Forensic and legal experts in the UK are questioning the legal ‘black hole’ of evidence surrounding the EncroChat hack announced in early March.
So far investigators in France, where the hack took place, have not said how they downloaded millions of messages from EncroChat’s secure cryptophone network.
The experts claim that evidence presented to courts in the UK would be undermined as French law enforcement officials and prosecutors are refusing to follow typical forensic principles.
EncroChat was hacked in July last year, which led to several raids across Europe with more than 740 suspects arrested. The investigation was initiated and led by French and Dutch police, with assistance from Europol.
Law enforcement agencies across Europe worked with UK National Crime Agency on Operation Venetic – one of the largest and most significant operations undertaken in the UK.
However, how the infiltration of the messages in the EncroChat hack was carried out is still being withheld from UK courts by the French authorities, which they say leaves them to grapple with a ‘black hole’ of forensic evidence.
Computer evidence collected and held in this way has to be dealt with differently, as it can be easily lost or altered. The Good practice guide for how to deal with electronic evidence lays out a series of rules designed to maintain the integrity and continuity of electronic evidence.
Speaking at an online seminar, forensic expert Duncan Campbell, who was involved in the first review of EncroChat evidence, said that the way the cases in the EncroChat have been brought presents “a profound challenge” to long-established computer forensic evidence principles.
“What we know about the exact mechanism, officially how the data was captured, is a large black hole. Not a single one of these principles can be applied – every one of them is breached,” Campbell said.
- Scot-Secure 2021 | Understanding cybersecurity threat actors
- Whitepaper discloses major flaw in 5G network slicing architecture
- Dutch and Belgian police raid premises linked to SKY ECC network hack
In early March this year, Dutch and Belgian authorities also raided 200 homes after supposedly cracking a second secure messaging network’s ‘unbreakable’ encrypted communication software.
At the time, Belgian prosecutors would not comment on whether they had gained access to the network. Police forces were supposedly able to ‘infiltrate’ SKY ECC’s platform to gain access to hundreds of thousands of unbreakable messages. Police said they have shared the messages with a “large number” of overseas investigations services.