Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts

[steven36]

BlackBox IronPhones' IronChat app convos intercepted

 

 

Dutch police claim to have snooped on more than a quarter of a million encrypted messages sent between alleged miscreants using BlackBox IronPhones.

 

The extraordinary claim was made in a press conference on Tuesday, in which officers working on a money-laundering investigation reckoned they had been able to see crims chatting “live for some time."

 

The suspects had been using the IronChat app on their IronPhones, which uses a custom implementation of the end-to-end off-the-record (OTR) encryption system to scramble messages.

 

Netherlands police said the BlackBox smartphones cost “thousands of Euros” –BlackBox charged a seriously premium subscription of around €1,500 for six months of use – and sport a panic button that's supposed to delete all a user's messages when pushed.

 

 

While the officers did not detail how they got hold of and cracked the encrypted IronChat messages, they had seized BlackBox Security's server. It sounds as though the encrypted conversations were routed through that system. Therefore, once collared, that box – or a server masquerading as it – could have been set up to decrypt and re-encrypt messages on the fly, or otherwise intercept the connections, allowing the cops to spy on the chats.

 

An error or weakness in the encryption implementation could also have been exploited by investigators, allowing them to crack messages intercepted over networks.

In any case, intelligence from these conversations was then used to snare folks suspected of laundering money and other crimes.

 

Specifically, the clog-plod seized the website and server of the Edward Snowden-endorsed company BlackBox Security after arresting two men apparently behind the business: a 46-year-old from Lingewaard, and a 52-year-old from Boxtel. Another three men were nabbed in Almelo and Enschede, and police expect to make “hundreds” more arrests in the course of their investigation.

 

Aart Garssen, Head of the Regional Investigation Service in the Eastern Netherlands, said there have been 14 arrests so far in total, including folks cuffed at a suspected drug lab in Enschede where officers seized €90,000 in cash, automatic weapons, and “large amounts” of drugs like ecstasy and cocaine.

 

He added that police moved on the criminal operation to forestall “retaliatory action” between members accusing each other of snitching to the cops.

 

Speaking to De Telegraaf, Fox-IT researcher Frank Groenewegen called the police probe a “nice piece of research work,” and noted that using encrypted chat apps that rely on central servers “puts your fate in someone else's hands.”

 

Source

[straycat19]

How stupid can you get, look no farther than Dutch police.  When you break something, particularly encryption, you never, ever, reveal that fact.  Let the idiots figure out how you found the information that is used to put them behind bars.  Their first inclination is that someone ratted them out, which is good, that makes them suspicious of other people and interrupts their criminal activities.  And always deny everything, no we didn't break the encryption, no we never processed that information, no we didn't forward that data to appropriate authorities, and so on.  Like on the US TV Show Survivor, outwit, outlast, and outplay....blindside them.

[nonspin]

A judge has to issue the order and the depth of the scope - based on whatever leads the police has,

or potentially will get (if).

At some later point, that judge decides if and what charges are filed.

.. In a functioning state-of-law you let the parties know, what those charges are ..

.. and -> how you got them .. in order to prepare a defense and to ensure everything was obtained
"by the book".

 

Since this is about money laundering - i'm  not surprised that the Judge allowed these measures.

[Ha91]

@straycat19 @nonspin The basic conclusion is that don't use a highly secure service, especially if it puts you into a spotlight because the users are so small. 😄
This is the wisest advise that one can offer over privacy and security.

Also, if UncleSam wants to hack you because they even have a doubt then you are in serious trouble. How do you think Snowden and the likes of his ever get traced? 😛