Ghost: Criminal communication platform compromised, dismantled by international law enforcement
Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday.
“AFP Operation Kraken charged a NSW man, aged 32, for creating and administering Ghost, a dedicated encrypted communication platform, which the AFP alleges was built solely for the criminal underworld,” the law enforcement agency says.
As the man was being arrested, other arrests (51 suspects in all) happened across Australia, Ireland, Italy, Sweden and Canada, targeting criminals that used the platform to organize money laundering, violent crimes, the traffic and manufacture of illicit drugs, and threats to life.
“EncroChat, Sky Global, Phantom Secure, AN0M and now Ghost – all platforms used by transnational serious organised crime – have been dismantled over the past decade,” the AFP noted.
“However, it is the first time an Australian-based person is accused of being an alleged mastermind and administrator of a global criminal platform, of which the AFP was able to decrypt and read messages.”
About the Ghost encrypted communication platform
Ghost was created around nine years ago, and was sold in Australia and around the world by resellers.
The app was sold as part of a modified smartphone for around 2,350 Australian dollars (i.e., 1,600 American ones). For the price, buyers received the phone, a six-month subscription to the encrypted network, and tech support.
Ghost smartphones (Source: Europol)
Dedicated encrypted communications devices are usually not able to make calls, send text messages, or access the internet – they are used exclusively for end-to-end encrypted communications via a special app (in this case, Ghost).
“Generally, people can only communicate with others on the same platform and only if their unique handle (username) is known. Handles can generally be chosen and changed by the user and are not able to be searched or looked-up by other users,” the AFP explained.
Europol shared that the Ghost app used “used three encryption standards and offered the option to send a message followed by a specific code which would result in the self-destruction of all messages on the target phone.”
Several thousand people around the world used the app, exchanging around one thousand messages each day, they added.
“The administrator regularly pushed out software updates, just like the ones needed for normal mobile phones. But the AFP was able to modify those updates, which basically infected the devices, enabling the AFP to access the content on devices in Australia,” the AFP said.
Cooperation made takedown possible
The operation, coordinated by Europol via a global taskforce, involved law enforcement and judicial authorities from Australia, Canada, France, Iceland, Ireland, Italy, the Netherlands, Sweden, and the US.
“This taskforce has been instrumental in mapping the global technical infrastructure, and was successful in targeting it by identifying key suppliers and users of the platform, monitoring its criminal usage, and executing the coordinated effort to shut it down, all under judicial oversight from the Joint Investigation Team (JIT) countries,” Europol said.
Florian Manet, the head of the France’s Home Affairs Ministry National Cyber Command Technical Department, said they provided technical resources enabling the encryption and decryption of the messages sent via Ghost.
“A technical solution was implemented over several years which, at term, enabled the task force to access the communications of users on this secure platform,” he noted.