Cracking of encrypted messaging service dealt major blow to organised crime

The belief in encrypted message apps is a gold mine. In Brazil, the former president Lula has been convicted to jail. A hacker broke Telegram and got the messages that demonstrated a conspiracy between the judge and the prosecution: <a href="https:&#x2F;&#x2F;www.wired.com&#x2F;story&#x2F;brazil-hacker-bolsonaro-car-wash-leaks&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.wired.com&#x2F;story&#x2F;brazil-hacker-bolsonaro-car-wash...</a><p>The conviction prevented him to run for office (he was the favorite in the polls). Yesterday the ex-president got his political rights back and will probably be candidate in 2022 to try to defeat Bolsonaro.<p>Everything due to the hacker (And the journalist Glenn Greenwald of Snowden fame)

&gt;But critics say more than 90% of its customers are criminals.<p>They&#x27;re a bit thin on the details of exactly who those critics are, which makes that statement inadmissible other than for us to draw the inference that the critics are law enforcement agencies - or worse still, governments.<p>Don&#x27;t get me wrong, I&#x27;m not condoning the misuse of encrypted messaging, only pointing out the convenient straw man that&#x27;s been erected here to manipulate readers&#x27; emotions in order to short-circuit their ability to think critically about what&#x27;s ACTUALLY been done by the authorities.

I enjoyed this snark, but I wonder if they&#x27;re actually legally entitled to it.<p>&gt; Sky ECC promised a 5 million USD (€4.2 million) prize on its website, which is currently down, to anyone who could crack its encryption.<p>&gt; It is not yet clear if Belgian authorities plan to claim the reward.

&gt;It defended its services, stating they “strongly believe that privacy is a fundamental human right.”<p>&gt; But critics say more than 90% of its customers are criminals.<p>How do the critics know? This appears to be an attack on privacy. The implied idea is that personal communication for all should be published at least to law enforcement so law enforcement can do a better job of finding the baddies.

As a Belgian citizen (but not a criminal, as far as I know) I&#x27;m very interested to hear the HN community&#x27;s take on this. The local press is saying no encryption is safe for the police (anymore) and that it was Belgian law enforcement that was able to crack the encryption of the app the criminals were using.<p>I wonder if the press knows what it&#x27;s talking about.

Maybe I&#x27;m overconfident in the security of an up-to-date iOS device with a complex passcode, but I would have just used Signal if I was tasked with running the IT ops of some crime syndicate.<p>Turn of all cloudy functions, hell maybe use some kind of enterprise MDM to enforce polices on your subordinates.

Any technical info on how the app was compromised?<p>If I worked for the government and I wanted to break into an app, I&#x27;d simply send a letter to the app store saying &quot;Yeah you have to post this app update that contains code written by government hackers to leak the keys &#x2F; messages of (investigation targets | everyone). If you don&#x27;t, your executives &#x2F; employees will (be sent to jail | be kidnapped by black ops forces, shot, and buried in an unmarked grave). Ditto if you tell anyone about this letter.&quot;

I had just read about Dutch meth. That&#x27;s one thing I never thought I would hear about, Dutch meth. However, a Breaking Bad European spin off would be interesting.

If you visit the app&#x27;s website, you get this big popup.<p>-------------<p>Sky ECC platform remains secure and our authorized devices have not been hacked.<p>There have been recent news articles that claim Sky ECC has been hacked and is involved in criminal activity. This information is not accurate. We have looked into these claims and discovered that a small group of individuals illegally created and distributed an unauthorized version of Sky ECC which they modified and side-loaded onto unsecure devices. Security features that come standard with the Sky ECC phones were eliminated in these bogus devices.<p>Sky ECC considers these actions as malicious and we are taking legal action against these individuals for defamation and fraud.<p>We have also blocked these users from our system and enhanced security to prevent reoccurrence of this issue. The implementation of these enhancements temporarily interrupted our Sky ECC service which has now been re-established.<p>We continue to stand by our position and our product. We strongly support that people have the fundamental right to privacy. With the extensive and broadly documented rise worldwide of corporate espionage, cybercrime and malicious data breaches, systems like SKY ECC are the foundation of the effective functioning for many industries including legal professionals, public health providers and vaccine supply chains, celebrities, manufacturers and many more.<p>We believe that the individual right to privacy is paramount for those who are acting within the law and we do not condone the use of our product for criminal activity. We also have our Terms of Service that every user must adhere to and, provided that they do, our company will work feverishly to protect their rights with the world&#x27;s most secure platform.<p>------------<p>Thoughts?

Hmm, Sky ECC says they weren&#x27;t cracked but rather some users were tricked into using a faked version of it: <a href="https:&#x2F;&#x2F;finance.yahoo.com&#x2F;news&#x2F;sky-ecc-platform-remains-secure-044100200.html" rel="nofollow">https:&#x2F;&#x2F;finance.yahoo.com&#x2F;news&#x2F;sky-ecc-platform-remains-secu...</a>

&gt;Sky ECC promised a 5 million USD (€4.2 million) prize on its website, which is currently down, to anyone who could crack its encryption. &gt; &gt;It is not yet clear if Belgian authorities plan to claim the reward.<p>For the EncroChat takedown they didn&#x27;t crack the encryption. They instead flipped an employee who cooperated in the installation of a remote access Trojan on all the phones. Are they actually claiming they did something different here?

After Encrochat you&#x27;d think they would wise up, this is pretty much a re-run.

why would anyone use this over something like signal?

Bottom line is that, were I ever interested in double hush-hush activities, I&#x27;d use a one-time pad[1]. If it&#x27;s digital, you have little control.<p>[1] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;One-time_pad" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;One-time_pad</a>

&gt; Sky ECC promised a 5 million USD (€4.2 million) prize on its website, which is currently down, to anyone who could crack its encryption.<p>It is not yet clear if Belgian authorities plan to claim the reward<p>This tongue-in-cheek comment made me chuckle.<p>Anyway, Hail hydra. Another one will take its place soon enough.

I’m a little surprised they would choose to advertise the fact that they’ve been able to gain access to this traffic.<p>Surely disclosing that will just have driven the same users to other apps and they’ll have to start from scratch (and presumably get lucky again in the future)?

As Admiral Doenitz found out, never ever assume your encryption is unbreakable.<p>I&#x27;d have used one-time pads in conjunction with Enigma.

17 tonnes of cocaine - thats a crazy amount.

Change my mind on this, but in countries with freedom of speech, the only reason to have this much &#x27;privacy&#x27; is if you&#x27;re doing something shady. Again, looking for a conversation here. edit: By &#x27;this much&#x27; I mean going extreme lengths to secure privacy, the online equivalent of using a numbered swiss bank account. Nice discussion so far, thoroughly enjoying it. I don&#x27;t mind the dislikes, if that makes your day better, dislike away.