Company:Shutdown of Sky ECC

From HandWiki
Short description: Encrypted mobile communications network

In a series of police raids against criminal organizations in several countries in early 2021, a part of Sky's infrastructure in Western Europe was dismantled, and US Department of Justice issued an arrest warrant against the company's CEO Jean-François Eap.[1][2][3][4] On March 19, 2021, the company apparently shut down the operations after BlackBerry, Inc. cut it off from its services. Its website has been seized by the FBI.[5]

Background

Sky Global
FateShut down by authorities
Founded2008[6]
FounderJean-François Eap
DefunctMarch 19, 2021 (2021-03-19)
Headquarters
Vancouver
,
Canada
ProductsSecure mobile phones, apps
Websitehttps://www.skyglobal.com

Sky Global was a communications network and service provider based in Vancouver , Canada. Its most notable products were secure messaging application Sky ECC and secure phones. A significant share of users of its systems were international crime organizations involved in drug trafficking, and the company management was suspected of collusion.

Sky ECC

Sky ECC was a subscription-based end-to-end encrypted messaging application.[7] Originally developed for the BlackBerry platform, it uses elliptic-curve cryptography (ECC) for encryption. One of its features was "self-destruction" of messages after a user-defined expiration period.[8]

Phones

The company modified Nokia, Google, Apple and BlackBerry phones.[5] Phones supplied by the company had cameras, microphones and GPS disabled.[1] Messages were encrypted and were automatically deleted after thirty seconds.[1][2] If a phone was not contactable by the network, the message would be retained for up to 48 hours, then deleted.[6]

The phones had a kill switch: if a user entered a "panic" password, the device would delete its contents.[1] The company website offered a US$4 million (€3.2 million Euro) prize to anyone who could break the encryption within 90 days.[1][2][6] They support Android, BlackBerry and iPhone apps.[6]

Messages are stored using 512-bit elliptic-curve cryptography and network connections are protected by 2048 bit SSL.[6]

171,000 SKY ECC devices were registered, mainly in Europe, North America, several central and South American countries – mainly Colombia – and the Middle East. A quarter of active users were in Belgium (6,000) and the Netherlands (12,000), and half of those were said to be in use around the port of Antwerp.[9]

Raids

On 9 March 2021 around 16:00 Belgian police carried out about 200 raids, arrested 48 people and seized €1.2 million in cash along with 17 tonnes of cocaine.[10] Those arrested included lawyers and members of the Hells Angels,[1] serving police officers, an employee of the public prosecutor's office, civil servants, tax officials and hospital administrators suspected of providing information to the gangs, as well as people suspected of gang-related violence.[9]

Belgian federal prosecutor Frédéric Van Leeuw (nl) said that "The operation was concentrated on taking down the Sky ECC infrastructure, dismantling the distribution network and seizing the criminal assets of the distributors" and "as many Sky ECC devices as possible" were seized from identified users.[10] The federal prosecutor said about the encryption that "We succeeded. We will send Sky ECC the account number of the federal police".[1]

Belgian and Dutch authorities were alleged to have been able to access the network from 15 February 2021 up to shortly before the raids.[1][11] About a billion messages were intercepted, about half of which had been decrypted by April 2021—further avenues of inquiry were expected to open as decryption progressed. The Belgian police said the network they had broken into was so trusted by its criminal users that images of torture, execution orders, insider financial and operational information were freely sent.[9]

Raids in the Netherlands were part of Operation Argus, the followup to the Lermont operation used to take down EncroChat.[11]

Sky Global disputed claims that their servers and app had been compromised, claiming that they were aware of a fake "Sky ECC" app being available on unsecure phones.[12][6]

Sky Global said they were "actively investigating and pursuing legal action against the offending individuals for impersonation, false lights, trademark infringement, injurious falsehood, defamation and fraud".[6]

Joris van der Aa, a crime reporter for Gazet van Antwerpen, noted the importance of Operation Sky, saying, "It is a big blow because, in Belgium and a great part of the criminal underworld in the Netherlands, they really trusted Sky as a system. They were so full of confidence, and the police now have so much information on how the underworld was structured, bank accounts, all the corrupt contacts are being arrested. It takes years to build these networks ... In South America they will be thinking, 'Let's not do business with these Dutch and Belgian guys any more'... Everyone is waiting for the storm and asking themselves what the police know."[9]

Indictment and shutdown

On March 12, 2021, the US Department of Justice in San Diego, California, issued an indictment against Sky Global's CEO, Jean-François Eap, and a former distributor, Thomas Herdman.[4][7] They were charged with a "conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO)", and arrest warrants were issued. The indictment states that the Sky Global's devices are "specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering. As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted by the company if the device is seized by law enforcement or otherwise compromised."[13]

In response, Eap has published a statement branding the allegations as false, saying that he and his company are being "targeted" because they "build tools to protect the fundamental right to privacy." "Sky Global's technology works for the good of all. It was not created to prevent the police from monitoring criminal organizations; it exists to prevent anyone from monitoring and spying on the global community. The indictment against me personally in the US is an example of the police and the government trying to vilify anyone who takes a stance against unwarranted surveillance."[7]

On March 19, 2021, the company apparently shut down the operations after BlackBerry cut it off from its Unified Endpoint Manager services. Its website has been seized by the FBI.[5]

See also

  • ANOM – a network infiltrated by law enforcement agencies from several countries
  • EncroChat – a network infiltrated by law enforcement to investigate organized crime in Europe
  • Ennetcom – a network seized by Dutch authorities, who used it to make arrests

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 Lyons, Helen (10 March 2021). "When Sky ECC fell, so too did Belgian crime lords". The Brussels Times. https://www.brusselstimes.com/belgium/159176/cracking-of-sky-ecc-encrypted-messaging-service-brings-down-organised-crime-lords/. 
  2. 2.0 2.1 2.2 Lyons, Helen (10 March 2021). "Lawyers among those arrested in crackdown organised crime". The Brussels Times. https://www.brusselstimes.com/news/belgium-all-news/159284/antwerp-lawyers-among-those-arrested-in-crackdown-organised-crime/. 
  3. Stroobants, Jean-Pierre. "En Belgique, le réseau de communication Sky ECC infiltré par la police" (in fr). Le Monde. https://www.lemonde.fr/pixels/article/2021/03/10/en-belgique-le-reseau-de-communication-sky-ecc-infiltre-par-la-police_6072567_4408996.html. 
  4. 4.0 4.1 Quan, Douglas (March 15, 2021). "Arrest warrant issued for Canadian CEO after authorities allege company's messaging app used by international crime groups". Toronto Star. https://www.thestar.com/news/canada/2021/03/14/arrest-warrant-issued-for-canadian-ceo-after-authorities-allege-companys-messaging-app-is-used-by-international-crime-groups.html. 
  5. 5.0 5.1 5.2 Spadafora, Anthony (19 March 2021). "Sky Global apparently shuts down following police arrests". TechRadar. https://www.techradar.com/news/sky-global-apparently-shuts-down-following-police-arrests. 
  6. 6.0 6.1 6.2 6.3 6.4 6.5 6.6 Goodwin, Bill (10 March 2021). "Police crack world's largest cryptophone network as criminals swap EncroChat for Sky ECC". Computer Weekly. https://www.computerweekly.com/news/252497565/Police-crack-worlds-largest-cryptophone-network-as-criminals-swap-EncroChat-for-Sky-NCC. 
  7. 7.0 7.1 7.2 Osborne, Charlie (March 15, 2021). "Sky Global CEO indicted over encrypted chat drug trafficking, calls allegations an 'outrage'". ZDNet. https://www.zdnet.com/article/sky-global-ceo-indicted-over-encrypted-chat-drug-trafficking-claims-erosion-of-right-to-privacy/. 
  8. "Is SnapChat Actually Safer than SkyECC (And Why)?". March 18, 2016. https://socialnewsdaily.com/61500/is-snapchat-actually-safer-than-skyecc-and-why/. 
  9. 9.0 9.1 9.2 9.3 Boffey, Daniel (11 April 2021). "Colombia's cartels target Europe with cocaine, corruption and torture". The Observer. https://www.theguardian.com/world/2021/apr/11/colombias-cartels-target-europe-with-cocaine-corruption-and-torture. 
  10. 10.0 10.1 Chini, Maïthé (9 March 2021). "17 tonnes of cocaine and €1.2 million seized in major police operation in Belgium". The Brussels Times. https://www.brusselstimes.com/news/belgium-all-news/159092/17-tonnes-of-cocaine-and-e1-2-million-seized-in-major-drug-bust-in-belgium-sky-ecc-encrypted-software-organised-crime-the-netherlands/. 
  11. 11.0 11.1 "Dutch cops take out encrypted chat service SkyECC; Thirty arrests". NL Times. 9 March 2021. https://nltimes.nl/2021/03/09/dutch-cops-take-encrypted-chat-service-skyecc-thirty-arrests. 
  12. "Encrypted chat service Sky ECC denies being hacked by Dutch cops". NL Times. 10 March 2021. https://nltimes.nl/2021/03/10/encrypted-chat-service-sky-ecc-denies-hacked-dutch-cops. 
  13. "Sky Global Executive and Associate Indicted for Providing Encrypted Communication Devices to Help International Drug Traffickers Avoid Law Enforcement" (Press release). Department of Justice, US Attorney's Office, Southern District of California. March 12, 2021.