Australian cops bust underworld app through compromised software updates

Australia’s Federal Police (AFB) said it hacked into a dedicated encrypted communication platform, Ghost, to dismantle global criminal operations.

The action was carried out as part of “Operation Kraken,” a law enforcement action that concluded with the arrest of a New South Wales man, 32, for allegedly creating and administrating Ghost.

“An alleged mastermind behind a secret app for criminals and violent enforcers has been charged by the AFP during a global takedown of an encrypted communications network,” the AFP said in a press release. “About 700 AFP members executed search warrants and provided support during two days of action across four Australian states and territories on September 17-18.”

The operation that has charged more than 50 Australian offenders for using Ghost, infiltrated the application earlier this year.

Hacking Ghost’s distribution channel

“Ghost,” primarily designed for use by criminals, was an encrypted application that enabled users to organize illegal activities, including drug trafficking, money laundering, and orchestrating violence.

Ghost was available to subscribers through modified smartphones, which were sold for about $2,350, including a six-month subscription to the encrypted network and tech support.

Regular updates to Ghost were pushed out to these handsets by the administrator. The AFP, however, was able to infiltrate the release channel, with unspecified tech, and modify the updates to plant a backdoor.

“The administrator regularly pushed out software updates, just like the ones needed for normal mobile phones,” the AFP added. “But the AFP was able to modify those updates, which basically infected the devices, enabling the AFP to access the content on devices in Australia.”

When international partners, including the FBI, Europol and French Gendarmerie, Royal Canadian Mounted Police (RCMP), Swedish Police Authority, Dutch National Police, Irish Garda Síochána, and the Italian Central Directorate for Anti-Drug Service, started targeting Ghost under an Operation code-named OTF NEXT, AFP saw an opportunity to run a parallel local Operation (Kraken), especially after it developed a “covert solution to infiltrate Ghost.”

“Taking down dedicated encrypted communication devices takes significant skill,” the AFP said. “But the holy grail is always penetrating criminal platforms to access evidence – and this is where the AFP is world-leading. And because we could read these messages, the AFP, with state partners, were able to prevent the death or serious injury of 50 individuals in Australia.”

Offense is the best defense

This isn’t the first time law enforcement has used adversarial techniques to outsmart the adversary. Global authorities have previously taken down organized crime platforms, including EncroChat, Sky ECC, Phantom Secure, and ANoM, using similar tactics.

“However, it is the first time an Australian-based person is accused of being an alleged mastermind and administrator of a global criminal platform, of which the AFP was able to decrypt and read messages,” AFP added.

As of September 17, the AFP has alleged that there were 376 active handsets in Australia. The authorities, utilizing the intelligence gathered through the hack, conducted raids across four Australian states. The operation resulted in the execution of 71 search warrants, leading to 38 arrests. In addition, law enforcement seized 25 illegal weapons and intercepted 200 kilograms of illicit drugs that were prevented from reaching the streets.

According to AFB, near-simultaneous police action is being undertaken in Ireland, Italy, Sweden, and Canada.