Someone in control of an email address long associated with Encrochat, a company that sells custom encrypted phones often used by organized criminals, tells Motherboard the company is shutting down after a law enforcement hacking operation against its customers.
The news comes as law enforcement agencies have arrested multiple criminal users of Encrochat across Europe in what appears to be a large scale, coordinated operation against the phone network and its users.
"We have been forced to make the difficult decision to shut down our service and our business permanently," the person wrote in an email to Motherboard. "This [sic] following several attacks carried out by a foreign organization that seems to originate in the UK." The email address has been linked to Encrochat for years, but Motherboard could not confirm the identity of the person currently using the account.
Motherboard also separately obtained screenshots of text messages sent over the past week of alleged Encrochat users discussing a wave of arrests associated with the Encrochat takeover.
Do you know anything else about Encrochat? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
Encrochat is part of the encrypted phone industry, which sells devices pre-loaded with private messaging apps, sometimes have the GPS or camera functionality physically removed, and can be remotely wiped by the user. The phones can typically only communicate with other devices sold by the same company, and often cost thousands of dollars per year to buy. Some companies in this space especially cater to criminal customers, and law enforcement agencies have increasingly targeted the industry. Encrochat's users included a British hitman who assassinated another crime figure, and drug gangs in England and Ireland.
Last week, Encrochat users received a text message warning that law enforcement had taken over part of the company's infrastructure and launched a hacking attack against devices. In the days since, local outlet The Irish News reported court cases based on evidence obtained from hacking Encrochat devices, and a wave of arrests after the Encrochat compromise. Tabloid paper Sunday World cited European sources saying that Europol, Europe's law enforcement agency, and other organizations had breached the Encrochat network.
In the wake of that takeover, the person in control of the Encrochat email address told Motherboard, "We fully understand the inconvenience and frustration this decision has caused our customers. Our main priority has always been our customers integrity and security, and when we no longer can guarantee that, we have no other choice than to shut down the service even if it destroys our business."
The person added that in May, they received a number of tech support issues around Encrochat phones not wiping correctly. In June, they found one of Encrochat's "X2" devices with this issue and "discovered malware installed on the device." The malware was designed to conceal itself from detection, disable the phone's factory reset, record the screen lock password, and clone application data, the person added.
The person said they pushed out an update to the X2 models. But almost immediately after that patch, they noticed another attack, and sent the text message to users warning them, including advising customers to dispose of their Encrochat devices.
Europol previously told Motherboard it would not comment around "ongoing operations." The UK's National Crime Agency has repeatedly not responded to requests for comment.
"Encros finished," a source in the encrypted phone industry previously told Motherboard, referring to Encrochat.
Subscribe to our cybersecurity podcast, CYBER.