Busted ‘secure’ EncroChat messaging service leads to over 6,500 arrests by police

'Secure' EncroChat messaging service leads to over 6,500 arrests by police

Back in 2020, law enforcement agents across Europe had a major breakthrough in their fight against organised crime. They managed to crack into EncroChat – a secure encrypted messaging service which ran on modified Android phones, that promised “worry-free secure communications”.

EncroChat’s customers were almost all criminals, who had no qualms about buying a encrypted phone from EncroChat (for roughly £1000), and then pay a hefty subscription for continued use of the system.

EncroChat handsets even came with a “panic” option where just entering a 4 digit code could delete all of your data, supposedly messing up any attempts by police to gather evidence of your wrongdoing.

Sign up to our free newsletter.
Security news, advice, and tips.

But investigators managed to gain full control of EncroChat’s infrastructure, and could read users’ supposedly-encrypted messages in real-time.

In a livestreamed press conference this week, Europol shared the latest results of the investigation into the EncroChat encrypted messaging system – used widely by criminal groups.

Press Conference on Encrochat

Law enforcement agents were able to intercept over 115 million conversations between criminals, by an estimated 60,000 users. Europol says that the surveillance helped “prevent violent attacks, attempted murders, corruption and large-scale drug transports, as well as obtain large-scale information on organised crime.”

Encrochat by crime area

According to Europol, the dismantling of EncroChat has resulted in 6.558 arrests to date (including 197 high-value targets) – with the seizure of close to 900 million Euros, and hundreds of tonnes of drugs. To date, criminals convicted as a result of the evidence gathered from EncroChat face a total of 7,134 years of imprisonment.

Encrochat in numbers

As you can hear on this episode of the “Smashing Security” podcast, one EncroChat user was identified after he sent a photo of his pet dog via the service (perhaps not realising that the dog’s pet tag was revealing a phone number that he should have probably kept private.)

Smashing Security #302: 'Lensa AI, and a dog called Bob'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

In another hilarious case, a drug dealer from Liverpool was identified after he sent a picture via Encrochat of some mature Stilton blue cheese he was buying at a supermarket.

What he didn’t realise, as we describe in a different episode of the “Smashing Security” podcast, was that the photo showed enough of his palm and fingertips for Merseyside police to identify him.


Imagine believing you’re a big cheese in the world of crime, and to be caught out in such a way…

Smashing Security #229: Dating leaks, right to repair, and a stinky bishop'

Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.