Arrest warrants issued for Canadians behind Sky ECC cryptophone network used by organised crime

Phantom Secure

Sky Global is the second encrypted phone network to face legal action in the Southern District of California. In 2018, executives of another encrypted phone network, Phantom Secure – also based in Canada – were indicted for providing encrypted mobile devices to criminal groups.

Phantom Secure’s chief executive, Vincent Ramos, pleaded guilty and admitted that he and others facilitated the distribution of drugs around the world by supplying encrypted communications devices to thwart law enforcement.

Sky Global, based in Vancouver, Canada, supplied encrypted phones to 70,000 users worldwide. It installed sophisticated encryption software on iPhones, Google Pixel, Blackberry and Nokia handsets, which routed encrypted text messages through servers in France and Canada, the indictment claims. The company used proxy servers to hide its location.

Plausible deniability

Sky Global’s employees and distributors are accused of adopting an “ask nothing/do nothing” approach towards its clients following the takedown of Phantom Secure, so they would be able to plausibly deny knowledge of their clients’ illegal activities.

People who worked with Sky Global or acted as phone distributors remained anonymous to each other and only interacted using their user names, email handles or nicknames, rather than clients’ real names.

They are also accused of remotely deleting the contents of Sky ECC mobiles or suspending the phone service if it was suspected that an informant or law enforcement officer was using a phone as part of an investigation.

The company protected the identity of its customers by selling phones using cryptocurrencies, including bitcoin, which facilitated the laundering of customers’ “ill-gotten gains”, the indictment claims. Its administrators and distributors ran shell companies to hide the proceeds of encrypted phone sales.

The company is accused of generating profits of hundreds of millions of dollars for over 10 years by facilitating transnational crime networks. It operated throughout the world, including Canada, Columbia, Mexico, Belgium, the Netherlands, Australia and the US.

The phones, known as Sky ECC, were sold online or through “authorised partners” for between €900 and €2,000, depending on the model. Sky Global’s technical team modified the phones to remove GPS, camera, internet and voice communications, to secure the devices. Subscriptions cost between $1,200 and $2,000 for six months.

Parallels with EncroChat

The French, Dutch and Belgian investigation into Sky ECC has strong parallels with an operation by the French to penetrate the EncroChat encrypted phone network, shut down in June 2020.

The UK’s National Crime Agency made hundreds of arrests after the French gendarmerie shared huge volumes of messages harvested from the network by a software “implant” with British investigators.

The UK’s investigation, dubbed Venetic, led to the seizure of cash, firearms including AK47 assault rifles, submachine guns and grenades, multiple luxury cars and watches, and tonnes of class A and B drugs.

Passing off

Sky ECC claimed in a statement last week, before the arrest warrants were issued, that a reseller had been selling unauthorised phones from the defunct website www.skyecc.eu.

“We know that someone has been passing themselves off as an official reseller of Sky ECC for some time and we have been trying to shut it down through legal channels for almost two years,” said Sky ECC CEO Jean-François Eap in the statement.

The company said photographs issued by the Belgian Police showed a modified skyecc.eu phone rather than the standard Sky ECC app.