Global police sting topples 'Ghost' criminal messaging app
September 18, 2024Australian and international police on Wednesday announced that they had infiltrated and dismantled an encrypted communications platform that they say was tailored specifically to criminals.
Criminal gangs worldwide used the platform called "Ghost" and its encryption techniques for major drug trafficking, money laundering and serious violent crimes, European multinational policing agency Europol announced in The Hague.
The sting, which included monitoring the supposedly private messages for months and intervening to prevent some planned violent crimes, has led to 51 arrests so far, 38 of them in Australia, with more expected to follow, Europol said.
"Today we have made it clear that no matter how hidden criminal networks think they are, they can't evade our collective effort," Europol's Executive Director Catherine De Bolle said, thanking "all our global partners who played a vital role in making this operation a success."
The servers of Ghost were found in France and Iceland, the owners of the company were discovered in Australia, and financial resources were uncovered in the US.
"We allege hundreds of criminals including Italian organized crime, motorcycle gang members, Middle Eastern organized crime and Korean organized crime have used Ghost in Australia and overseas to import illicit drugs and order killings," Australian Federal Police Deputy Commissioner Ian McCartney told reporters on Wednesday.
Main suspect in his 30s, with no prior record
The alleged creator of the network itself is a 32-year-old Australian citizen from New South Wales who still lives with his parents and has no prior convictions.
He was arrested a day earlier and is charged with "creating and administering Ghost, a dedicated encrypted communication platform, which the [Australian Federal Police] alleges was built solely for the criminal underworld," the Australian Federal Police said. The man launched the platform in 2017.
He appeared in a court in Sydney on Wednesday but did not enter a plea or a bid for bail pending trial, so he will remain in detention until the case returns to court in November.
Modified smartphones sold as part of package
Ghost users didn't just buy or acquire software, but rather specially modified hardware for use with the plaform.
Australian police say that users purchased modified smartphones for 2,350 Australian dollars (roughly US $1,590 or €1,430) complete with a six-month subscription to Ghost and tech support, with users then required to purchase an ongoing subscription.
These were sold via a network of resellers around the world to offer specialized handsets to criminals that were touted as "unhackable," given that it offered three separate encryption standards and also allowed for the remote, automatic deletion of all messages on a phone, for example if it was lost or seized by authorities.
Europol estimates that several thousand people around the world use Ghost, with around 1,000 messages exchanged on it daily. In Australia alone, 376 phones with the software were found.
Law enforcement infiltrated the network in 2022, when it found a back door
However, despite the messaging platforrm's supposed security, police were able to hijack the encrypted messaging service and monitor it, fairly soon after investigations began in the spring of 2022.
Australian Federal Police Deputy Commissioner Ian McCartney said France had "provided a foot in the door" for Australian police to decrypt and infiltrate Ghost's network during one of its regular updates.
"In effect, we infected the devices, enabling us to access the content on Australian devices," McCartney said.
Assistant Commissioner Kirsty Schofield said that Australian police had prevented 50 people from being killed, kidnapped or seriously hurt by monitoring threats among 125,000 messages and 120 video calls since March.
"Across many months, and indeed hundreds of thousands of intercepted modes of communication, we've no evidence to suggest this was used by anyone other than criminal enterprises," McCartney said.
Europol's Deputy Executive Director Jean-Philippe Lecouffe said the operation had taken down "a tool that was a lifeline for serious and organized crime."
A drug lab in Australia was also located and dismantled, while weapons, drugs and over €1 million in cash has been seized globallly so far, Europol said.
Operations across 9 different countries
Besides Europol, the operation involved law enforcement agencies from Australia, Canada, France, Iceland, Ireland, Italy, the Netherlands, Sweden and the US.
Ghost becomes the latest of several encrypted commuications platforms either tailored to or favored by criminals to be shut down in recent years.
In June 2020, the now-defunct Encrochat service met its end. Police said criminals soon migrated to another service, Sky ECC, which shut down in 2021 as the FBI seized its website.
Another popular service, known as ANOM, was the subject of a major sting operation a little later in 2021. In that case, however, the program had been a compromised FBI-led sting operation from the outset, with the FBI calling the operation "Trojan Shield."
msh/jcg (AFP, AP, dpa, Reuters)