Australian Police Arrest Suspected Leader of Ghost Encrypted App

Authorities said at a news conference in Brussels on Wednesday that the operation stopped “a number of threats to life” and resulted in the seizure of a drug lab after Australian police infiltrated the messaging service. Police found servers in France and Iceland and arrested Ghost’s alleged administrator, a 32-year-old Australian man identified as Jay Je Yoon Jung.

Ghost, founded nearly a decade ago, became popular among criminals for its advanced security. It implemented three encryption standards, let users automatically delete old messages, and remotely wipe their devices.

Jung was a resident of a quiet suburb of Sydney; Australian media reported that he lives with his parents. He reportedly sold modified smartphones with Ghost built into them for $2,350 each, offering a six-month subscription and technical support with each sale. The devices cannot make calls, send text messages or access the internet. Jung faces five charges, including supporting a criminal organization and identity fraud.

About 700 Australian law enforcement officers arrested 38 people in four states on Tuesday. Authorities told the ABC that police infiltrated Ghost after seizing a handset. “It was really a case of very clever software engineering and modification of updates to those devices to essentially turn them into surveillance devices,” an Australian Federal Police official said.

Europol and Eurojust coordinated the takedown between nine governments, including police forces from Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States. Ghost users also included organized crime figures in the Middle East and South Korea. Australian police were able to prevent the deaths or serious injury of as many as 50 people, Australian Federal Agency Assistant Commissioner David McLean said at the press conference in Brussels. Irish police arrested 11 people, seized drugs worth €16 million and seized €350,000 in cash, along with cryptocurrencies and more than 150 electronic devices, Irish National Police Assistant Commissioner Justin Kelly said.

“Criminals thought they could and would hide behind technology to coordinate drug and arms trafficking, extreme violence and money laundering across borders,” said Catherine De Bolle, Director of Europol. “No matter how advanced the technology, no matter how secure they think their communications are, we will find them.”

The takedown is one of a series of international law enforcement operations targeting encrypted communications networks. French and Dutch police in 2020 breached the encrypted messaging service EncroChat, an operation that authorities said led to the arrests of 6,558 people worldwide last year and the recovery by police of €900 million in criminal funds (see: EncroChat disruption leads to arrest of over 6,000 suspects).

Belgian and Dutch police targeted Sky ECC, another now-defunct encrypted messaging service, in 2021 (see: Police Target Criminal Users of Sky ECC Cryptophone Service).

Ghost did not have the same number of users as those two chat networks, Europol Deputy Director Jean-Philippe Lecouffe said at the news conference. The disruption of those other services fragmented the criminal market for encrypted chat, he said. “Sometimes the smaller networks get the most criminals and the most interesting information,” he added. Lecouffe also made the now-standard law enforcement request for tech providers not to offer unbreakable end-to-end encryption, calling access to communications between criminals “the lifeblood of our operations.”

Cybersecurity advocates have opposed government attempts to create a weakness in end-to-end encrypted messaging, arguing that hackers would eventually discover and exploit the flaw. The European Court of Human Rights ruled earlier this year that end-to-end encryption is essential to preserving the right to privacy in digital communications systems, and privacy advocates have argued that lawful mechanisms for accessing messages would provide a conduit for mass surveillance. Tech companies have generally resisted calls from law enforcement to ditch end-to-end encryption, arguing that user trust in online messaging must be preserved.

In late August, French authorities arrested Telegram CEO Pavel Durov and charged him with complicity in hacking, child abuse material, and refusal to cooperate with law enforcement authorities (see: Indictment Against Telegram CEO Threatens End-to-End Encryption).

Updated September 18, 2024 8:13 PM UTC: This story has been updated with additional details.

With reporting from Jayant Chakravarti of Information Security Media Group in Pune, India and David Perera in Washington, DC