SKY ECC HACK: Second encryption system 'hacked' claim police but firm says no phones breached
UK EXCLUSIVE: A SECOND encrypted mobile phone communication has been hacked into in Europe, leading to 17 tonnes of cocaine being seized and hundreds of arrests expected to follow, police in Belgium claimed.
Dutch and Belgian investigator said today (Tuesday), at a press conference following a series of raids across Belgium, investigators had hacked into the Sky ECC system at the end of last year, Belgian publication De Standaard reported.
Sky ECC has boasted that its encryption could not be breached in the same way as the Encrochat system, which was breached by French and Dutch investigators in April 2020, leading to thousands of arrests across Europe, including hundreds in the UK.
Sky ECC also vehemently insists it was not set up to appeal to criminal users, and is instead for privacy and anti-hacking reasons.
However, underworld sources said that many people involved in organised crime had migrated to the platform following the closure of Encrochat after details of the hack emerged last summer.
Hundreds of police officers carried out raids and arrests across Belgium this morning under the coordination of the federal prosecutor's office and the Antwerp federal police. Alleged Sky ECC users arrested included at least one Antwerp criminal lawyer and a trainee lawyer, according to De Standaard.
Today, there were 48 suspects arrested, while €1.2 million cash and 17 tonnes of cocaine were seized.
Diamonds, jewellery, luxury vehicles, police uniforms and weapons were also seized. Belgian investigators said since late last year significant numbers of encrypted Sky ECC messages were intercepted with half of them already decrypted.
Sky ECC did not produce its own phones, but is an expensive app (£2,400 a year) that users can install on customised iPhone, Blackberry or Google phones often with no GPS, camera or microphone.
The messages are automatically deleted after thirty seconds and a user can use a 'panic' password to delete the entire contents of the device. Sky ECC had boasted on its website that "A hack like the other providers is impossible with us." It had also promised 5 million US dollars to anyone who could crack its encryption. It is believed there are Sky ECC users in the UK, but it is not known if the British National Crime Agency (NCA) has been given access to any messages of UK users, as it was in the case of the Encrochat hack. In an interview with Vice.com published last month, a 28-year-old drug dealer, said to be six years into a 14-year jail term for running a heroin and cocaine supply operation from his home in the north of England, claimed to be still making £30,000 a month from his cell by arranging deals on a Sky ECC phone. Following the Encrochat hack fears were raised that any form of encrypted device could be hacked by law enforcement investigators if they believed "criminals" may be using the platform, leading to major privacy fears due to the popularity other other encrypted systems such as Whatsapp, Signal, Wickr and others. Claims of a Sky ECC hack will only increase these concerns. In the UK, many prosecutions of alleged Encrochat users have begun, but several have been set back by legal challenges over the fact "live messages" were intercepted and these should not be admissible in British courts. One case has been applied to the Supreme Court, with an outcome awaited, after the Court of Appeal said the evidence was admissible. There has also been a major backlash from the loved ones of suspects and defendants amid claims hundreds of people have been remanded in custody on the basis of message evidence alone.
Sky ECC issued a statement on its website yesterday denying that any of its phones had been compromised, amid claims a "fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices."
The statement said: "On March 8, 2021, SKY ECC received notification of several articles published in Belgium and the Netherlands alleging that Belgian and/or Dutch authorities have cracked or hacked SKY ECC encrypted communication software. SKY ECC maintains, after thorough investigation, that all such allegations are false.
"SKY ECC authorized distributors in Belgium and the Netherlands brought to our attention that a fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices, and security features of authorized SKY ECC phones were eliminated in these bogus devices which were then sold through unauthorized channels.
"SKY ECC has not been contacted by any investigative authority.
"SKY ECC did not authorize or cooperate with the investigative authorities or those involved with the distribution of the fake phishing application.
"These actions are malicious and SKY ECC is actively investigating and pursuing legal action against the offending individuals for impersonation, false lights, trademark infringement, injurious falsehood, defamation, and fraud."
SKY ECC added that it "firmly denies" any allegation that it is the “platform of choice for criminals” and has a strict zero-tolerance policy that prohibits any criminal activity on its platforms.
Jean-François Eap, CEO of SKY ECC, said: "SKY ECC believes that the individual right to privacy is paramount for anyone acting within the law.
“The platform exists for the prevention of identity theft and hacking, the protection of personal privacy rights, and the secure operation of legitimate personal and business affairs. With the global rise of corporate espionage, cybercrime and malicious data breaches, privacy and protection of information is the foundation of the effective functioning for many industries including legal, public health, vaccine supply chains, manufacturers, celebrities and many more.”