Dismantling global cybercrime

Welcome to the new 140 cyber warriors who joined us last week. Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.

Keep up with our weekly newsletters on LinkedIn — subscribe here.

We send you cybersecurity news, research, and inspiration every week. Learn from the global Black Hat MEA community. 

This week we’re focused on…

What it takes to disrupt criminal activity on encrypted communications platforms. 

Why? 

Because in September 2024, Reuters reported that an international law enforcement operation had dismantled Ghost – an encrypted communication platform known for use by large-scale organised crime groups. 

What is (or was) Ghost?

Like many encrypted messaging apps, Ghost was distributed on modified mobile handsets by device resellers. Along with three encryption standards, it included an option to send a message followed by a specific code, which would cause the self-destruction of all messages on the target phone.

These security features were key to its popularity among crime groups, enabling threat actors to evade detection and coordinate operations across borders. And users could purchase it without having to disclose any personal information. 

In use since 2015, it had servers in France and Iceland, while its owners were located in Australia, and financial assets were held in the USA. 

Details from Europol

Europol revealed that 51 suspects from a number of different countries had been arrested as a result of the investigation, and more arrests are expected. 

Speaking to journalists (as reported by Reuters), Jean-Philippe Lecouffe (Deputy Executive Director of Europol) said: 

“This was truly a global game of cat and mouse, and today, the game is up.”

The outcomes of the end of this game include the seizure of criminal resources around the world, as well as protecting lives that were under threat by crime groups using Ghost. 

Catherine de Bolle (Executive Director of Europol) said that Ghost was “a lifeline for serious organised crime.” 

An operation spanning two-and-a-half years 

Stories like this appear in the news seemingly overnight – but behind them are years of intensive work and co-operation by a complex international team. 

In March 2022, Europol established an Operational Taskforce (OTF) to investigate the activities that were being facilitated by Ghost – involving authorities from countries including (but not limited to) Australia, France, Italy, Sweden, and the US. 

Sharing information between authorities has been critical to mapping a technical infrastructure that spans the globe, and identifying the key suppliers and users that were engaging in criminal usage. 

From this, a Joint Investigation Team was established between countries to enable further collaboration. And over the course of the last two-and-a-half years, experts have been deployed to Iceland, Ireland, and Australia. 

What does Ghost tell us about encrypted communication infrastructure around the world?

Encrypted communication tools are a part of our everyday lives. But as well as offering secure communications for individuals and legitimate businesses, they provide threat actors with enhanced anonymity that makes it difficult for authorities to identify who users are, or intercept malicious messages. 

Using secure encryption, criminals can exchange information about illegal activities – and they can do this on a global scale, coordinating operations across countries. Self-destructing messages make it possible to erase evidence of criminal organisation, and encrypted comms on dark web marketplaces enable illegal financial transactions too. 

But as a result of targeted actions by law enforcement bodies, the encrypted communication landscape has – as Europol put it – become increasingly fragmented: “Following these operations, numerous once-popular encrypted services have been shut down or disrupted, leading to a splintering of the market.” 

This does not, of course, mean that threat actors will give up. Instead, they’re turning to lesser-known, or even custom-built tools; and some are utilising popular communication apps to diversify the ways in which they exchange information, and make it harder to pin organised groups down. 

In short: it’s a fast-paced landscape that poses a real threat to both online and offline security.

Join the conversation 

Are popular encrypted communication platforms doing enough to maintain safety and minimise criminal use? Open this newsletter on LinkedIn and share your perspective in the comment section. 

We’ll see you there. 

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 09 October 2024.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.