Jun 16 , 2020
- ENCROCHAT SYSTEMS BREACHED BY DUTCH AUTHORITIES
- USERS DATA & COMMS EXPOSED
- NB: OMERTA HAS NO AFFILIATION WITH ENCRO. OMERTA USES NO TECHNOLOGY BY ENCROCHAT & THE SECURITY BREACH HAD NO IMPACT ON OMERTA OR OMERTA CUSTOMERS.
- Read our follow up - Encrochat - what lessons can we learn?
- Updates to the story - How deep does the rabbit hole go?
- Mainstream media catches up with Omerta - Vice announces Encros Over.
- First reported trial with evidence from Encro - The Northern Ireland News
EncroChat Malware Breached Systems
Encrochat users woke up today to find a grim message flashing on their handsets, rendering their hugely expensive security phone as useful as a brick:
Important Security Notice Date Issued: 2020-06-12 Date Viewed: 2020-06-13
Today we had our domains seized illegally by government entities. They repurposed our domain to launch an attack to compromise carbon units.
With control of our domain they managed to launch a malware campaign against the carbon to weaken its security.
Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device. We took immediate action on our network by disabling connectivity to combat the attack.
You are advised to power off and physically dispose of your device immediately. Period of compromise was about 30 minutes and the best we can ascertain was about 50% of the carbon devices in Europe (due to the Updater schedule).
Foreign news agencies allude to Encro being exposed for far longer than 30 minutes & highlight arrests amongst the Encro community has skyrocketed. The company claimed government agencies used malware to breach their servers before monitoring calls & the attack is so sever Encro state they can no longer guarantee their phones integrity.
Whilst the internet has been rife with Encro stories stating they've been hacked, I've refrained from circulating such information as scaremongering is not a professional approach. However, in current circumstances, it's quite right alert people when the evidence is so compelling. Also it has been alledged there have been sweeping arrests all over Europe today - with cars being rammed off-road, doors kicked in & many illicit operations being brought crashing to a halt. Given the severity of the breach it is highly likely to be true as the calibre of evidence gathered will be grade A since users have been communicating freely thinking their device was secure.
How Omerta protects it customers
A scenario whereby our own servers expose clients would not happen at Omerta. Our handsets do not rely upon in house servers & the privacy services we offer are delivered by various security professionals which reduces any risk associated with a single point of failure. By using a distributed risk model & practising defence-in-depth, a compromised system is isolated & will not over lap onto other services. In the unlikely event that a system is compromised then this approach reduces the impact of the breach significantly
Furthermore we mitigate risk by using best of breed software and do not have any single piece of software which could compromise your entire handset.
Besides this, we are a professional company providing privacy services to business, journalists, academics & armed forces - by being credible we don't risk being the focus of state investigations which means you can buy with complete peace of mind.
You can read more about the fall of Encro at https://www.crimesite.nl/pgp-chatservice-encrochat-gehackt-door-een-overheidsdienst/