Dismantling of the Ghost platform | “It was like being able to read the suspects’ secret diary”

“I think we are sending a clear message to criminal organizations that the use of encrypted communications platforms does not necessarily protect them from police action,” says Marie-Ève ​​Lavallée, superintendent at the Royal Canadian Mounted Police of Quebec and the Maritimes.




What you need to know

In mid-September, Australian police arrested a 32-year-old man suspected of designing an encrypted communications platform used by criminals in several countries around the world.

Under the umbrella of Europol, police forces from several countries participated in the investigation, including the Royal Canadian Mounted Police (RCMP) in Quebec, which played an important role.

The RCMP is continuing its investigation called Cyborg here.

In mid-September, Europol, the European agency which facilitates the exchange of information between police forces in Europe, but also on other continents, announced the dismantling of an encrypted communications platform called Ghost and used by criminals from several countries.

The alleged designer of this platform, a 32-year-old man, was arrested in Australia.

PHOTO PROVIDED

Europol headquarters in The Hague, Netherlands

Police from several countries participated in the investigation, including members of the Joint Organized Crime Investigation Unit (CFSEU) of the RCMP in Quebec. Their role was even very important.

“We developed a technique that allowed us to obtain crucial data that helped us identify the global distribution of devices. This is not the only contribution, but [grâce à] this technique, when it was used with information from police forces in other countries, we were able to locate the devices,” explains Staff Sergeant Jean-François Roy, of CFSEU.

“It really was a team effort. Each country was able to contribute a piece of the puzzle which ensured that we had a greater picture of the locations, globally, where the devices were located. Subsequently, the police worked to identify the users,” adds M.me Lavallee.

PHOTO ROBERT SKINNER, THE PRESS

The superintendent of the Eastern region of the RCMP, Quebec and maritime provinces, Marie-Ève ​​Lavallée

Watched live by the police

Ghost used a technology called ECC – a form of public key cryptography based on the mathematics of elliptic curves, according to the Keeper Security websitea new development in communications encryption, different, depending on the policy, from that usually found in PGP type devices (Pretty Good Privacy) used by criminals in Quebec and Canada for several years.

RCMP investigators don’t want to say too much, but Ghost displayed characteristics similar to those of PGP-type devices. For example, data on a device could be erased remotely, from one country to another. They could also be erased after a certain period of inactivity of the device or disappear at the slightest shock.

The investigation showed that Ghost was used on hundreds of devices around the world, mainly in Australia and Ireland.

The investigation made it possible to prevent several crimes, including contract killings in Australia, and to find an Italian mafioso who had been on the run for a long time.

Police officers from the countries involved could follow the plots live, in real time.

PHOTO ROBERT SKINNER, THE PRESS

Corporal Anne-Marie Savard and Staff Sergeant Jean-François Roy, of the RCMP (Québec-Maritimes)

“The interception phase lasted from February to September. We had investigators in Europe to review all communications. There were videos, voice messages and pictures. The criminals believe they are trading on an ultra-secure platform, so they speak very clearly,” explains Anne-Marie Savard, corporal at CFSEU ​​and principal investigator on the case.

“The owners of this technology didn’t suspect anything,” adds Jean-François Roy proudly.

The Cyborg investigation

According to the RCMP, users of the Ghost platform were primarily individuals linked to organized crime who plotted crimes traditionally committed by organized crime, including large-scale international drug trafficking with cryptocurrency fund transfers.

A Canadian from British Columbia has been arrested in Vancouver. For the moment, his identity has not been revealed, but the individual is said to have exported kilograms of methamphetamine to Australia, where this drug, and cocaine, are worth up to 10 times more than here. This suspect led to the dismantling of a clandestine laboratory in Australia.

“Throughout the conversations, we could see the crime being committed or in the process of being committed. This file really made it possible to come full circle: the identification of all the people, the seizure of the drugs that had left Canada and the dismantling of the laboratory. It was like being able to read the suspects’ secret diary. It was happening before our eyes,” says Superintendent Marie-Ève ​​Lavallée.

Quebec organized crime, even on a smaller scale, is also increasingly international. Quebecers are also believed to be involved in the diversion of methamphetamine and cocaine to Australia and Europe.

In the wake of the dismantling of the Ghost platform, the RCMP launched an investigation called Cyborg – still ongoing – on which it is stingy with comments, for the moment.

“We have identified several hundred users around the world. In Canada, we do not want to say the number for the moment, but what we can say is that the platform was made available to Canadians, Quebecers and Montrealers,” replied Corporal Savard.

Constraints

It is very rare for police to successfully dismantle an encrypted communications platform used by criminals.

“Criminals are always one step ahead of the police” is a phrase that The Press has often heard, for several years, most often from police officers.

Mme Lavallée assures that the investigation was carried out in compliance with the laws, in particular the Charter of Rights and Freedoms.

But, questioned on this subject by The Pressshe at the same time suggested that the work of the police against encrypted communications platforms which are not used by “everyone who sends each other their grocery list or exchanges photos of their children” should be made easier.

“There are countries which have laws which facilitate the work of the police or which will criminalize the fact of having a device which has all the components of an encrypted device, while in Canada, we do not have these provisions. At the legislative level, there are certain constraints in Canada when we compare with what is done in other countries,” she concluded.

To contact Daniel Renaud, call 514 285-7000, ext. 4918, write to [email protected] or write to the postal address of The Press.


source site-61

Latest