Can law enforcement develop and run malware? Can they use malware for monitoring?
Encrochat was a company that offered customized phones that sent end-to-end encrypted messages to each other. Encrochat used a basic Android device. It was installing its own software and removing it of course mode GPS, microphone and camera to further lock the devices.
Encrochat phones had the ability to delete in case of emergency, where if a user entered a specific PIN he deleted all the data stored on the device. The devices also ran two operating systems sitting side by side. One that seemed innocent and another that contained the most sensitive user communications.
Motherboard reports that an Encrochat spokesperson said the company was legal with customers in 140 countries and wanted to "provide the best technology on the market for a reliable and secure service for any organization or individual looking to protect information of."
The company had tens of thousands of users worldwide but decided to shut down after the discovery of the violation of its network by the Authorities.
The malware was developed and deployed by the French authorities, en masse on Encrochat devices, and had the ability to collect "all the data stored on the device". That is, messages, geolocation data, usernames, codeς accessand more, according to a document obtained by Motherboard.
Organized crime groups across Europe and the rest of the world used the network before it was seized, in many cases to facilitate trading large quantities of drugs. The operation is one of the largest mass hacking operations by law enforcement to date. Authorities obtained more than one hundred million encrypted messages.
“The NCA has been working with the Gendarmerie on Encrochat for over 18 months as the servers are hosted in France. The ultimate goal of this cooperations was to identify and exploit any vulnerability in the service to obtain content," the document says, both at the UK's National Crime Agency and one of France's national police forces.
In addition to location, chat messages, and passwords, Authority malware asked Encrochat infected devices to provide a list of WiFi access points near the device.
"This command from the implant resulted in us receiving MAC addresses which is the unique number assigned to each Wi-Fi access point and the SSID given to that access point." he says The document.
After the closure of Encrochat the authorities arrested a British killer who killed a leader of a criminal organization and an armed robber, as well as various gangs throughout Europe, including those who used the so-called "so-called"torture chambers“. However, some of the users they were legal.
The French authorities said at the time of the closure of Encrochat that they had the legal power to develop the malware and run the mass hack, which they described as a "technical tool".