Australian Police Arrest Suspected Leader of Ghost Encrypted App

Authorities said the operation thwarted “a number of threats to life” and led to the seizure of a drug lab after Australian police infiltrated the messaging service.

Police located servers in France and Iceland and arrested Ghost’s alleged administrator, a 33-year-old Australian identified as Jay Je Yoon Jung.

Ghost, founded in 2017, became popular among criminals for its advanced security. It implemented three encryption standards, let users destroy all messages sent to a receiving phone, and did not require subscribers to provide any personal information about themselves.

Jung lived in a quiet suburb of Sydney and Australian media reported that he lives with his parents. He reportedly sold modified smartphones with Ghost built in for $2,350 each, offering a six-month subscription and technical support with each sale. He faces five charges, including supporting a criminal organization and identity fraud.

Authorities told the ABC that police infiltrated Ghost after seizing a device. “It was really a case of very clever software engineering and modification of updates to those devices to essentially turn them into surveillance devices,” an Australian Federal Police official said.

Europol and Eurojust coordinated the takedown between nine governments, including police forces from Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States. Ghost users also included organized crime figures in the Middle East and South Korea. Australian police were able to prevent the deaths or serious injuries of as many as 50 people, Australian Federal Agency Assistant Commissioner David McLean said at a news conference.

“Criminals thought they could and would hide behind technology to coordinate drug and arms trafficking, extreme violence and money laundering across borders,” said Catherine De Bolle, Director of Europol. “No matter how advanced the technology, no matter how secure they think their communications are, we will find them.”

The takedown is one of a series of international law enforcement operations targeting encrypted communications networks. French and Dutch police in 2020 breached the encrypted messaging service EncroChat, an operation that authorities said led to the arrests of 6,558 people worldwide last year and the recovery by police of €900 million in criminal funds (see: EncroChat disruption leads to arrest of over 6,000 suspects).

Belgian and Dutch police targeted Sky ECC, another now-defunct encrypted messaging service, in 2021 (see: Police Target Criminal Users of Sky ECC Cryptophone Service).

Ghost did not have the same number of users as those two chat networks, Europol Deputy Director Jean-Philippe Lecouffe said at the news conference. The disruption of those other services fragmented the criminal market for encrypted chat, he said. “Sometimes the smaller networks get the most criminals and the most interesting information,” he added. Lecouffe also made the now-standard law enforcement request for tech providers not to offer unbreakable end-to-end encryption, calling access to communications between criminals “the lifeblood of our operations.”

Cybersecurity advocates have opposed government attempts to create a weakness in end-to-end encrypted messaging, arguing that hackers would eventually discover and exploit the flaw. The European Court of Human Rights ruled earlier this year that end-to-end encryption is essential to preserving the right to privacy in digital communications systems, and privacy advocates have argued that lawful mechanisms for accessing messages would provide a conduit for mass surveillance. Tech companies have generally resisted calls from law enforcement to ditch end-to-end encryption, arguing that user trust in online messaging must be preserved.

In late August, French authorities arrested Telegram CEO Pavel Durov and charged him with complicity in hacking, child abuse material, and refusal to cooperate with law enforcement authorities (see: Indictment Against Telegram CEO Threatens End-to-End Encryption).

Reporting from David Perera of Information Security Media Group in Washington, DC