Dutch colleagues — in taking it down. The French end of the investigation was codenamed ‘Emma 95’, the Dutch ‘Lemont’.

EncroChat phone handsets were adaptations of Android devices. They were being sold on the internet or from a handful of fixed locations for about £1,600 each. Some 60,000 were in circulation worldwide.

Among the security features was a ‘panic wipe’ function that cleared all data ‘from a screen lock by typing in a secret PIN’.

There was also an automatic ‘kill’ function that performed a similar task if the 15-digit security code was entered incorrectly.

EncroChat claimed the system was so secure that using it was ‘the electronic equivalent of a conversation between two people in an empty room’.

The EncroChat website — still accessible — boasts: ‘The goal of an Encrochat Encrypted Cell Phone is to simplify the process of encryption for the end user.

‘Once the power is on, the device starts to be encrypted. The clients have the facility to negotiate the keys as per their convenience. Additionally, the client can trust in the server as the server does not store or read the user data.

‘Everything is protected and safe and sound.’

Except it wasn’t.

A Dutch source told the Mail: ‘The French police managed to install “technical equipment” that bypassed EncroChat’s encryption, which gave them access to the user’s correspondence before it was encrypted.’

Another source told the Mail: ‘They infiltrated the servers and were able to join chats as an invisible party.’

They monitored millions of ‘chats’ in this way, obtaining a ‘colossal’ amount of information .

A telecoms expert said: ‘The way the handsets worked was not like a normal phone. Rather than having a number, each user had a username. You could use voice but most of the traffic was text messages, which would auto-delete after a few days.’

So how did the police find the users and break down their doors? ‘After getting into the servers, the police seem to have made the jump to tracking the SIM cards, which were all issued by one provider. This then gives you the location of the user in real time.’

A young forensic scientist in the French Gendarmerie, but with academic links to the UK, has been credited with developing the ‘Gendpass’ deciphering platform that led to the EncroChat hack.

From 2017-18 the individual concerned was an associate researcher at Royal Holloway, University of London.

The sophisticated hack was an overwhelming success.

Eventually, the people behind EncroChat became aware that it was compromised.

On June 13, the network sent an ‘emergency’ message to its subscribers: ‘Today we had our domain seized by government entities,’ ran the message.

‘You are advised to power off and physically dispose of your device immediately.’

Then it closed down for good. But it was too late for hundreds, if not thousands, of its customers.


Think your friends would be interested? Share this story!

No comments

Leave Your Comment