Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Encryption

Global Police Dismantle Encrypted Messaging App Used By Criminals (ft.com) 36

Posted by msmash from the privacy-woes dept.
International police forces have taken down an encrypted communication platform and arrested 51 people, marking a success for co-ordinated efforts to crack down on anonymous messaging services used by criminal groups. FT: Europol and law enforcement agencies from nine countries dismantled Ghost [non-paywalled source], an online platform which used three different encryption standards and allowed users to destroy all messages by sending a specific code, Europol announced on Wednesday. The crackdown is the latest operation by international agencies to decode encrypted messaging services used by criminals to manage their international operations, following the takedown of platforms such as EncroChat and Sky ECC in recent years.

[...] McLean said Ghost was administered by a 32-year-old man from Australia, one of the operation's principal targets. As a result of the decryption operation, where officers broke the app's code so they could read users' messages, the death or injury of as many as 50 people could have been prevented, McLean said.
This discussion has been archived. No new comments can be posted.

Global Police Dismantle Encrypted Messaging App Used By Criminals More

Global Police Dismantle Encrypted Messaging App Used By Criminals

Comments Filter:

  • Crypto done by amateurs (Score:3)

    by gnasher719 ( 869701 ) on Wednesday September 18, 2024 @01:51PM (#64797015)
    50 criminals only? There have been previous cases where they found thousands. To the point where the UK police had no chance following up on everything.

    The first case was the providers update server being hacked, so criminals downloaded a version that was hacked by police. The second one, the NSA actually hired someone to write the application and managed to distribute it. No hacking involved; sending all your messages to the police was not a bug but a feature.
    • How did they know Ghost was used to kill 50 people? Did they have a pre-existing backdoor? Was the software compromised or did it use weak encryption? Also, if not, is encryption itself outlawed now? I think I should make an encryption software with E2E encryption that works like email. Host your own accounts, private keys, public keys, and DNS records to find the hosting server. No need for a centralized platform.

      • Was the software compromised or did it use weak encryption?

        In previous cases, NSA and GCHQ made sure that they didn't do any decryption. Instead the message was sent in the clear to the police, and then in encrypted form to the intended receiver.

        That was done to get around loopholes where someone might claim that decrypting their messages was illegal and decrypted messages could not be used as evidence. The police received messages that had not been enrypted yet.

        • Re: (Score:2)

          by Hadlock ( 143607 )

          Most halfway decent messaging platforms now offer end to end encryption, where only the end devices have the keys. The service is only passing encrypted messages back and forth.
           
          It's kind of surprising this isn't the default, but I guess they pay for the messaging service by selling user info.

      • Re: (Score:3, Interesting)

        by Seven Spirals ( 4924941 )
        I run a private XMPP server and use SSL only. It's not what I'd call fort-knox secure, but it's all running on my own hardware and I approve and setup each client. It's just for my friends and family, but it does work for the purpose of keeping people from causally hacking and viewing my IM's. I've considered putting OTR over the top of all that, too, but I don't want to limit the types of clients I can take on.
    • not 50 criminals only. 50 people who were being targetted by criminals, criminals caught up in this number in the thousands.

    • Re: (Score:2)

      by gweihir ( 88907 )

      Funny thing about cryptography and IT security I have noticed in doing this for 35 years now: There are tons of half-wits that think they have it all figured out and are experts. When they do things and there is an actual, halfway competent attacker, this is the results you get.

  • As a result of the decryption operation,where officers broke the app's code so they could read users' messages, the death or injury of as many as 50 people could have been prevented

    It's amazing how the writer of the story thinks the only way for people to communicate is one singular app.

    • It's amazing how the writer of the story thinks the only way for people to communicate is one singular app.

      Don't see how that follows. If they found out about a kidnapped person from the decrypt and rescued them, that's a life saved. If they listened in to a planned murder and arrested the murderer and the conspirator, that's a life saved. Other routes of communication irrelevant.

  • I guess folks will go back to using PGP?

    • Comment removed based on user account deletion
    • Few ever really used it and the ones that did probably had their passphrase keylogged by The Man at some point anyway. Don't rely on encryption for personal privacy if you know what's good for you. Don't use computers at all if you really want to increase your opsec.

    • Re: (Score:2)

      by jonwil ( 467024 )

      What we need is something like https://jami.net/ [jami.net] but even more open (e.g. multiple independent forks/implementations etc)

  • I'll bet 50 people died for many more mundane reasons yesterday, like access to food, safe water, or effective housing. Or feeling and being alone.

    But they want to feel self righteous... To judge someone else. And be paid well to do it by everyone else. Perpetuating their own delusion that 'they' (both the police and criminals) deserve what they get.

    It's good to remember, illegal is not equivalent to immoral.

  • Between this and Telegraph CEO being arrested in france, it looks like even though the underlying encryption and program isn't illegal, offering E2E services soon will be, or at least, unlicensed networks operating independently of The State

    • Is it any wonder no one want to bring kids into this world?

      • Is it any wonder no one want to bring kids into this world?

        The Telegram CEO was okay with it, he claims to have over 100 (from sperm donations).

    • Exactly. Plus, if that doesn't work they can just get you for communicating misinformation without a license, wait... that's not illegal? Okay, I really meant hmm, uhh, kiddie porn! Yeah that's it!

      The minute you share a resource someone can use for CSAM, they can always just get a criminal informant to use your network then turn state's evidence. This provides a huge retarding factor to the growth of any private non-commercial non-government networks.

  • They keep falling for this trick over and over, starting with An0m. They won't stop falling for this kind of trick, because they are by nature liars and thieves, hoping to find a communication system they can *trust*. Trust is a characteristic of people who are *not* criminals. Any platform that explicitly caters to criminals, is almost certainly up to no good, and is not working in the best interests of its criminal customers.

  • They found servers in France and Iceland and located the owners of Ghost in Australia, where authorities arrested a 32-year-old administrator

    TFA never really specifies why they arrested the guy. What, exactly, did he do that is illegal? If criminals use Android phone, are they going to arrest Google's CEO?

Slashdot Top Deals

((lambda (foo) (bar foo)) (baz))

Close