The Dutch police have acquired the encryption keys of Iron Chat, chat program used by criminals. The police were able to watch live with conversations and got access to 258,000 messages from more than a hundred people.
The Police East Netherlands announced this. The police do not yet provide substantive technical details. According to the police, it was a system that used prepared smartphones, which only messages could be sent with. The communication went through a private server and the Dutch company advertised with the fact that messages could not be listened by authorities.
Because the police had access to the server where the encryption keys were on, there could be a live view of the messages that were sent from the so-called cryptophones. According to the police, this involved 258,000 messages from more than a hundred people and communication was almost exclusively about criminal matters, including arms, drugs, money and bitcoin. The phones were sold for 1500 euros each with a half year subscription. An extension cost 750 euros.
The police have two owners of the Elst company that sold the phones on suspicion of money laundering and participation in a criminal organization. As a result of the tapped reports, according to the police spokesman, dozens of arrests have been made and dozens of investigations have been carried out and more will follow.
The news is brought out because the criminals who used the chat service got suspicious and suspected each other of the leak of information. There would be retaliatory actions planned by distrustful criminals, and the police would like to prevent them by now announcing that the chat was being tapped. The server was taken offline and the service is no longer usable according to the police. E-mailing the messages was done by the police in collaboration with the Public Prosecution Service, after review by the examining magistrate.
The case is similar to that of Ennetcom last year, when the Dutch police 3.6 million pgp messages decrypted after the company’s servers were confiscated. The difference is that it was then about messages that were decrypted afterwards, while with this new case live could be watched with the ‘encrypted’ communication. According to the police, this is the first time.
Update 18:01: The supplier of the phones in question was probably active with the website blackbox-security.com . This website is shown in a search for Iron Chat and has been taken offline by the Dutch police. Via the cache of Google you can see a product page with an explanation of the so-called IronPhone.
Update 19:21: According to the NRC the police got the encryption keys in hands because they were on the server. This made communication clear The encryption protocol itself has not been cracked. The article has been modified accordingly.