Belgian Police Say They Decrypted Half a Billion ‘Sky’ Messages, Arrested 48 People

Sky ECC is a popular, custom encrypted phone with organized crime. Now police say their operation against the company’s users is wider in scope than previously reported.
March 10, 2021, 2:55pm
Antwerp dock
Image: ARIS OIKONOMOU/AFP via Getty Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The Belgian Federal Police say authorities have decrypted around half a billion messages sent by users of Sky ECC, an encrypted phone company heavily used by criminals, the agency announced in a press release on Wednesday.

The news provides more information on the contours of an operation against Sky. On Tuesday, Belgian media reported a spike in law enforcement activity and that tens of thousands of Sky messages had been read in real-time. Sky then claimed to Motherboard it believed the source was a rogue version of its app installed on unauthorized devices and then sold to customers. But the newly released police figures suggest the operation was larger in scope.

Advertisement

"In total, around 1 billion encrypted messages have been intercepted in this folder, nearly half of which have been decrypted to date," the announcement reads, detailing the investigation into Sky. It adds investigators read decrypted messages "live" for around 3 weeks.

Do you work for Sky? Do you have documents related to these arrests or the company? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Sky is part of the encrypted phone industry, where companies take stock devices, make physical alterations such as removing the microphone and GPS functionality, and installing their own encrypted messaging applications. Many of the companies' customers include serious organized criminals, such as hitmen, drug traffickers, and weapon smugglers. Resellers based in different countries or regions typically sell devices on behalf of the main company.

"Around the world, there are approximately 171,000 SKY ECC telephones in service; mainly in Europe, North America, some Central and Latin American countries (mainly Colombia) and the Middle East. Each month, around 70,000 of these phones actively communicate on the SKY ECC network," the police release reads, adding that a large concentration, around a quarter of active users, are in Belgium and the Netherlands. Specifically, half of those are used in Antwerp, Belgium's bustling port city.

Advertisement

"Given that the services provided by the organization seem to be almost exclusively criminal in nature, the federal prosecutor's office decided at the end of 2018 to open an investigation against SKY ECC and against the people who make these phones available to the criminal community," the release added.

Authorities have arrested 48 people in the wake of obtaining these messages, the announcement adds.

"More than 1.2 million euros, 15 prohibited weapons, including six firearms, eight luxury vehicles, three machines used to count money, police uniforms and GPS beacons were also seized today," it reads.

The release does not say how exactly authorities managed to obtain Sky message content, but reads "The collaboration with the Netherlands made it possible to pool our experiences and expertise in the decryption of encrypted messages."

Whereas law enforcement have previously obtained message content from similar companies either by hacking into users' devices or leveraging an issue with how the messages were encrypted in the first place, Sky claims someone created a fake version of its messaging app, installed that onto phones, and then sold those phones through "unauthorized channels," a representative for the company told Motherboard on Tuesday.

"SKY ECC authorized distributors in Belgium and the Netherlands brought to our attention that a fake phishing application falsely branded as SKY ECC was illegally created, modified and side-loaded onto unsecure devices, and security features of authorized SKY ECC phones were eliminated in these bogus devices which were then sold through unauthorized channels," Sky told Motherboard in a statement. Motherboard has not been able to verify Sky's claims.

In its statement, Sky added that it "firmly denies any allegation that it is the 'platform of choice for criminals.'"

When asked about the police's newly released and much larger figures, a Sky representative told Motherboard on Wednesday that "Those stated figures were already in consideration when we released our press release."

Subscribe to our cybersecurity podcast CYBER, here.