Global Law Enforcement Infiltrates Encrypted Platform Ghost, Disrupting Criminal Networks Worldwide
A major international law enforcement operation has successfully dismantled a criminal network that relied on the encrypted communication platform known as Ghost. This platform had been used by organized crime groups to facilitate illicit activities such as drug trafficking, money laundering, and even orchestrating contract killings. Led by the Australian Federal Police (AFP) in collaboration with Europol and other global agencies, this takedown marks a significant step in combating encrypted tools exploited for criminal gain.
In this blog, we’ll delve into the operation’s details, the infiltration of the Ghost platform, and how advanced dark web surveillance, compromised data tracking, and brand impersonation defense can protect organizations from such threats.
Operation Kraken: Coordinated International Action
Dubbed "Operation Kraken," the extensive law enforcement effort was spearheaded by the AFP, with support from Europol and agencies from various countries. The operation culminated in the arrest of Ghost’s creator, a 32-year-old Australian, on September 17, 2024, after a series of coordinated raids across multiple nations.
The Ghost platform had been in use since 2015 and was sold as part of a package that included a modified smartphone with encrypted messaging capabilities. This communication tool quickly became a favorite among organized crime groups, particularly in Australia, Ireland, Italy, and Central Europe. The platform facilitated a range of illegal activities, from drug distribution to organized murder, by offering criminals a seemingly secure way to communicate.
How Ghost Enabled Global Crime
Ghost was marketed exclusively to criminal organizations, providing an encrypted platform that allowed users to evade law enforcement. For approximately AUD$2350 ($1590), users could purchase a specially modified smartphone that included a six-month subscription to Ghost’s encrypted network, along with technical support.
Although not as widely used as similar platforms like EncroChat or AN0M, Ghost was still favored by some of the most powerful criminal networks worldwide. The platform had about 376 active devices in Australia alone, with a broader presence in Europe. According to law enforcement, the global nature of Ghost made it a prime target for a coordinated takedown.
Jean-Philippe Lecouffe, Europol’s Operations Director, emphasized that the disruption of larger platforms in recent years had led to the emergence of smaller, more fragmented networks like Ghost. These smaller networks, while less extensive, often attract high-level criminal organizations, making them critical targets for law enforcement.
Cracking the Ghost Platform: The Role of a Supply Chain Attack
The breakthrough in Operation Kraken came when the AFP leveraged a supply chain attack to infiltrate Ghost’s infrastructure. Law enforcement discovered that Ghost’s administrator frequently pushed software updates to keep users' devices functional. By subtly altering these updates, the AFP gained access to the encrypted communications of Ghost users without their knowledge.
This approach allowed law enforcement to tap into ongoing communications, gathering valuable intelligence on the criminal operations that relied on Ghost for coordination. By compromising the supply chain, authorities were able to neutralize the platform’s security features and gather evidence on a wide range of criminal activities, including drug deals and organized killings.
Coordinated Global Raids: Impact and Arrests
The supply chain attack paved the way for a series of coordinated raids carried out across Australia and other countries, including Ireland, Italy, Sweden, and Canada. On September 17 and 18, 2024, police forces executed search warrants and apprehended key suspects involved in the criminal network.
The operation’s impact was significant, leading to:
- 38 arrests
- 71 search warrants executed
- The disruption of 50 life-threatening incidents
- The seizure of over 200kg of illicit drugs
- 25 firearms and other weapons confiscated
As a result of this operation, up to 50 Australian offenders face severe charges, including long prison sentences. More arrests are expected in the coming days as authorities continue to follow up on the intelligence gathered through the operation.
Lessons for Businesses: Proactive Cybersecurity Strategies
The success of Operation Kraken underscores the growing threat posed by encrypted platforms when exploited by criminal networks. These developments serve as a stark reminder for organizations to stay vigilant and adopt advanced security measures to mitigate potential risks.
Here are a few key cybersecurity strategies that can help safeguard businesses against these kinds of threats:
- Stolen Credentials Detection: Monitoring for compromised credentials across darknet forums and marketplaces can provide early warnings about potential threats. By using darknet monitoring services, organizations can stay informed about any leaked or stolen data that could be used for malicious purposes.
- Digital Footprint Analysis: Proactively assessing your organization’s digital exposure can help identify vulnerabilities that criminals might exploit. Regular digital footprint analysis can reveal sensitive data leaks or weak points in your security infrastructure.
- Brand Impersonation Defense: Criminals often exploit trusted brands to carry out phishing attacks or other scams. Implementing brand protection measures can help organizations detect and neutralize these threats before they damage their reputation.
- Online Risk Evaluation: Evaluating the risks associated with digital threats in real time enables businesses to stay ahead of cybercriminals. Digital threat scoring can help assess the potential impact of various risks and inform more effective security strategies.
Conclusion: A New Frontier in Law Enforcement
Operation Kraken marks a major victory in the global fight against encrypted criminal networks. By employing innovative tactics, such as the supply chain attack on Ghost’s infrastructure, law enforcement has demonstrated its ability to adapt to the evolving landscape of cybercrime.
As criminal organizations continue to leverage encrypted tools and platforms, it is essential for both public and private entities to remain vigilant and proactive in their defense strategies. With the right tools and technologies, such as dark web surveillance and compromised data tracking, organizations can strengthen their security posture and stay ahead of emerging threats in an increasingly complex digital world.
About Foresiet!
Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization's defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.
Protect your brand, reputation, data, and systems with Foresiet's Integrated Digital Risk Platform. 24/7/365 threat monitoring for total peace of mind.
Oct. 11, 2024, 1:33 p.m.
Oct. 11, 2024, 1:03 p.m.