Zapping the Ghost Comms Service

September 23, 2024

green-dino_thumb_thumb_thumb_thumb_thumbThis essay is the work of a dumb dinobaby. No smart software required.

Europol generated a news release titled “Global Coalition Takes Down New Criminal Communication Platform.” One would think that bad actors would have learned a lesson from the ANOM operation and from the take downs of other specialized communication services purpose built for bad actors. The Europol announcement explains:

Europol and Eurojust, together with law enforcement and judicial authorities from around the world, have successfully dismantled an encrypted communication platform that was established to facilitate serious and organized crime perpetrated by dangerous criminal networks operating on a global scale. The platform, known as Ghost, was used as a tool to carry out a wide range of criminal activities, including large-scale drug trafficking, money laundering, instances of extreme violence and other forms of serious and organized crime.

Eurojust, as you probably know, is the EU’s agency responsible for dealing with judicial cooperation in criminal matters among agencies. The entity was set up 2002 and concerns itself serious crime and cutting through the red tape to bring alleged bad actors to court. The dynamic of Europol and Eurojust is to investigate and prosecute with efficiency.

image

Two cyber investigators recognize that the bad actors can exploit the information environment to create more E2EE systems. Thanks, MSFT Copilot. You do a reasonable job of illustrating chaos. Good enough.

The marketing-oriented name of the system is or rather was Ghost. Here’s how Europol describes the system:

Users could purchase the tool without declaring any personal information. The solution used three encryption standards and offered the option to send a message followed by a specific code which would result in the self-destruction of all messages on the target phone. This allowed criminal networks to communicate securely, evade detection, counter forensic measures, and coordinate their illegal operations across borders. Worldwide, several thousand people used the tool, which has its own infrastructure and applications with a network of resellers based in several countries. On a global scale, around one thousand messages are being exchanged each day via Ghost.

With law enforcement compromising certain bad actor-centric systems like Ghost, what are the consequences of these successful shutdowns? Here’s what Europol says:

The encrypted communication landscape has become increasingly fragmented as a result of recent law enforcement actions targeting platforms used by criminal networks. Following these operations, numerous once-popular encrypted services have been shut down or disrupted, leading to a splintering of the market. Criminal actors, in response, are now turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity.  By doing so, they seek new technical solutions and also utilize popular communication applications to diversify their methods. This strategy helps these actors avoid exposing their entire criminal operations and networks on a single platform, thereby mitigating the risk of interception. Consequently, the landscape of encrypted communications remains highly dynamic and segmented, posing ongoing challenges for law enforcement.

Nevertheless, some entities want to create secure apps designed to allow criminal behaviors to thrive. These range from “me too” systems like one allegedly in development by a known bad actor to knock offs of sophisticated hardware-software systems which operate within the public Internet. Are bad actors more innovative than the whiz kids at the largest high-technology companies? Nope. Based on my team’s research, notable sources of ideas to create problems for law enforcement include:

  1. Scanning patent applications for nifty ideas. Modern patent search systems make the identification of novel ideas reasonably straightforward
  2. Hiring one or more university staff to identify and get students to develop certain code components as part of a normal class project
  3. Using open source methods and coming up with ad hoc ways to obfuscate what’s being done. (Hats off to the open source folks, of course.)
  4. Buying technology from middle “men” who won’t talk about their customers. (Is that too much information, Mr. Oligarch’s tech expert?)

Like much in today’s digital world or what I call the datasphere, each successful takedown provides limited respite. The global cat-and-mouse game between government authorities and bad actors is what some at the Santa Fe Institute might call “emergent behavior” at the boundary between entropy and chaos. That’s a wonderful insight despite suggesting another consequence of living at the edge of chaos.

Stephen E Arnold, September 23, 2024

x

A

Comments

2 Responses to “Zapping the Ghost Comms Service”

  1. Dereck on September 23rd, 2024 5:22 pm

    I hope you’re all doing well. I wanted to share a little tip that might help those of you who frequently work with documents. If you’ve ever needed to convert RTF files to PDF format, I found a fantastic online tool that makes this process incredibly simple: CoolUtils RTF to PDF Converter https://www.coolutils.com/online/RTF-to-PDF.
    This tool is user-friendly and allows you to upload your RTF files easily. Once uploaded, you just click the convert button, and within moments, you’ll have a high-quality PDF ready to download. I’ve used it multiple times for school projects and professional documents, and I’ve been really impressed with how quickly and efficiently it works.
    One of the things I love most about this converter is that it maintains the formatting of your original document. This means you don’t have to worry about losing any special layouts or styles when converting your files. Whether you’re preparing a report, creating a resume, or sharing important documents, having them in PDF format can be a lifesaver for maintaining professionalism.

  2. FOGINT: Big Takedown Coincident with Durov Detainment. Coincidence? : Stephen E. Arnold @ Beyond Search on December 19th, 2024 5:13 am

    […] years, global authorities have taken down several encrypted communication channels. Exclu and Ghost, for example. Will a more fragmented approach keep the authorities away? Apparently not. A Europol […]

  • Archives

  • Recent Posts

  • Meta