Encrypted Sky ECC

Peter Fairbrother peter at tsto.co.uk
Sun Mar 14 12:55:09 PDT 2021 

On 13/03/2021 14:25, Ivan J. wrote:
> On Fri, Mar 12, 2021 at 06:52:17AM +0000, jim bell wrote:
>> BleepingComputer: Europol 'unlocks' encrypted Sky ECC chat service to make arres
>> ts.
>> [1]https://www.bleepingcomputer.com/news/security/europol-unlocks-encrypted-sky-
>> ecc-chat-service-to-make-arrests/
> 
> Funny, because I've met drug dealers who all had/have burner
> Blackberries with Sky ECC, and they all their ops went through the
> messaging app. From what I've seen (and remember) the app seems to have
> had some kind of message selfdestruct, and an additional unlock decoy
> password that is supposed to erase the local messages when input.
> 

Plus sometimes a remote message destruct by the service in emergency - 
which can sometimes be considered to be the crime of illegally 
obstructing a criminal investigation.



A (not-so-brief) history


The (in)famous PGP Blackberries were first sold by ghostpgp, TopPGP etc. 
from about 2000. Blackberry themselves never made a PGP blackberry.

Network-limited crypto phone networks (initially exclusively using PGP 
Blackberries), where only people on the network could be contacted and 
people are identified by pseudonyms rather than by phone numbers, 
started in about 2012. By 2016 Ennetcom was the biggest limited network.


Afaik no direct cryptanalytic attack against the PGP Blackberries has 
ever succeeded, though several hardware-, phishing-, software-, 
security- and law- based attacks have.

Around Jan 2016 it became widely known that the Police could examine the 
contents of at least some PGP Blackberries after they seized them, and 
over the next 18 months there were many breaks in service and 
occasionally security in limited networks. As a result both PGP 
Blackberry limited networks and PGP Blackberries themselves went 
somewhat out of fashion.

The main method the Police used was to break up the limited networks by 
seizing servers and arresting operators for associated crimes like money 
laundering or assisting criminals, rather than trying to obtain 
plaintext evidence against users.


Defunct PGP Blackberry network limited companies include:

Ennetcom (19k-40k users). Servers with 48 hours of messages seized in 
April 2016, those and other messages decrypted shortly thereafter - the 
Ennetcom servers were generating the PGP private keys... Number of users 
arrested unknown but more than a few, including some convicted of murder.

PGP Safe May 2017. 4 people in the company arrested for money 
laundering.  Few if any users arrested.

Phantom Secure (20k users). Highly customised PGP Blackberries. Was 
broken up in 2017 but not message-security-broken. CEO was busted under 
RICO, refused to add backdoor, got 9 years. No? users were arrested.


Both ordinary and network-limited PGP Blackberries are still available.



Next in the limited networks (but not PGP Blackberry) game came 
Encrochat (60k users). They used their own non-PGP crypto software on 
mostly Android phones, optionally Blackberries.

They were widely message-security-broken in 2020. No arrests in the 
company afaict, which was apparently a bit more respectable than Phantom 
Secure or Sky Global. About 1,000 users arrested.

The method used in this break is interesting, a LE malware attack: the 
French Police sent a "software update" to all the phones in use, which 
then sent the plaintext contents of the stored messages in the phones to 
the Police at intervals. The system servers were not directly affected.




Most recently there is SkyECC (70k users) from Sky Global, again using 
their own software and mostly Android phones with a Blackberry option. 
Widely message-security-broken according to LE in 2021. Sky Global's CEO 
is under indictment for RICO. Many users have been arrested.

Sky Global claim that an unconnected and unauthorised "reseller" of fake 
"SkyEcc" phones sold the phones which were message-security-broken, and 
their system is still secure. Doubtful, but not impossible.

One thing (among many) which confuses me about this is that Sky Global 
claim they knew about the fake phones for several years - so why did 
they still allow the fake phones connectivity and crypto services?


Peter Fairbrother

More information about the cypherpunks mailing list