Europol takes down "Ghost" encrypted messaging platform used for crime
by Bill Toulas · BleepingComputerEuropol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering.
Ghost featured advanced security and anonymization features, allowing the purchase of subscriptions with cryptocurrency, featuring three encryption layers, and a message self-destruction system that eliminated evidence from the sender's and recipient's devices.
Thousands of people worldwide used the Ghost platform to exchange roughly 1,000 messages daily, while an extensive global network of resellers promoted it to aspiring clients.
Subscriptions cost $2,350 for six months and included a modified smartphone device and tech support services.
The investigation into the platform, led by Europol's Operational Taskforce (OTF), began in March 2022, involving agents from the United States, Canada, France, Italy, Ireland, Australia, Sweden, and the Netherlands.
This effort led to the discovery of Ghost's servers in France and Iceland, the platform owners in Australia, and assets linked to the platform in the United States.
Examination of the evidence enabled the authorities to organize coordinated raids across different countries, leading to a total of 51 arrests—38 in Australia, 11 in Ireland, one in Canada, and one in Italy.
The main operators face five charges and potential penalties, adding up to 26 years of imprisonment.
"Today we have made it clear that no matter how hidden criminal networks think they are, they can't evade our collective effort," commented Europol's executive director, Catherine De Bolle.
"Law enforcement from 9 countries, together with Europol, have dismantled a tool which was a lifeline for serious organized crime."
In addition to the arrests, the authorities dismantled a drug lab and seized weapons, illegal substances, and over €1 million ($1.1M) in cash.
Europol commented that due to the complexity of the investigations, it had to deploy cyber experts in Iceland, Ireland, and Australia who carried out highly specialized technical tasks.
The authority also underlines that actions like the dismantling of Ghost, and previously Sky ECC, EncroChat, and Exlu, result in fragmentations in the encrypted communications landscape, which makes its investigations and crime tracking more challenging.
"Criminal actors, in response, are now turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity," explained Europol in the press release.
"This strategy helps these actors avoid exposing their entire criminal operations and networks on a single platform, thereby mitigating the risk of interception."
Europol has recently called for a balanced approach to encryption, advocating for measures that ensure privacy without compromising lawful access to data in criminal investigations.
The agency took this opportunity to remind private companies of their responsibility to provide legal access to data when required by criminal investigations.