258,000 encrypted IronChat phone messages cracked by police

Police in the Netherlands announced on Tuesday that they’ve broken the encryption used on an cryptophone app called IronChat.

The Dutch police made the coup a while ago. They didn’t say when, exactly, but they did reveal that they’ve been quietly reading live communications between criminals for “some time.” At any rate, it was enough time to read 258,000 chat messages: a mountain of information that they expect to lead to hundreds of busts.

Already, the breakthrough has led to the takedown of a drug lab, among other things, according to Aart Garssen, Head of the Regional Crime Investigation Unit in the east of the Netherlands. He was quoted in the press release:

This operation has given us a unique insight into the criminal world in which people communicated openly about crimes. Obviously, this has led to some results. For example, we rolled up a drug lab in Enschede.

In the course of this investigation we also discovered 90,000 euros in cash, automatic weapons and large quantities of [hard drugs] (MDMA and [cocaine]). In addition, we became aware of a forthcoming retaliatory action in the criminal circuit.

IronChat used tinfoil marketing fluff by simply making up at least one celebrity endorsement, from Edward Snowden.

Also on Tuesday, Dutch police shut down the site that sold the phones, Blackbox-security.com. An archived page shows this purported endorsement from Snowden …

I use PGP to say hi and hello, i use IronChat (OTR) to have a serious conversation

… an endorsement that, Snowden said through a representative at the American Civil Liberties Union (ACLU), he never made. In fact, he’s never heard of the phone, Snowden said. Ben Wizner, director for the ACLU’s Speech, Privacy & Technology Project, relayed this message from Snowden in an email to Dan Goodin at Ars Technica:

Edward informs me that he has never heard of, and certainly never endorsed, this app.

Police said that they discovered the server through which encrypted IronChat communications flowed when police in Lingewaard, in the east of the Netherlands, traced a supplier of the cryptophones during a money-laundering investigation.

The phones cost about 3,000 euros per year (USD $3,400). The devices could only be used for texting, not for phone calls or web browsing, with the encryption happening on a separate server that rendered the communications unreadable by police.