Pierluigi Paganini March 10, 2017

The Dutch police decrypted a number of PGP messages sent by crooks through their BlackBerry mobile devices for the criminal investigation on Ennetcom.

PGP is an open source end-to-end encryption standard that can be used to sign emails, files, documents, or disk partitions.

On April 2016, the Dutch Police arrested a 36-year-old man on suspicion of money laundering who was also accused of selling PGP ready-to-use BlackBerry Phones to criminals.

In April, I reported the news of the seizure of the Ennetcom servers, the company owned by Danny Manupassa, which contains data related communications belong to a large number of criminal groups.

““Police and prosecutors believe that they have captured the largest encrypted network used by organized crime in the Netherlands,” said the prosecutors in an official statement published at the time of the arrest.

The police arrested Mr. Manupassa, the prosecutors suspect he was using his company to manage illegal activities.

Investigations appeared very complicated due to territorial competences, the majority of Ennetcom customers were in the Netherlands, but the company’s servers were in Canada. Prosecutors obtained copies of data on the servers located in Canada with the support of the Toronto police.

Canadian authorities cooperated with the Dutch colleagues, allowing the access to the company servers and the information extracted have been used in the investigation against Manupassa.

“The company sold modified telephones for about 1,500 euros each and used its own servers for the encrypted data traffic,” the prosecutors said. “The phones had been modified so that they could not be used to make calls or use the Internet.”

In January 2016, the Dutch investigators announced they could decrypt emails stored on PGP-encrypted BlackBerry devices by using commercially available tools. The authorities are only able to access conversations made by phones in their possession of the authorities.

The Dutch police confirmed its agents have decrypted the contents of 3.6 Million messages stored on that seized server.

The Public Prosecution Service, Openbaar Ministerie, confirmed in a press release that the police decrypted a number of messages even when protected with end-to-end encryption.

“The Dutch police and the Public Prosecution Service (OM) had access to 3.6 million encrypted messages within organized crime.” reads the press release “By decrypting the information is evidence became available for dozens of criminal investigations into assassinations, armed robbery, drug trafficking, money laundering, attempted murder and other organized crime. “

According to the authorities, Ennetcom sold more than 20,000 encrypted BlackBerry phones that came preloaded with a number of security features, including PGP email.

The Dutch authorities discovered that the Ennetcom PGP BlackBerry devices routed customers communications through a BlackBerry Enterprise Server operated by the company.

“PGP BlackBerry devices are specifically designed to send and receive PGP email messages with other PGP BlackBerry devices.  It is recognized that, by their nature, PGP encrypted devices can be used to frustrate the usual methods by which police, and other investigative bodies, intercept communications and identify the communicators.  The Dutch authorities say that Ennetcom PGP BlackBerry devices, that they have found in the course of their investigations, have been modified so that they can only send and receive encrypted email.  Unusually, these Ennetcom PGP BlackBerry devices cannot send or receive phone calls or conventional text messages, nor can they take pictures.  The microphones on the phones have either been removed or disabled.  It is also possible for Ennetcom to remotely “wipe” or erase the contents of any of their devices at any time.” a Canadian court filing reads.

“The Dutch authorities also discovered that these Ennetcom PGP BlackBerry devices, because of their modifications, could not be used on conventional cellular telephone networks.  Rather, they operate through a system run by Ennetcom that generates anonymous email addresses by which the users of these devices can communicate in complete anonymity.  The Ennetcom PGP BlackBerry devices can only operate through a BlackBerry Enterprise Server.  BlackBerry Enterprise Server is a software package that permits IT administrators, within an organization, to control virtually all functions of BlackBerry devices connected to the organization’s network.  It allows those administrators to make the devices a secure as the organization would like.  In this case, the Dutch authorities discovered that the Ennetcom PGP BlackBerry devices were only able to communicate via PGP encrypted e-mail with other Ennetcom PGP BlackBerry devices connected to the same Ennetcom network.  The Dutch authorities also discovered that the “keys” for the PGP encryption system were generated by the server, rather than by the device.  As a result, the Dutch authorities came to believe that the keys to decrypt the PGP encrypted information, on the Ennetcom PGP BlackBerry devices, are stored on Ennetcom’s BlackBerry Enterprise Servers.”

Summarizing, Ennetcom was using its own BlackBerry Enterprise Servers and the PGP encryption keys were generated by the company itself rather by the customers’devices. The Ennetcom was storing the keys on its BlackBerry Enterprise Servers and the police discovered it.

The police have found a total of 7TB of data on the Ennetcom central server in Canada and have discovered the way to access encrypted messages.

Ennetcom in response to the Dutch authorities published a press release that contests the seizures that according to the company were done under false pretenses.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Ennetcom,  BlackBerry PGP messages )