Shutdown of Sky Global

(Redirected from Shutdown of Sky ECC)

Sky Global was a communications network and service provider founded in 2008 in Vancouver, Canada. It developed the world's largest encrypted messaging network called Sky ECC,[1] operating through three servers of the OVHcloud company in Roubaix, France.[2] A significant share of the system's users were international crime organizations involved in drug trafficking, and the company management was suspected of collusion.

In a series of police raids against criminal organizations in several countries in early 2021, a part of Sky's infrastructure in Western Europe was dismantled, and US Department of Justice issued an arrest warrant against the company's CEO Jean-François Eap.[3][4][5][6] On March 19, 2021, the company apparently shut down the operations after BlackBerry cut it off from its services. Its website has been seized by the FBI.[7]

Background

edit
 
Logo of Sky Global, which was active between 2008 and 2021

Sky Global was founded in 2008 by Jean-François Eap, in Vancouver, Canada.

The company provided Sky ECC, a subscription-based end-to-end encrypted messaging application.[8] Originally developed for the BlackBerry platform, it uses elliptic-curve cryptography (ECC) for encryption. One of its features was "self-destruction" of messages after a user-defined expiration period.[9] The company modified Nokia, Google, Apple and BlackBerry phones.[7] Phones supplied by the company had cameras, microphones and GPS disabled.[3][4] If a phone was not contactable by the network, the message would be retained for up to 48 hours, then deleted.[10] The phones had a kill switch: if a user entered a "panic" password, the device would delete its contents.[3] The company website offered a US$4 million (€3.2 million) prize to anyone who could break the encryption within 90 days.[3][4][10] They support Android, BlackBerry and iPhone apps.[10]

Messages were stored using 512-bit elliptic-curve cryptography and network connections are protected by 2048 bit SSL.[10]

171,000 SKY ECC devices were registered, mainly in Europe, North America, several central and South American countries – mainly Colombia – and the Middle East. A quarter of active users were in Belgium (6,000) and the Netherlands (12,000), and half of those were said to be in use around the port of Antwerp.[11]

Raids

edit

On 9 March 2021 around 16:00 Belgian police carried out about 200 raids, arrested 48 people and seized €1.2 million in cash along with 17 tonnes of cocaine.[12] Those arrested included lawyers and members of the Hells Angels,[3] serving police officers, an employee of the public prosecutor's office, civil servants, tax officials and hospital administrators suspected of providing information to the gangs, as well as people suspected of gang-related violence.[11]

Belgian federal prosecutor Frédéric Van Leeuw [nl] said that "The operation was concentrated on taking down the Sky ECC infrastructure, dismantling the distribution network and seizing the criminal assets of the distributors" and "as many Sky ECC devices as possible" were seized from identified users.[12] The federal prosecutor said about the encryption that "We succeeded. We will send Sky ECC the account number of the federal police".[3]

Belgian and Dutch authorities were alleged to have been able to access the network from 15 February 2021 up to shortly before the raids.[3][13] About a billion messages were intercepted, about half of which had been decrypted by April 2021—further avenues of inquiry were expected to open as decryption progressed. The Belgian police said the network they had broken into was so trusted by its criminal users that images of torture, execution orders, insider financial and operational information were freely sent.[11]

Raids in the Netherlands were part of Operation Argus, the follow-up to the Lermont operation used to take down EncroChat.[13]

Sky Global disputed claims that their servers and app had been compromised, claiming that they were aware of a fake "Sky ECC" app being available on unsecure phones.[14][10]

Sky Global said they were "actively investigating and pursuing legal action against the offending individuals for impersonation, false lights, trademark infringement, injurious falsehood, defamation and fraud".[10]

Joris van der Aa, a crime reporter for Gazet van Antwerpen, noted the importance of Operation Sky, saying, "It is a big blow because, in Belgium and a great part of the criminal underworld in the Netherlands, they really trusted Sky as a system. They were so full of confidence, and the police now have so much information on how the underworld was structured, bank accounts, all the corrupt contacts are being arrested. It takes years to build these networks ... In South America they will be thinking, 'Let's not do business with these Dutch and Belgian guys any more'... Everyone is waiting for the storm and asking themselves what the police know."[11]

Indictment and shutdown

edit

On March 12, 2021, the US Department of Justice in San Diego, California, issued an indictment against Sky Global's CEO, Jean-François Eap, and a former distributor, Thomas Herdman.[6][8] They were charged with a "conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO)", and arrest warrants were issued. The indictment states that the Sky Global's devices are "specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering. As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted by the company if the device is seized by law enforcement or otherwise compromised."[15]

In response, Eap has published a statement branding the allegations as false, saying that he and his company are being "targeted" because they "build tools to protect the fundamental right to privacy." "Sky Global's technology works for the good of all. It was not created to prevent the police from monitoring criminal organizations; it exists to prevent anyone from monitoring and spying on the global community. The indictment against me personally in the US is an example of the police and the government trying to vilify anyone who takes a stance against unwarranted surveillance."[8]

On March 19, 2021, the company apparently shut down the operations after BlackBerry cut it off from its Unified Endpoint Manager services. Its website has been seized by the FBI.[7]

Aftermath

edit
  • On June 19, 2024, seven men were prosecuted in Finnish district court for drug and gun charges for crimes committed during 2020-2021, two lead suspects were convicted 13 years prison sentence for acquiring cocaine, amphetamine and ecstasy as well firearm felony. Five were convicted 3-4 year sentences for the same crimes and laundring money, two charges were dropped. Prosecution was based on messages exchanged in SkyECC application received from foreign police agencies.[16]

See also

edit
  • ANOM – a network infiltrated by law enforcement agencies from several countries
  • EncroChat – a network infiltrated by law enforcement to investigate organized crime in Europe
  • Ennetcom – a network seized by Dutch authorities, who used it to make arrests

References

edit
  1. ^ Goodwin, Bill (10 March 2021). "Police Crack World's Largest Cryptophone Network as Criminals Swap EncroChat for Sky ECC". Computer Weekly.
  2. ^ "Nederlandse politie nam vanuit Frankrijk Sky ECC-servers mee naar Driebergen" [Dutch police took Sky ECC servers from France to Driebergen] (in Dutch). Crimesite. 7 August 2022.
  3. ^ a b c d e f g Lyons, Helen (10 March 2021). "When Sky ECC fell, so too did Belgian crime lords". The Brussels Times. Retrieved 10 March 2021.
  4. ^ a b c Lyons, Helen (10 March 2021). "Lawyers among those arrested in crackdown organised crime". The Brussels Times. Retrieved 11 March 2021.
  5. ^ Stroobants, Jean-Pierre. "En Belgique, le réseau de communication Sky ECC infiltré par la police". Le Monde (in French). Retrieved 11 March 2021.
  6. ^ a b Quan, Douglas (March 15, 2021). "Arrest warrant issued for Canadian CEO after authorities allege company's messaging app used by international crime groups". Toronto Star.
  7. ^ a b c Spadafora, Anthony (19 March 2021). "Sky Global apparently shuts down following police arrests". TechRadar. Retrieved 22 March 2021.
  8. ^ a b c Osborne, Charlie (March 15, 2021). "Sky Global CEO indicted over encrypted chat drug trafficking, calls allegations an 'outrage'". ZDNet.
  9. ^ "Is SnapChat Actually Safer than SkyECC (And Why)?". Social News Daily. March 18, 2016.
  10. ^ a b c d e f Goodwin, Bill (10 March 2021). "Police crack world's largest cryptophone network as criminals swap EncroChat for Sky ECC". Computer Weekly. Translated by Killian, Edda. Retrieved 11 March 2021.
  11. ^ a b c d Boffey, Daniel (11 April 2021). "Colombia's cartels target Europe with cocaine, corruption and torture". The Observer. Retrieved 11 April 2021.
  12. ^ a b Chini, Maïthé (9 March 2021). "17 tonnes of cocaine and €1.2 million seized in major police operation in Belgium". The Brussels Times. Retrieved 10 March 2021.
  13. ^ a b "Dutch cops take out encrypted chat service SkyECC; Thirty arrests". NL Times. 9 March 2021. Retrieved 10 March 2021.
  14. ^ "Encrypted chat service Sky ECC denies being hacked by Dutch cops". NL Times. 10 March 2021. Retrieved 10 March 2021.
  15. ^ "Sky Global Executive and Associate Indicted for Providing Encrypted Communication Devices to Help International Drug Traffickers Avoid Law Enforcement" (Press release). Department of Justice, US Attorney's Office, Southern District of California. March 12, 2021.
  16. ^ "Ukrainassa taistellut ja haavoittunut suomalaismies sai 13 vuotta vankeutta törkeistä huumerikoksista". Finnish public broadcasting company, Yle News. June 19, 2024.