Australian Police conducted supply chain attack on criminal collaborationware

Australia's Federal Police (AFP) yesterday arrested and charged a man with creating and administering an app named Ghost that was allegedly "a dedicated encrypted communication platform … built solely for the criminal underworld" and which enabled crims to arrange acts of violence, launder money, and traffic illicit drugs.

Ghost was created around nine years ago and sold with a modified smartphone for around AU$2350 ($1,600), which included a six-month subscription to an encrypted network and tech support. The AFP alleges 376 active handsets operated in Australia.

Earlier this year the AFP warned it had already infiltrated Ghost, and yesterday revealed it had conducted a successful supply chain attack on the app.

"The administrator regularly pushed out software updates, just like the ones needed for normal mobile phones. But the AFP was able to modify those updates, which basically infected the devices, enabling the AFP to access the content on devices in Australia."

• Australia’s spies and cops want ‘accountable encryption’ - aka access to backdoors
• Police allege 'evil twin' of in-flight Wi-Fi used to steal passenger's credentials
• Australian techie jailed for accessing museum's accounting system and buying himself stuff
• Oz Feds reveal distribution model behind backdoored 'An0m' chat app spread by crims

On Tuesday and Wednesday, that info was used to inform raids in four Australian states that executed 71 search warrants, yielded 38 arrests, led to the seizure of 25 illicit weapons, and stopped 200 kilograms of illicit drugs from reaching the street.

The AFP has also claimed that cracking the Ghost network allowed it to intervene in 50 threatened acts of violence or murder.

"We allege hundreds of criminals, including Italian Organized Crime, outlaw motorcycle gang members, Middle Eastern Organized Crime and Korean Organized Crime have used Ghost in Australia and overseas to import illicit drugs and order killings," declared AFP deputy commissioner Ian McCartney.

Europol executive director Catherine De Bolle offered a canned quote in the AFP's announcement, in which she stated "Today we have made it clear that no matter how hidden criminal networks think they are, they can't evade our collective effort."

The AFP has used this operation – codenamed "Kraken" – to remind crims of past successful efforts to decrypt supposedly secure apps, and of the 2021 bombshell revelation that it even created and operated its own thoroughly backdoored app and arranged for its distribution in the criminal community.

The Register is also pleased to report that one of those arrested, the alleged operator of the app, per the AFP-provided photo below was wearing a hoodie at the time the Feds showed up.

Thanks for that, AFP! The hacker hoodie has become a tired stock-photo cliché, but you've made it real again! ®

Now read: Cops across the world arrest 51 in orchestrated takedown of Ghost crime platform