top of page

ENCROCHAT HACK: NCA may have known it was 'live interception' says defence after 2nd encryption hack

EXCLUSIVE: A PRELIMINARY hearing in an Encrochat prosecution had to be delayed after a lawyer suggested the National Crime Agency (NCA) may have known encrypted mobile phone messages could be intercepted while they were in transmission, while denying in its evidence to courts this was possible.

The crown court case, which cannot be identified for legal reasons, was adjourned last week after news broke of a second European hack of an encrypted phone messaging system suspected of being used by organised criminals.

On Tuesday Essex News and Investigations told how Belgian Police claimed to have broken into the Sky ECC secure platform before carrying out a series of raids on suspected drug dealers.

Sky ECC denied its system had been compromised, counter claiming that a fake version of its app had been created and sold to some users.

But, a press release from Belgian Police said it accessed around one billion messages and decrypted around half of them.

News of the Sky ECC hack was brought up by defence council in the crown court preparatory hearing which concerns a number of defendants charged with conspiracy to supply class A drugs, money laundering and firearms offences.

The "preparatory hearing" is looking at what evidence should go before the jury if the trial goes ahead.

HACK: Police in Belgium announced on Tuesday they cracked Sky ECC encryption (Belgian Police)

However, the defence barrister argued information revealed by the Belgian Sky ECC press release could undermine previous NCA claims, in this case and a previous preparatory hearing for another Encrochat prosecution, that live messages had not been intercepted during the Encrochat investigation called Operation Venetic.

In April Dutch and French investigators broke through the encryption of the supposedly secure Encrochat encrypted phone communication platform which was being used by around 50,000 people worldwide, including about 9,000 in the UK.They allowed police forces across Europe, including in the UK, access to previously sent and new "real time" messaging between suspected organised crime groups.

It led to hundreds of raids, arrests and seizures of drugs, cash and firearms across the UK in a series of unconnected operations.

Encrochat shut itself down when it discovered the hack in June.

Of the more than 1,000 people arrested as part of the wider operation, many were not found in possession of Encrochat devices, meaning several of the prosecutions, are based on remotely-obtained message evidence alone.

It is thought only a few hundred Encrochat devices were found.

The bulk of the arrests have been for drugs, firearms and money laundering, with some for conspiracy to murder.

RAID: Huge amounts of drugs were seized under Operation Venetic (NCA)

To get access to the messages the NCA had to submit an application for a European Investigation Order (EIO) to French counterparts. Evidence obtained by a "live intercept" of a phone call or other forms of communication while they are being made is not admissible in British courts. However, communications that are stored on devices such as already sent emails or text messages can be used as evidence here even if they were obtained by law enforcement hacking activities.

In the earlier case, which began last November, concerning different defendants charged with similar offences, and the current, ongoing one, the NCA argued the Encrochat messages that were being sent while Operation Venetic progressed were not "live intercepts" as they were stored on the sender's and the receiver's devices briefly before the investigators were able to view them.

This was accepted by the crown court judge, who rejected the defence application, and later the Court of Appeal.

It is the same crown court judge who is hearing the current case, which was adjourned.

Lawyers acting for the defendants who brought the first preparatory hearing, known as Sub Zero, tried to appeal the refusal to the Supreme Court, but, on Thursday at the Court of Appeal the Lord Chief

BLOCKED: The Lord Chief Justice said no to a Supreme Court hearing on Encrochat evidence (HMCTS)

Justice, the Lord Burnett of Maldon, refused to allow it to progress to the Supreme Court, saying the "appellant’s case was “obviously unarguable”, and “simply wrong” and expert evidence relied upon contained an “obvious error of language and analysis.”

However, just a day before news of the refusal broke, a defence barrister brought details of the Sky ECC hack to the attention of the crown court.

He said: "My Lord, this operation in the press document I have uploaded involved the Belgian, Dutch and French authorities in relation to the “Sky ECC network.

"Whether there were informal arrangements with other networks, we don’t know. The Sky Network was similar to the EncroChat network, and both services attracted attention from law enforcement.

"The (Sky ECC) case was opened at the end of 2018, and it follows that this was an operation that was in existence at the time when there was a meeting with various EU agencies in the present case.

"Particularly, the meeting in France with French and Dutch agencies.

"On this page, the description of the Sky service is similar to the EncroChat service.

"On the second page, at the second paragraph, we read that, in total, around one billion encrypted messages have been intercepted in the folder maintained by the Belgian police.

"Over half of these have been decrypted today. It’s clear that these are encrypted messages that are being intercepted and decrypted.

"Because Sky Network uses end-to-end encryption, it can only be that the messages were being extracted from these devices.

"This report suggests that there was an ability to decrypt encrypted messages whilst they were in transmission, which runs contrary to assertions put forward in this case.

"Bearing in mind this was an operation that was being carried out in 2018, it would be surprising if the NCA had no knowledge of it.

"If there is material that undermines the central proposition that there was no capability by the Dutch or Belgians that enabled them to decrypt end-to-end messages whilst in transmission, this undermines the factual basis, firstly, put forward in the sub-zero preparatory hearing, but it also undermines the central proposition in this hearing.

"We ask the prosecution to make enquiries and provide disclosure on this issue. If there is evidence that undermines their submission, we want that disclosure made before we cross examine.

"If it turns out there have been investigations with the NCA or other British agencies, and that involves the decryption of messages whilst in transmission, this is clearly disclosable and goes to the heart of the case."

The prosecution barrister said he needed to make enquiries with officers from the NCA.

He said: "My Lord, this press release was timed at 9.30 yesterday morning.

"It was not an issue that was susceptible to making enquiries of any officers. These are issues that involve overseas authorities, and it is an issue that, on very first blush, needs to be approached with care. This is not an issue I feel I can deal with on the hoof.

"We have started to identify whether the crown has any relevant information in relation to the issue raised.

"My assessment is that this process won’t be completed today in time so that we can provide any answers. Our only submission is, therefore, whether we can adjourn, so that we can make enquiries on this point. Everyone will, of course, be kept up to date with our enquiries."

It was also argued by the defence that documents that gave the view of a prominent CPS lawyer on the legality of the Encrochat investigation had not been disclosed during the sub-zero case.

He said: "My Lord, we had disclosure of two opinions from Lord Anderson QC for the CPS, which were related to the issue of whether or not the warrant was lawful, and whether it should have been a bulk interference or Targeted Equipment Interference (TEI).

"The first opinion casts doubt on the lawfulness of warrant.

"The second opinion was more positive. That material had not been disclosed before, it was not disclosed in sub-zero.

"It may be that we wish to pursue that by way of further disclosure requests.

"We may ask whether documents from the NCA remain privileged, this was an important issue in the sub-zero preparatory hearing."

Due to the lack of disclosures, the judge adjourned the case until later this week.


bottom of page