| |

It's goodbye from EncroChat. But it's not goodnight.

FCRO Subsection: 
Nigel Morris-Cotterill

So, your EncroChat phone is dead. It's the the end of the world, though. While the UK's National Crime Agency and other law enforcement bodies around the world were able to attack the EncroChat system, disable its web presence and take control of its servers, and to make an extraordinary number of arrests and spectacular seizures of portable assets, the tech that the criminals relied on wasn't particularly clever and while it may have been proprietary, it was not unique. In the UK, the same mobile phone number is used by some selling both EncroChat and a rival system. Private bankers, lawyers and others have a problem that has, so far, not been talked about in the excitement of the initial arrests.

There are far too many encrypted messaging systems to count and many more that are not encrypted. Some are hosted and some are self-hosted. Some are hosted in "privacy" jurisdictions by companies registered in a similar jurisdiction. Some host there but have a footprint in, for example, the USA which heavily compromises security.

To visit the the domain names in this post, remove the spaces before the dots.

"Any U.S. citizen or resident, as well as any business or organisation, including federal, state, and local government with a bona fide presence in the United States can register a .US domain name." (about .us). Well, that doesn't work if you book via the registration service NameCheap which is one of several that criminals appear to favour. https://www.whois. com/whois/encrochat. us

The Encrochat. us website says

"An EncroChat device can not be brute forced to mount the encrypted data partition. We generate an RSA public/private keypair with which the public key portion is combined with your disk encryption passphrase. Without the private key, which is in a hardware backed keystore, you can't mount the encrypted data partition."

That sounded so good ten days ago.

Psst - want to buy an encrypted phone for EncroChat?

Well, sorry - you can't, at least not through the ad below which appeared in the UK edition of Gumtree.

There are several things that draw attention. The first is the cost - GBP1250 for six months' service. The second is that there really isn't anything particularly special about the phone. When early reports of the raid on EncroChat appeared the term "modified" phone was bandied about. But that modification, while proprietary, isn't unique.

It will take readers a matter of minutes to find ways of achieving similar privacy on their own phones including hacked (in a good way) Android to de-Google it (an increasingly popular thing to do). There are plenty of "hardened" handsets on the market.

It's not hard to create a secure messaging server: there are several on the market. Take Google or Apple and geo-location out of the system and there's not much chance that the server would be identified.

Except in one way - if an ISP is monitoring traffic and sees a lot of connections to a specific IP address, that might raise eyebrows. But unless they are watching for that IP address in particular, there is next to no chance that the traffic from lots of phones is going to raise eyebrows. Even so, if the device is set to call to random servers that forward traffic - virtual private networks - then even that risk is reduced even further.

Ultimately, it's like looking for one grain of rice that's gone off in a lorry-load of rice. The criminals weren't clever - they just knew that there is safety in numbers. Until that one grain is found and then those that it has tainted become targets too.

EncroChat Encrypted PGP Smartphone £1350 (Carbon Edition)

This ad has Ended


120 days ago




Guarantee Anonymity- No way to associate device or SIM card to customer account.

Advanced Off-The-Record (OTR) Protocol

Messages that Self-Destruct- With our advanced burn, a user can force wipe their own messages from another user's device using a timer countdown.

Latest Group Chat- Disable camera and mic from the flick of switch-

Panic & Password Wipe- From the lock screen a user can type in a Panic PIN and instantly wipe the device's data. An additional security feature wipes all the data from the device after a set number of incorrect password attempts.

Encro Talk- Encrypts all Voice over IP (VoIP) conversations using the ZRTP protocol and transmits them over a closed loop network.

Industry Leading Hardware- Specially tailored to harden security. Removal of camera, microphone, GPS, and USB data port access.

Hacker Proof- We challenge any hacker to come forward to try and hack this secure encrypted phone.

Secure Boot- Upon boot, the device internally checks itself to ensure no one has tampered with the system files..

Customized Android Platform- Fully encrypted from power on. Focus on security and privacy. Simplified user settings, Two distinctive Operating Systems packaged with each device.

The Advantages of EncroChat- EncroChat streamlines and simplifies the complexities of the encryption process. This prevents the user from mistakenly exposing themselves. From the initial power on, EncroChat data, whether at rest or in transit, is always encrypted.

All clients negotiate keys directly with each other's devices. Our servers never store conversations, create, store or decrypt keys.


PLEASE CALL - 0775-932-7569

Ad ID: 1249463466

But if you want EncroChat style services, all is not lost. This is for Apple's iPhone, in addition to Android.

It took moments to find this:

23 days ago




Call or what’s app us for more details
This price is for 6 months subscription.

Worldwide service.

Very secure ECC encryption protocol.

Self destruct timer on messages sent and received.

Duress password, were it will wipe the phone on entering this code.

24h support on the sky ecc network.

Option for group chat with friends.

Can send pictures and voice notes over ECC sky app.

Option to make your own keys and passwords.

Price is £1400 for the 6 months service

Any questions please message or call


Ad ID: 1203555674

Presumption of Guilt

The scale of the success of the raid on EncroChat and its users and raises the spectre that customers and clients that use encrypted messaging on mobile phones are, perforce, engaged in criminal, or at least suspicious, transactions. It also leads to the risk of guilt by association.

If, for example, private bankers or family offices, communicate with their clients by such systems, should those bankers be put on notice of potentially higher risk?

The fall-out from the investigation has only just begun. Primary offenders have been arrested. When desks have been cleared of those, the next phase will be to investigate their bankers, lawyers, estate agents, accountants. The Panama Papers delivered a huge amount of data but it did not establish immediate criminal activity: there was room for manoeuvre. This time, those involved are tied directly, by their own communications, to their criminal activity.