Global police sting targets users of organised crime app
Sydney: A 32-year-old "computer geek" from Australia has been arrested on suspicion of being the mastermind behind an encrypted messaging app used by criminals worldwide to facilitate drug deals and order killings, local police said Wednesday.
Australian Federal Police said the app - known as Ghost - was marketed as "unhackable" and was used by hundreds of suspected criminals from Italy, the Middle East and Asia.
But, unbeknownst to users, global policing authorities had hacked the network and were watching as the criminals discussed trafficking illicit drugs, money laundering, homicides and serious violence.
Authorities finally made their move on Tuesday and Wednesday, arresting criminals from Italy, Ireland, Sweden, Canada and Australia - including the 32-year-old "mastermind" of the app.
Europol executive director Catherine De Bolle said law enforcement from nine countries had been involved in the international sting.
"Today we have made it clear that no matter how hidden criminal networks think they are, they can't evade our collective effort," she said.
The policing agency is expected to provide an update on the matter on Wednesday.
The Ghost app - a kind of WhatsApp for criminals - was created nine years ago and could only be accessed via modified smartphones that sold for about Aus$2,350 (US$1,590).
The hefty price tag included a six-month subscription to the Ghost app and tech support, Australian police said Wednesday, and users were required to purchase an ongoing subscription.
French Gendarmerie traced the creator's location to Australia and joined forces with local police to target the platform.
The app's creator regularly pushed out software updates - just like the ones needed for a mobile phone - but in 2022, Australian police were able to modify those updates and access the content on devices.
For two years, authorities watched as Ghost became more popular and criminals exchanged messages - including 50 threats of life which Australian police said they were able to thwart.
In one case, police intercepted an image of someone with a gun to their head and were able to save that person within the hour, Australian Federal Police assistant commissioner Kirsty Schofield said.
Australian Federal Police deputy commissioner Ian McCartney said Wednesday it was "a particularly serious challenge" for law enforcement to get access to encrypted messages.
"Yes we have had success, but I think the threat and the challenge still continues," he said.
There were 376 phones with the Ghost app installed in Australia.
Element of 'surprise'
McCartney said the 32-year-old app creator from New South Wales lived at home with his parents and did not have a criminal history.
The "computer geek" was driven by profit and was "slightly surprised" when police arrested him Tuesday, McCartney said.
Schofield added that police had to act quickly given the man had the ability to "wipe the communications on the system".
"So it's very important that we could enter that house quickly and our tactical teams were able to secure him and the devices within 30 seconds of entry," she said.
The 32-year-old man was arrested on Tuesday and charged with five offences, including supporting a criminal organisation which carries up to three years imprisonment.
Another 38 people have been arrested across Australia.
The operation, coordinated by the European Union's police agency Europol, is the latest in a string of takedowns of chat apps that have led to hundreds of criminal prosecutions.
What is Ghost?
The market for encrypted chat apps is booming, with WhatsApp being the most widely known and popular service.
These apps encrypt messages to prevent outsiders reading private chats, and are not illegal.
But several features of the Ghost service, which first landed on the scene in 2021, made it much more appealing to criminals, according to Europol.
Users would buy a customised phone rather than simply downloading an app from a provider online.
The police agency said in a statement that Ghost was effectively its own ecosystem "with a network of resellers based in several countries".
Users could get Ghost without giving any personal information or an existing phone number, making it 100 percent anonymous, Europol said.
The service employed three separate encryption standards and users could remotely "self-destruct" all messages and reset the phone remotely if, for example, it were seized by the authorities.
Europol said Ghost used servers "hidden away" in Iceland and France, its founder was in Australia, and the money trail led to the United States.
Who used it?
According to the police, Ghost was used pretty much exclusively by criminals.
"Across many months, and indeed hundreds of thousands of intercepted modes of communication, we've no evidence to suggest this was used by anyone other than criminal enterprises," said Assistant Commissioner David McLean from the Australian Federal Police.
Europol said the app had several thousand users worldwide with around 1,000 messages being exchanged each day.
Jean-Philippe Lecouffe, Europol deputy executive director, said the operation had taken down "a tool that was a lifeline for serious and organised crime".
"This tool enabled drug trafficking, weapons dealing, extreme violence and money laundering on an industrial scale," he said.
So far, 51 people have been arrested in connection with the operation, most of them in Australia.
Has this happened before?
Several other major apps have been taken down in similar operations in recent years.
EncroChat was a service reputedly used almost exclusively by criminals and like Ghost came with specially altered phones.
When it was taken down, police said criminals moved over to Sky ECC, which was then dismantled.
Three years ago another service, ANOM, was taken offline and hundreds were arrested.
But the twist in the tail was that ANOM had been set up and run by the FBI from the start.
Police said in a news conference Tuesday that Ghost was not as big or as widely used as these other services and that the landscape for encrypted apps had become "fragmented".
"For us, the size is not the main thing," said Lecouffe.
"Sometimes the smaller networks get the most important criminals and most interesting information."
Why was Ghost taken down?
WhatsApp, Signal and Telegram are part of a crowded field of apps marketing themselves on the privacy of their chats.
Although their services are legal, some of the content is not.
The founder of Telegram, which offers some encrypted services though is not private by default, was arrested recently in France for allowing criminal content on his platform.
The big difference is that the vast majority of users of these apps are presumably not criminals, whereas Ghost's purpose appears to have been to enable private chats among criminals.
But during Tuesday's news conference Lecouffe sent a message to all encrypted services, saying access to messages between criminals was the "lifeblood" of investigators.
He said the police were committed to "building a system that respects privacy while upholding justice".
But private companies had "the responsibility to ensure their platforms are not becoming playgrounds for criminals".