In June, 2020, the criminal underworld was rocked after one short message sent hitmen, drug dealers and extortionists on a scramble to cover their tracks.
he military-grade encrypted communications system EncroChat, used by organized criminals across Europe and the Middle East, had been breached by the French intelligence services.
The top-secret information-gathering operation had been ongoing for four years. The French passed details on to law enforcement agencies across Europe.
In the UK local police and the National Crime Agency (NCA) were tasked with sifting through the data.
They had never had access like it. It was like lifting a lid on the criminal underworld and their operating methodology.
Arms being bought and sold, drug routes formulated and finalised, hitmen for hire — the list was endless.
Thousands of officers from the NCA, regional crime squads and every police force in the UK were involved.
In Northern Ireland the PSNI received their share of the valuable intelligence.
At first, they tried to keep the data breach under wraps to buy time to sift through the information and start making arrests.
But on June 12, 2020, EncroChat users received a message: “Today we had our domains seized illegally by government entities.
“They repurposed our domain to launch and attack and compromise carbon units.
“With control of our domain they managed to launch a malware campaign against the carbon to weaken its security.
“Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device.
“We took immediate action on our network by disabling connectivity to combat the attack.
“You are advised to power off and physically dispose of your device immediately.
“The period of compromise was about 30 minutes and the best we can ascertain was about 50pc of devices in Europe”.
The race was now on between the police and the criminals to get as many arrests as possible before the crooks could cover their tracks.
The Dutch company marketed its network as being impenetrable and criminals and those who wanted to keep communications secret paid handsomely for access to the system.
More than 60,000 people were using EncroChat at the time of the breach, around 10,000 in the UK. More than half were now compromised, but there was no way of knowing which half.
As word spread, criminals started disposing of their handsets.
One criminal told the Belfast Telegraph: “If you dredged the Lagan you’d find a few shopping trollies and about two dozen EncroChat phones, mine included.”
Prices started at £1,500 for a device on a six-month contract.
They looked just like a normal mobile phone.
The technology was not illegal, but it was being used for all manner of illegal activity.
The NCA said it was like “having an inside person in every top organized crime group in the country”.
And then the arrests started.
Dutch police arrested six men after finding shipping containers that had been converted into a torture chamber, with a dentist chair fitted with handcuffs and tools including pliers, scalpels and handcuffs.
In Britain there were more than 2,000 arrests. In the first year after the hack, 31 people were convicted and sentenced to a combined 366 years in prison. The longest UK sentence to date is that of Chris Dentith from Huyton in Liverpool, who received a jail term of 17 years and three months after pleading guilty to supplying cocaine and ecstasy.
Drug dealer Sammy McKeag was the first of 36 defendants in Northern Ireland to admit importing cocaine and laundering cash using the EncroChat network.
A nephew of the infamous UDA hitman Steve ‘Top Gun’ McKeag, he was dealing cocaine and using a car sales business as cover for his criminality.
In April, Belfast Crown Court sentenced him to 18 months in prison for money laundering and conspiring to possess Class A and B drugs with intent to supply.
The 35 other alleged drugs and arms dealers based here face charges connected to a probe codenamed Operation Venetic.
McKeag had been facing a prison sentence on other unrelated charges — he had nothing to gain from fighting the case.
But his guilty plea means that the legality of the data breach has yet to be tested in a Northern Ireland court.
Other organized criminals — which include some of the alleged kingpins of the illegal trade in drugs — are waiting on the outcome of a test case before they plan out their next move.
What happens next will all depend on whether the information provided by the French intelligence service is acceptable in a Northern Ireland court.
Last month, France’s Supreme Court referred a criminal case that relies on evidence from the EncroChat network back to the court of appeal after finding that prosecutors failed to disclose sufficient information about the hacking operation.
The Cour de Cassation in Paris found that French investigators and prosecutors had failed to supply a certificate to authenticate intercepted phone data and messages as required by French law. There was also an absence of technical data about the intelligence operation.
French police and prosecutors refused to disclose how the operation to hack EncroChat was undertaken, citing defense secrecy.
The Supreme Court stated that, in the absence of a certificate of truthfulness, “the evidence covered by defense secrecy could not be legal”.
It is far from game over in terms of the admissibility of EncroChat evidence in the UK, but it is significant.
In Northern Ireland one case relates to an individual accused of conspiring to commit murder, as well as fraudulent activity and drugs offenses. A court was told that the evidence against them had been obtained through an “encrypted mobile phone network”.
A defense solicitor in the case said it was incumbent on the National Crime Agency and the police to provide clarity on the “lawful basis used to legally breach this network and seize this information”.
Defense teams intend to challenge the evidence on various grounds. This includes challenges around how EncroChat evidence was obtained and disseminated to UK law enforcement agencies.
EncroChat customers used handles. The prosecution will have to prove that the handles relate to the defendants.
The defense is also likely to ask for a clear, traceable chain, showing how evidence was obtained, calling technical experts to ascertain if this could have been corrupted in any way.
If a judge in Northern Ireland agrees with the French ruling and demands that the methods used to obtain the data are released to defense teams, then some cases may be dismissed entirely.
Those with corroborating evidence against them, anyone caught with drugs or any other illegal items, are likely to be prosecuted regardless.
Anyone facing charges solely on EncroChat evidence will be nervously awaiting the outcome of the first test case. A court is expected to rule on an application in this case this week.
Since the EncroChat breach, criminals have been on the lookout for an alternative method of communication. Some had been using the Sky ECC network based in Canada, however that was also breached.
Locally, low-level drug dealers have been using apps that claim to be more secure than other messaging services. But none have gained the popularity of EncroChat.
There has been another more unexpected fallout from the data breach. The EncroChat breach led to dozens of alleged high-level drug dealers and criminals being charged and either remanded in custody or placed on strict bail conditions.
Unable to ply their trade, younger criminals stepped in to fill the void.
These include the so-called Marbella Crew, two members of which — Jim ‘JD’ Donegan and Sean Fox — have been shot dead by dissident republicans.
Other members of the gang went to ground after the shooting of Fox in the Donegal Celtic social club last month, but are now back to business as usual.
So too ‘The Tarmacers’, a group of young men from west Belfast who have gone from low-level dealers to one of the biggest drug gangs in Belfast in just under two years.
Another is the north Belfast ‘Gucci Gang’, so-called because of their love for expensive designer clothes and Dubai holidays.
Based in Ardoyne, they operate under the protection of a former senior paramilitary figure.
“It was like the Wild West. Petty dealers knocking out a bit of gear at the weekend are now all of a sudden big players,” one source said.
“Most don’t know how to handle it. They’re flashing their cash and making it obvious what they’re at. It will end badly for them.
“If the EncroChat cases collapse they’ll be expected to step aside for the veterans, but I doubt they’ll go quietly.”