It’s over four years since the encrypted platform Encrochat, favoured by criminals around the world, was shut down after being hacked by police.
Hundreds of Encrochat phones were used by criminals in Ireland, but even now the scale of use has yet to be revealed, writes Prime Time’s Security Correspondent, Barry Cummins.
On a Wednesday night in January 2020, on the road between Artane and Beaumont on Dublin’s northside Gardaí spotted a Toyota Yaris being driven suspiciously.
Officers pulled the car over and spoke with the driver, who identified himself as Robert Noctor (49), with an address at Victoria Road in Clontarf.
Gardaí decided to search the vehicle and when they looked inside the boot, they saw a Brown Thomas carrier bag and a satchel. Inside the shopping bag was a shoe-box, and inside that was €93,005 in cash, wrapped in bundles.
The cash was naturally suspicious and would, in time, be declared the proceeds of crime.
But it was the three mobile phones in the satchel which would lift the lid on something very substantial going on in the criminal world.
The phones were high-end Android devices which, when examined, showed that they had been fitted with specialist encryption software known as Encrochat.
Detectives had found similar phones in various investigations, but the discovery in the Yaris was part of a bigger picture.
The phones were still in cases and had yet to be given to their criminal buyers. There were three Dutch SIM cards and stickers with usernames with the haul. The find strongly indicated something quite organised was going on, and that Encrochat was part of a much bigger picture.
The Criminal Assets Bureau (CAB) took a case to the High Court and Robert Noctor did not contest the proceedings. In fact he left Ireland soon after his car was stopped by Gardaí and hasn’t been back. The cash and the three Encrochat-enabled phones were deemed the proceeds of crime.
“During the course of our case, we would’ve produced evidence to show that there was other funds flowing from him in relation to the sale and supply of Encrophones,” said Chief Superintendent Michael Gubbins of CAB.
“These phones retail for about €1,500 each and a top up was about €600. So there was quite a lot of money involved in these.”
What Gardaí were discovering in January 2020 was something becoming ever more clear to police forces around the world. Encrochat phones had emerged as the ‘go-to’ phones for serious criminals who believed they had a means of communicating with each other which was impenetrable.
An Encrochat phone looked like any other phone, but the GPS was very often disabled, the phone’s microphone removed. The homescreen looked like any ‘normal’ phone, but there was a second display which could be accessed by a few button clicks bringing you into the Encrochat system.
Criminals had long been using encrypted devices, but by early 2020 Encrochat phones were showing up in police seizures across the globe.
Dutch police were finding a considerable number. Just before the Covid pandemic hit, police in Holland were realising that the phones were being used to make contact with hitmen, and to arrange for contracts to kill being taken out.
Meanwhile, French police had already discovered that the server for Encrochat was in the northern town of Lille. French military experts came up with a plan, which in time would lead to the take down of thousands of criminals, including Kinahan cartel members Thomas Kavanagh and Liam Byrne.
Unbeknownst to Encrochat, French intelligence planted a ‘booby-trap’, inserting a piece of malware into an update which attached automatically to each Encrochat device.
Most members of society typically accept the software updates that are suggested to our mobile phones, and so too did the thousands of criminals who believed they were simply being asked to update the Encrochat app.
That update meant that from early April 2020 until 13 June 2020 (when Encrochat dramatically closed down) French and Dutch police were able to read every single text sent via Encrochat. It was a treasure trove of information.
Massive cocaine shipments were revealed, guns were discovered, criminals were arrested in possession of contraband. For some months some criminals could not figure out what was going on, could not figure out why police seemed one or more steps ahead. Some other criminals did not even notice, or weren’t caught until later.
13 June 2020 is when Encrochat stopped forever. By now operators of the encrypted network had figured out it had been compromised, and knew it was by a police force but still did not know how bad the ‘hack’ would be for them.
They sent a message to every criminal, including – based on Garda intelligence – a number of criminals in Ireland – which read “we can no longer guarantee the security of your device… you are advised to power off and physically dispose of your device immediately.”
Right across the world, criminals dumped their Encrochat phones, but they had left an evidence trail of criminality.
Some criminals had been so comfortable with Encrochat, so confident that they were on a safe and secure platform, that often they didn’t even use codewords when referring to criminality.
In the case taken at the Old Bailey in London against Thomas Kavanagh and Liam Byrne, there was a mixture of slang, code-words, and the outright stating exactly what some of the members of the criminal conspiracy were actually doing.
The plot revealed in the messages involved sourcing weaponry and having it hidden in Co Armagh, to allow Thomas Kavanagh to reveal the information to police, in an effort to get a reduced sentence for smuggling €35m of cocaine.
If Encrochat had not been hacked by French authorities it might never have become known that Thomas Kavanagh had arranged the purchase and secret burial of the weapons himself.
Yet it is somewhat ironic that Kavanagh has now pleaded guilty to a plot which was uncovered via Encrochat phones, when he never touched a phone himself.
From his prison cell in England he would send messages to intermediaries on ‘the outside’ who then communicated with other criminals via Encrochat.
Some of those criminals used code such as referring to ‘tools’ and ‘yokes’ instead of firearms – and ‘sweets’ instead of ammunition.
Other didn’t bother with code.
One of the most striking texts read out before the sentencing Judge at the Old Bailey was unambiguous, and it wasn’t the only one.
“Liam can get Glocks for 3.5k”
It’s a short sentence but informative. Yet it is just one of millions of texts which police forces have analysed from the Encrochat haul.
While other police forces spoke publicly in 2020 about the fruits of Encrochat, Gardaí were not as talkative at that time. Detectives were engaged in a number of long-term investigations where they were building cases, and did not want suspects to know exactly what they had. Even now officers are somewhat circumspect, as they play a ‘long-game’ which has now been going on many years.
When another encrypted platform – ‘Ghost’ – was taken down last month, Gardaí took a different approach.
That platform originated in Australia, but for some reason Irish criminals were the second highest number of users. That could be due to word-of-mouth, such as Irish criminals returning from Australia with news of a new secure platform he or she had heard about.
Whatever the link, around one hundred ‘Ghost’ phones were identified in Ireland, and four criminal gangs have suffered as a result of Garda raids. Yet, the dismantling of Ghost was small fry compared to Enrcochat.
In mid-September, Gardaí sat as part of a significant Europol press briefing on ‘Ghost’. There, Prime Time asked Chief Superintendent Séamus Boland of the Garda Drugs and Organized Crime Bureau about Encrochat. By then it was clear that the evidence which led to the bringing down of Thomas Kavanagh and Liam Byrne in the UK had come through Encrochat.
It was also clear that the weapons involved in that plot had been transported from Dublin to Co. Armagh, and it was clear that some of those involved in the plot had been most likely in Ireland when they were communicating on their Encrochat phones.
‘How prevalent was Encrochat in Ireland?’ I asked.
“Encrochat and all of these networks were very prevalent in Ireland,” replied Chief Supt Boland.
“And we have a number of investigations at the moment where we are in the process of completing significant investigation files on very high value targets.”
With Minister for Justice Helen McEntee this week signing an Extradition Treaty with the United Arab Emirates – which may facilitate alleged senior members of the Kinahan cartel being sent back to Ireland from Dubai – it remains to be seen how many more Encrochat cases, or other encrypted platforms, will come before Irish courts.
An in-depth report from Barry Cummins and Sally Anne Godson on this topic features on the 22 October edition of Prime Time, on RTÉ One television at 9.35pm.
