What is EncroChat?

Toby Wilbraham, solicitor at Olliers, considers the admissibility of evidence obtained as a result of the infiltration of the EncroChat network.

What was EncroChat?

EncroChat was a service provided to the public whereby encrypted handsets, called ‘carbon units’ were sold that provided much greater security for users than standard phones. The phones were designed to be used legitimately by celebrities or other people who valued their privacy.

The phones had their GPS, camera and microphone functions disabled and were sold with pre-installed applications, including EncroChat, an OTR-based messaging app which routed conversations through a central server based in France, EncroTalk, a ZRTP-based voice call service, and EncroNotes, which allowed users to write encrypted private notes. Additionally, users could enter a PIN code which would immediately delete all of the messages on the device – as would happen in the event that wrong passwords were repeatedly entered.

Although EncroChat was originally developed for “celebrities who feared their phone conversations were being hacked”, the phones were also used by criminals who wished to utilise the high level of security.

Similar encrypted phones were used by the killers of Paul Massey in Manchester in 2015 and EncroChat was linked to the May 2018 gangland murder of John Kinsella in Rainhill. EncroChat first came to the attention of the French Gendarmerie in 2017, which said it was regularly finding the phones when conducting operations against organised crime gangs. Law enforcement agencies believed that the service was used extensively throughout Europe by criminal organisations. Prosecutions for organised crime were often based on the analysis of mobile phone data, but it was not possible to do that with seized EncroChat units.

End of The Line

It’s no surprise that law enforcement agencies wished to infiltrate the service. The French Gendarmerie discovered that EncroChat was operating from servers based in France and were eventually able “to put a technical device in place” which allowed them to access the encrypted messages sent over the company’s network. Although it isn’t clear what this device was, it suggests the investigators were able to deploy some form of technical implant on the network rather than break the encryption protecting the messages in transit.

After infiltrating the network they were able to download a significant amount of user data for a period of months in 2020. This data was then passed to other Countries in Europe including the UK. In the UK the data was passed to local Police forces who could use the information where it could be linked to local Organised Crime Groups (OCG’s).

Encrochat users had nicknames linked to their phones (e.g. ‘jackthelad13’) and the Police could in some cases link these usernames to local criminals. These OCG’s were then arrested and prosecuted, based on this data.

Users only became aware of this ‘hack’ on the 13th June 2020 when EncroChat sent them the following message:

“Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units.

With control of our domain they managed to launch a malware campaign against the carbon to weaken its security.

Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack.”

By then it was too late, the data had been compromised and downloaded.

Admissibility

There are a number of large scale prosecutions around the UK based on the EncroChat evidence. These cases stand or fall on the usability of the evidence. If it can be used the cases are strong, if not they will fail.

It’s extremely important to challenge the evidence in every possible way to prevent it being admissible in Court. The main ways to challenge the evidence are as follows:

• Legality – The way the evidence was obtained, downloaded and disseminated to UK law enforcement agencies is to be challenged. It’s likely that there will be a number of test cases looking at this which could end up at the Court of Appeal.

• Attribution – If the evidence is foud to be illegally obtained can the Prosecution prove that ‘jackthelad13’ is the person they allege it is. Attribution has to be looked at in detail to see if there is some doubt that can be cast upon it.

• Continuity – Is there a clear and traceable chain in the way the evidence was obtained? If not then it may not be admissible.

• Expert Evidence – The evidence seems to have been obtained by the injection of a malware into the main server. Is there any way that the data could have been compromised. If so then it could cast doubt on the data produced.

Olliers Solicitors – Specialist Criminal Defence

If you are prosecuted for such a case it is important you are represented by a firm such as Olliers who are fully aware of the importance of these issues to enable effective representation. Olliers specialises in the defence of serious criminal allegations including large scale drugs conspiracies.

Article written by Toby Wilbraham