International investigators take criminal communication platform Ghost offline
International criminal investigators have taken the Ghost communication platform used by criminals offline.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
A global collaboration between law enforcement agencies has apparently succeeded in taking a new criminal communication platform called "Ghost" offline. Criminal offenders and organizations used this platform to exchange encrypted messages in order to commit criminal acts. Ghost was used by dangerous, globally operating criminal networks to commit serious and organized crime.
Europol and Eurojust explain in a statement that the Ghost platform was used as a tool for various criminal activities, including large-scale drug trafficking, money laundering, extreme violence and other forms of serious and organized crime. Due to its advanced security features, Ghost became very popular with criminal organizations. The tool could be purchased without providing any personal information. Three encryption standards were used. It was also possible to send a message with a specific code that resulted in the self-destruction of all messages on the target smartphone.
Ghost enabled criminals to communicate securely
Criminals were able to use Ghost to communicate securely, avoid detection, counteract forensic measures and coordinate their illegal activities across borders. Several thousand people around the world used the tool. It has its own infrastructure and apps with a network of sellers in several countries. Globally, around one thousand messages were exchanged with Ghost every day.
Since March 2022, a working group has been set up at Europol, bringing together law enforcement officers from several countries. It analyzed the global technical infrastructure and was able to track down the main providers and users of the platform and monitor its criminal use – and finally carry out the coordinated shutdown of Ghost. Servers were located in France and Iceland, while the company owners were in Australia. Financial assets were located in the USA. In January 2024, a joint investigation team was set up on the basis of the working group between France and the USA with the assistance of Eurojust and Europol.
The disabling of the Ghost platform involved coordinated searches and technical interventions. In the course of the investigation, 51 suspects were arrested, 38 of them in Australia, 11 in Ireland, one in Canada and one in Italy. According to the investigators, the latter belonged to the Italian "Sacra Corona Unita" mafia group. Further arrests are expected in the course of the investigation. The track record also includes the averting of several life-threatening incidents, the dismantling of a drug laboratory in Australia and the global seizure of weapons, drugs and cash worth one million euros.
Dynamic and fragmented communications landscape
Recent law enforcement activity against platforms used by criminal networks has fragmented the encrypted communications landscape. The market is fragmenting as a result of the fight against the numerous, formerly popular encrypted services. Criminals are turning to less established or customized communication tools that offer varying degrees of anonymity and encryption. To avoid conducting all their criminal activities on a single platform, they are looking for new technical solutions and are also using popular communication apps. This poses ongoing challenges for law enforcement officers.
International law enforcement agencies repeatedly succeed in accessing the communication platforms of organized criminals. Criminal planning using Encrochat, for example, has led to a great deal of investigative work and also resulted in perpetrators being caught. In March 2021, investigators from Belgium, France and the Netherlands want to access encrypted communication from the Sky ECC communication service. This was also used by criminals.
(dmk)