Emails Show Shadow Structure Behind Encrochat

Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

Encrypted phone company Encrochat, which law enforcement hacked last year, used a shell company in Panama and an international bank account to transfer funds, according to emails sent by one of Encrochat’s co-owners obtained by Motherboard.

The emails and other information obtained from a business associate that worked with Encrochat give more insight into the inner workings of the firm, which closed itself down and whose operators went dark after the large scale law enforcement operation and wide ranging arrests of criminal users. Authorities have arrested hundreds of suspected drug traffickers, weapons smugglers, and murderers in the wake of the hack which obtained the contents of users’ messages. Previously very little has been reported regarding Encrochat’s owners or how the company operated on a corporate level, either in media reports or from releases by law enforcement.

Did you work for Encrochat? Do you have any more documents related to Encrochat arrests? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

At least one incorporation of Encrochat is based in Panama, according to corporate records available online. The company includes agents, representatives, and directors who also hold roles at hundreds or thousands of other companies, suggesting they are frontmen instead of the legitimate owners. Arias B. & Associates, a law firm that provides services to companies seeking incorporation, previously told Bloomberg it terminated its relationship with Encrochat in 2017 after it could no longer locate the company’s owner.

One of the emails obtained by Motherboard shows the Encrochat co-owner sending details of the company to their business associate, showing who is really behind the Panama-based company.

Advertisement

The co-owner also emailed details of a bank account in Luxembourg to conduct Encrochat related business, according to a copy of the email and the associate. At some point, the co-owner ditched bank accounts in Canada, where Encrochat was doing business, the associate said.

“He was professional, understood his product. Dressed appropriately. Nothing seemed out of the ordinary,” the associate said of an Encrochat co-owner.

“I do believe [the co-owner] was a business person,” the associate told Motherboard. Motherboard granted them anonymity to protect them from retaliation. “I think he got into business with the wrong people and they strong armed him somehow. But maybe I’m giving him too much credit,” they added.

The emails do name one of the co-owners of Encrochat. Motherboard is not publishing their name due to the threats they may face from disgruntled former customers, many of whom have now been arrested or had their serious criminal enterprises upended by the hack. 

The co-owner did not respond to a request for comment.

“I think he got into business with the wrong people and they strong armed him somehow. But maybe I’m giving him too much credit.”

Encrochat offered clients dedicated Android devices that came preloaded with the company’s operating system and own apps, including one for sending end-to-end encrypted text messages. 

Encrochat, like some other encrypted phone companies, was heavily but not exclusively used by the criminal underground. After identifying a way to push malware onto Encrochat devices around the world using the phones’ update mechanism, French authorities gathered text messages, geolocation data, and other information from the phones, according to law enforcement files obtained by Motherboard. Encrochat had tens of thousands of users. In all, authorities gathered a hundred million messages and then distributed those to other law enforcement agencies. Someone in control of an Encrochat affiliated email address previously characterized the company as a legitimate firm in an email to Motherboard.

In a message sent to Encrochat devices shortly after the hack, Encrochat’s owners warned users of the law enforcement takeover, and said government entities “illegally” seized its domain.

In a press release announcing the operation, French authorities wrote “any person presenting themselves as manager, representative or administrator of the companies at the origin of this service have been invited to make themselves known and to present their arguments to the gendarmerie [law enforcement] services at the following address.”

French prosecutors did not respond to a request for comment sent Friday asking if they were unaware of the identity of Encrochat’s owners.

Subscribe to our cybersecurity podcast CYBER, here.

READ MORE HERE