back to article Dutch PGP-encrypted comms network ‘abused by crooks’ is busted

Dutch firm Ennetcom has pulled its systems offline following a bust by police and accusations that its encryption technology was being abused as a communications network by drug dealers. Police have seized servers in the Netherlands, and Canada is dismantling what local reports describe as a PGP-based comms network. The …

  1. Alistair
    Windows

    And we now know what the FBI found on the infamous iPhone.

    "Ummm, nothing interesting here...."

    See previously :

    "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit."

    Prosecutions post Lavabit? Anyone? Bhueler?

    Track record? looking rough there for the TLAs.

    1. NoneSuch Silver badge
      FAIL

      Goodbye Democracy

      It was nice while it lasted.

      1. Adam 1

        Re: Goodbye Democracy

        It was nicethe worst form of government, except for all the others while it lasted.

        TFTFY

  2. Mike Moyle

    Highways are abused by criminals, too.

    ...and in cars that are OPAQUE to law enforcement. Shut 'em all down!!

  3. petur
    Facepalm

    Weapons are used by criminals!

    Let's shut those factories down too

    1. Richard Jones 1
      FAIL

      Re: Weapons are used by criminals!

      Weapons are illegal to own in many countries; except the USA of course where the right to carry arms and get shot by your self device weapon, often by a family member is so very important.

      I guess the wacky-backy folk will have to do something else now.

      No doubt iApple would welcome the trade I would like to get excited about this non-story, where is the snoring icon when it is needed.

    2. Scorchio!!

      Re: Weapons are used by criminals!

      "Let's shut those factories down too"

      Interestingly, somewhere in the mid to late 90s ISTR an American president designating PGP as "weapons grade" software. Now that the Graun et al. have disclosed the mechanisms with which intelligence has been gathered by US and probably UK agencies we see in response to these disclosures Al Q et al. using what that former president thought had the power of weaponry. It is a very difficult, a thorny problem, and I do not pretend to have an answer either way.

  4. Anonymous Coward
    Anonymous Coward

    Threshold?

    Of course, with this action possibly the behaviour of some good guys on this network will be blocked as wel

    So what proportions are we talking about? Mostly used by criminals with just a few 'good guys'? Or the other way around? Or somewhere inbetween?

    What threshold does the proportion of criminal use have to reach before it's OK to shut down comms for everone?

    1. DiViDeD

      Re: Threshold?

      I can't see why people find this perfectly reasonable course of action difficult to understand.

      Listen carefully, if it could, conceivably, be used in some way by one of the bad guys, a criminal, terrywrist, paedophile, whistleblower, investigative journalist, peace campaigner, environmentalist, someone who didn't shuttup when told, etc, AND it's a technology that:

      a) Was invented after my 30th birthday, or

      b) a technology I don't entirely understand

      then it is, ipso facto, dangerous and we must spare no taxpayer money in getting rid of it.

      I hope this clears things up.

      You're very welcome.

      1. Anonymous Coward
        Happy

        Re: Threshold?

        Ah yes, of course. Thanks for clearing that up for me.

        1. Anonymous Coward
          Anonymous Coward

          Re: Threshold?

          not sure about the dutch network, but a scientific analysis by a real expert on TOR found that at least 50% of the onion network was 'legitimate' use by people seeking to communicate in a way that was necessary for expressing of their legal rights in their particular circumstances, and the rest was pr0n. (I think this ratio is tolerated as the spooks themselves have/still use(d) TOR for their own needs & the require other users for traffic-dilution - but they are also going for *any* crypto service)

          I encrypt shopping lists & everything that I send by email to some relatives/friends for mostly two reasons: a) I wish to have privacy in my correspondence but mostly b) I'm sure the crypto that I use is backdoored and so I send misleading stuff; looking for it to eventually filter back to me at my trial. No your honor, I never buy sausages. . .

  5. Anonymous Coward
    Anonymous Coward

    You know the encryption is good because they get shutdown. Lavabit etc.

    If the encryption is SHIT, or they're leaking meta-data they get to remain open. Apple, whatsapp etc.

    1. Anonymous Coward
      Go

      Or they are hosted in Switzerland where the courts will tell them to polity f*** off.

      1. Anonymous Coward
        Anonymous Coward

        That's pretty specious reasoning. It is a lot easier to shut down a small company than the largest one in the world.

        Besides, the government didn't shut down Lavabit, the owner of it did so himself. The government had ordered it to produce records via a NSL - that's a very different situation than what the FBI was trying to do with Apple since the NSL gave them almost no legal recourse. Now that the cat is out of the bag with NSLs and companies are using "canaries" to rat the government out they've been forced to attack the problem directly.

        1. Alan Brown Silver badge

          "companies are using "canaries" to rat the government out"

          Canaries won't work if you've been ordered to keep them running.

          1. Anonymous Coward
            Anonymous Coward

            Canaries

            That's why you put the canary in your SEC filing. Reporting false information in a SEC filing is a serious felony, and the government can't order a company or its officers to break the law.

        2. Anonymous Coward
          Anonymous Coward

          @Lavabit

          @"Besides, the government didn't shut down Lavabit, the owner of it did so himself. The government had ordered it to produce records via a NSL"

          Sort of, they actually used an NSL to demand he hand over the encryption keys in secret. So in theory and law the NSL says they can demand meta data, in practice they've substituted "give us everything and we promise to only look at what we're legally allowed to look at". And since the NSL is secret such abuses are done in secret without discussion.

          Round 1 - San Bernadino

          Round 2 - Netherlands PGP Phone

          Really, I'd like to see this company sue the Dutch police for trying to misuse the money laundering law. But more than that, they should use Freedom of Information requests to see if there has been some undue lobbying from the FBI. The timing is just tooooo coincidental.

          FBI director is clearly lobbying for backdoors, the San Bernadino phone was chosen as a suitable test case, and he's likely used his position to lobby foreign police forces looking for another test case having lost the last round.

          So a PGP encrypted phone could be the next game he's playing and they need to find out how much of the claimed evidence comes from the FBI and how much discussion has gone on, related to this.

          But if the Dutch police have let themselves be used for political purposes, they really need to be reigned in. We need secure encrypted phones for politicians, businessmen, journalists, and really anyone who wants their privacy.

          1. Anonymous Coward
            Anonymous Coward

            Secure encrypted phones for politicians?

            Screw that, I don't think we should allow them to have secure phones if they don't allow us to have them. Though apparently secure phones are pretty hard to come by in the US - the President has one of course, but when Clinton became SOS in 2009 she wanted a secure Blackberry like his but was told she couldn't have one, which is why she used her personal Blackberry that infamously accessed email on her private server. If the freakin' Secretary of State doesn't rate one, there can't be too many of them floating around DC!

  6. seacook
    FAIL

    'abused by crooks' HOW?

    Are TLAs upset that they are unable to access the metadata and anything else OR are the TLAs able to access the metadata but are unable to de-crypt the payloads. I suspect the latter. TLAs solution - we'll shut the business down and let the business owners deal with the fallout.

    Seems to speak well for the capability of PGP!

  7. BJC

    Why stop there?

    Based on the number of BT telephone users and the number of criminals, it seems quite possible that the BT telephone network is being used for criminal purposes. OK, shut it down too. Of course, the same is true - probably more so - for the mobile networks so shut them down too. Actually, what about this interweb thingy, they're probably using that too. OK, shut it down.

    N.B. I have no evidence to support that fact that these services are being used for illegal purposes. Right, lets monitor and capture all comms so that we can find out. Oh, we're already doing that...mmmmm.

    Seems that this isn't so much as an idea but a government plan. :-(

    1. ecofeco Silver badge

      Re: Why stop there?

      Exactly. Or use cars for crimes so let's punish car makers and farmers for making the food they eat and the movie industry for making movies they watch.

      I know this has been tried with gun makers and has already partially succeeded with gun retailers in the U.S..

    2. User McUser
      Go

      Why not go further?

      How much further can we take this argument? AD INFINITUM ABSURDE!

      -Post office? Yikes, someone might send a letter about drugs! Shut it down!

      -Internet? Obviously that one's right out.

      -Talking? *!gasp!* People might say all sorts of things to each other by transmitting vibrations through a gaseous medium! Guess we'll just have to puncture your eardrums and cut out your tongue and vocal chords, you know 'cause of the possible crime.

      -Sign language? Oh my, better start chopping off hands... Actually, let's pop those eyeballs out too - you might see something else we don't like or use a complicated blinking code to exchange secret drug messages!

      1. LaeMing
        Go

        Re: Why not go further?

        Don't forget, politics is often used by criminals. Need to shut that down too!

        1. DiViDeD

          Re: Why not go further?

          Don't forget, politics is almost exclusively used by criminals.

          There, FTFY

  8. ecofeco Silver badge

    What's next?

    Crooks use cars for crime, so we shut down car makers? They eat food so let's shut down the farmers? They watch movie so lets shut down the movie industry because they get some ideas from the crime movies? etc,e tc.

    Seriously. WTF?

    I know this has been already been tried with gun makers and has partially succeeded with gun retailers.

    I swear it feels like we're living back in the 19th century.

    1. Mark 85

      Re: What's next?

      Just give things some time... right now, everyone's suspected of being a terrorist or a paedo.... As we regress, we'll start looking for and burning suspected witches. Regression and oppression at it's best....

    2. Oengus

      Re: What's next?

      I swear it feels like we're living back in the 19th century.

      I would have thought more like the Dark Ages.

  9. Mephistro

    Small error in the quote

    Should be:

    "The police seem to have proof that criminals misused this network/business, therefore they did they used that fact as an excuse to shut down the whole thing and slurp also the data from the honest customers.."

    Here, fixed!

  10. harmjschoonhoven
    Stop

    The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

    Selling PGP-services is not punishable. Nevertheless is the owner of Ennetcomm detained on Tuesday. He is accused of laundering. According to the police he must have known that most of his clients were criminals who paid him with money originating from crime. By accepting that money for his services he is guilty of laundering, is the proposition of the public prosecutor. (my translation)

    1. Mephistro
      Angel

      Re: The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

      "According to the police he must have known that most of his clients were criminals who paid him with money originating from crime."

      Are the Dutch cops going after luxury car vendors as well? ;-)

      On a more serious note, the police's legal arguments here seems -to put it mildly- extremely flimsy. Another case of state sponsored legal harassment. Sigh...

    2. DiViDeD

      Re: The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

      "..he must have known that most of his clients were criminals who paid him with money originating from crime.."

      So where does that put the sellers of luxury yachts, sports cars, private planes and questionable interior design then?

      What about the bloke who serves beer in the East End pub where people buy knocked off watches? Surely now is the time to put all retailers under arrest unless they can prove they have never accepted tainted money for any of their products.

    3. Anonymous Coward
      Anonymous Coward

      Re: The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

      Clearly the police are playing games. Money laundering is not selling goods and services. It's turning dirty money into clean money or saleable assets.

      That did not happen. This is abuse of legal process, they need to be sued.

      They say "well he must have known its mostly used by [alleged] criminals", is unimportant. Lawyers are mostly used by criminals, so what? I added the word alleged, because if they were used by actual criminals the police would arrest those criminals.

      So the police are alleging that PGP users are mostly criminals! Without evidence!

      Clearly the timing is related to the Apple case, they're trying to influence the political discussions around encryption, but what they're actually revealing is that the Dutch police are rogue.

      1. DonL

        Re: The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

        "So the police are alleging that PGP users are mostly criminals! Without evidence!"

        Come on, which *pair* of people is going to spend € 1500 each just to have a private conversation about dogs and cats. And businesses have better (in-house) tools for a lot less money.

        So what kind of people is this company targeting?

        Everyone is just happily handing all their private data over to Facebook, but when the police shuts down an obviously criminal network everyone is up in arms because our privacy is at stake.

        I live in the Netherlands and I'm all for privacy but I'm glad to see they're taking action against this sort of thing.

        1. Anonymous Coward
          Anonymous Coward

          Re: The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

          @"So what kind of people is this company targeting?"

          Obviously criminals! Because normal people talk about only cats and dogs!.. Your logic is broken.

          Criminals wouldn't use this phone because it picks them out of the anonymous crowd of hay. Businessmen on the other-hand, people in security, politics, journalism, me, the price is unimportant, I have friends in British politics, the spooks threaten the UK democracy, our conversations about pussy and bitches, erm cats and dogs, need to be protected from them.

          @"I live in the Netherlands and I'm all for privacy but I'm glad to see they're taking action against this sort of thing."

          How can you be all for privacy and all against any tool that can deliver it? Again it makes no sense. Do you imagine your Dutch politicians should carry backdoored phones with NSA/GCHQ taps in them? Do you imagine investigative journalists monitoring police corruption should carry phones with a police backdoor in them? How do you plan to deliver privacy if you think only criminals need/want privacy?

          Do you believe in rule of law? If you feel that way, shouldn't you try to get a law passed? Instead of approving a 'money-laundering' law used as an attack vector for industry? How many other businesses will be attacked this way? Uber should constantly hand their GPS passenger location to the police because criminals are using Uber perhaps? Otherwise Uber drivers are moneylaundering by turning stolen money into taxi rides!

        2. Cynic_999

          Re: The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

          "

          Come on, which *pair* of people is going to spend € 1500 each just to have a private conversation about dogs and cats. And businesses have better (in-house) tools for a lot less money.

          "

          Looks like you know of only 2 types of conversation: Dogs & cats conversations and criminal conspiracy conversations.

          In fact there are many people who do not want 3rd parties listening to their conversations for very good & legitimate reasons. Company executives discussing major business deals for example, or politicians discussing policies & strategies. Both examples are of people who may need to discuss such things from hotel rooms or while travelling, and would find €1500 a trivial business expense. Given that 3rd parties stand to make considerable gains from tapping in to such conversations, the threat of interception of normal communications methods is high.

        3. DonL

          Re: The NRC-Handelsblad newspaper writes (2016-04-21, page 3)

          I got a lot of downvotes for this, however a bit later it is announced the owner got shot at and the network is a hidden treasure:

          https://translate.googleusercontent.com/translate_c?depth=1&nv=1&rurl=translate.google.nl&sl=auto&tl=en&u=http://www.gelderlander.nl/regio/nijmegen-e-o/nijmegen/kogelregen-mogelijk-mislukte-aanslag-op-danny-m-1.5959364

          https://translate.googleusercontent.com/translate_c?depth=1&nv=1&rurl=translate.google.nl&sl=auto&tl=en&u=http://www.nrc.nl/nieuws/2016/04/21/informatieschat-op-criminele-gsms-1614033

          The downvoters may be right in theory but are naive in practice.

  11. Anonymous Coward
    Anonymous Coward

    Dutch police playing politics

    PGP phones are legal in Holland, there's no law says you can't give people their privacy right because it might also be used by criminals.

    What the Dutch police are doing is trying to get involved in the encryption debate by pretending its illegal to use encrypted phones.

    However it's very dangerous for policemen to act like they are politicians, they cannot use their police powers as a means for setting a political agenda, and the company needs to sue the ass off them for this.

    Laundering money is cleaning it to make it look legitimate, it is NOT being paid to provide the a legal service. They have gone way outside the law here, and need to be brought back within the legal bounds of their job.

  12. Anonymous Coward
    Anonymous Coward

    Size matters

    It's doing nothing that WhatsApp isn't doing, with end-to-end encryption. And drug deals are definitely arranged on WhatsApp too. But one is a multi-billion dollar company, and the other isn't. Sucks to be the little guy.

  13. Camilla Smythe

    Presumably Voice was Encrypted...?

    For €1500 I would expect as much..

    However...

    https://www.google.co.uk/search?hl=en-GB&source=hp&biw=&bih=&q=pgp+on+android&btnG=Google+Search&gbv=1

    and... If you trust SKYPE,

    https://www.google.co.uk/search?q=skype+encryption+on+android&btnG=Search&hl=en-GB&gbv=1

    The indications are that SKYPE to SKYPE Voice is encrypted.... Or,

    http://cointelegraph.com/news/3-alternatives-to-skype-surveillance-with-end-to-end-encrypted-calls

    It's all out there.

    1. Harry Stottle

      Skype Encryption Keys are held by Skype

      which is not quite as bad as no encryption at all but means that any skype conversation is accessible to the American TLAs. (A bit like Blackberry BIS [encrypted with their keys] v Blackberry BES [encrypted with your keys])

      I went looking for Skype End to End encryption the day after Microsoft bought Skype and was told, explicitly (though I cannot now retrace the source) that it wasn't possible because of the way Skype works (routed through a central server). So unless something has dramatically changed (which would be a major step in exactly the opposite direction of where these things are going) you should not be trusting Skype encryption for anything more serious than keeping script kiddies out of your hair...

  14. Myntex

    The reason the messages were able to be de-crypted was due to extremely negligent PGP hosting policies. They were storing all the private encryption keys on their servers along with a record of all the messages. These are two EXTREMELY bad things to do when hosting a PGP Encryption service.

    This wasn’t a case of anything being hacked, this would be equivalent to saying your PC got hacked when you left a Post-It note on your monitor with your password on it.

    Reputable PGP Service providers do not store their users messages, or more importantly their private keys on their servers.

    This was a case of neglect, not a case of anyone being hacked.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like