Ennetcom - what is actually happening?

On Tuesday, Dutch police service Politie announced the arrest of a man allegedly behind the sale of custom PGP smartphones and the seizure of the network allowing their use. Politie claims in its statement the devices are used “extensively” by criminals.

“Police today copied multiple servers in the Netherlands,” a translated version of the Politie statement reads. “The arrested suspect is the owner of a company in Nijmegen [a Dutch town near the German border]. His company supplied customized smartphones and associated communications.” Toronto Police, which also worked on the investigation, additionally seized a server and mirrored information from it.

Politie doesn’t point to any particular brand of smartphone, but the agency has investigated so-called PGP BlackBerrys in the past.

These devices come complete with an encrypted email feature and are advertised by a number of online vendors as being more suited for sensitive communications than standard models. These companies also typically provide server infrastructure to route the encrypted emails. As Motherboard previously reported, Dutch police have found a way to read encrypted messages on the devices using tools from forensics company Cellebrite. Court documents have shown that the Royal Canadian Mounted Police can also decrypt messages on PGP BlackBerrys once they have physical access to the device.

The devices have reportedly been used by organized criminal groups all over the world. In March 2014, ABC in Australia reported that encrypted BlackBerrys were linked to a murder of a Hells Angels Biker. The Politie announcement claims that the devices have also been associated with drug trafficking, and in January Motherboard reported on a Canadian kidnapping and assault case that heavily relied on such phones.

“By taking down the servers, the police probably secured the largest encrypted network of criminal(s) (in the) Netherlands,” the translated version of the press release continues, and adds that the 36-year-old man was arrested on suspicion of money laundering.

According to the announcement, 19,000 registrants who used the network have automatically been informed of the seizure, and the network is being investigated by the police. It’s unlikely all of those users will be criminals; the notice informs users police are focusing on those suspected of serious crimes.

It’s not clear how the bust came about nor how the servers were identified. If messages transmitted using the servers were encrypted, it seems unlikely investigators would be able to read their contents (as they do not have physical access to the devices themselves), but meta-data — such as information showing who contacted who, and when — may be available.

“The data from the protected servers will be further analysed and, where possible, used in ongoing investigations,” Politie writes.

UPDATE***

It appears other PGP resellers are now messaging there customer base with an update on their own position and safety of there servers — what this does highlight is the lack of safety in cross network communications and the risk people take sending messages between suppliers and the servers they use.