Dec 20, 2023
Crooks’ Mistaken Bet on Encrypted Phones
By Ed Caesar In 1895, a police officer in Manhattan who had once worked for a
By Ed Caesar
In 1895, a police officer in Manhattan who had once worked for a telephone company, and whose name has been lost to history, suggested adding a hidden circuit to lines used by known criminals: a wiretap. The city's mayor, William L. Strong, approved the technique, and for two decades wiretapping secretly flourished at the N.Y.P.D. In 1916, news of the practice leaked, resulting in an outcry and a public inquiry—not least because the police had been tapping the calls of priests. New York's police commissioner, Arthur Woods, defended his officers’ methods, saying, "You can't always do detective work in a high hat and kid gloves."
Crooks have always wanted to talk without being heard, and cops have always wanted to listen without being seen. Since the exposure of the wiretap, criminals have tried to stay one step ahead of eavesdroppers. Some underworld figures have avoided phones altogether. Bernardo Provenzano, the Sicilian Mafia don, communicated through pizzini—messages written on tiny pieces of paper—using a variant of the Caesar cipher, an elementary mode of encryption in which each letter is shifted three places in the alphabet.
High-level commands can be conveyed using pizzini, but the method is too slow for the hour-to-hour operations of a drug empire. In the nineties, Mexican cartels adopted encryption to scramble their phone calls. In 1998, Louis Freeh, then the director of the F.B.I., complained to Bill Gates that encryption software, including Microsoft's, had rendered the wiretap obsolete. According to Freeh, he got no apology: "You’ve got to get bigger computers," Gates said.
In 2013, Edward Snowden revealed that U.S. government agencies were monitoring citizens’ communications on a vast scale. Privacy-minded developers soon began releasing even more robust encryption technology. Phil Zimmermann—who, in 1991, had published the pioneering e-mail-encryption software known as Pretty Good Privacy—launched the Blackphone, which offered watertight phone calls and texts. The device became popular with all kinds of security-conscious people, from activists in repressive states to government agents.
Since the launch of the Blackphone, a variety of encrypted phones have become coveted items in Europe. These devices are not for regular people. You can't post on Instagram, play Wordle, or Shazam a song on them. Typically, they are Android or BlackBerry devices that have been "hardened"—reconfigured so that the user can access just a single messaging app. You can communicate only with other people on a network to which you’ve subscribed. Such networks have their own servers, in the manner of Signal or WhatsApp. Hardened phones often have no working camera, and geolocation and tracking services are disabled. A "wipe" feature instantly deletes all messages. More sophisticated services offer a "dual-boot" mode, so that the device can—at the touch of a button—look like a normal smartphone. Hardened devices cost about fifteen hundred dollars, and six months of service on a network costs about a thousand dollars.
Marketing materials have emphasized the impregnability of the devices. Sky Global, which was founded in Canada and which offered the popular Sky E.C.C. encrypted-phone service, promised a five-million-dollar reward to anyone who could crack its code. Another network, EncroChat, boasted that its devices offered "worry free communications" and "the electronic equivalent of a regular conversation between two people in an empty room." A promotion for a service called M.P.C. featured a moody photograph of Edward Snowden.
But there are only so many Snowdens; the obvious customer for such gadgets was less idealistic. Organized criminals in Europe scooped up hardened phones. (The North American criminal fraternity was slightly slower to adopt the technology.) Some of these networks were founded by seemingly legitimate businessmen. The Canadian C.E.O. of Sky Global, Jean-François Eap, was described by the Guardian as "a tech startup nerd who has never even smoked a cigarette." Other networks were created by known gangsters. M.P.C., which folded three and a half years ago, was owned by the notorious Glaswegian brothers James and Barry Gillespie, who ran a drug empire. They fled Europe for South America after warrants were issued for their arrest, in 2019, and have since disappeared. The police suspect that they were murdered by a gang in Brazil.
Hardened phones were ingenious, but these networks had some inherent security flaws: the clustering of a criminal clientele made them a tempting target for police officers in many countries. It was as if all the villains had holed up in a castle with twenty-foot-thick walls and dared invaders to attack with catapults and battering rams. No European police force had better siege engines, or more reason to use them, than the Dutch. In the Netherlands, so many criminals used encrypted devices that they became known as boeventelefoons: "crook phones."
In 2016, the Dutch National High-Tech Crime Unit targeted Ennetcom, a network used by some nineteen thousand people, most of them based in the Netherlands. After discovering that Ennetcom's servers were housed in Canada, the crime unit requested that Canadian law enforcement obtain a search warrant to copy the data. The network, owned by a Dutchman named Danny Manupassa, had made a spectacular bungle: it had stored the private keys for the system on the same server as the network's messages. Analysts in the Netherlands obtained the private keys and then used them to decrypt Ennetcom texts. Manupassa was arrested for "purposefully facilitating crime," as were many of his customers—including Naoufal (the Belly) Fassih, a notorious Moroccan Dutch hit man and drug trafficker, who was later convicted of attempted murder.
The failure of Ennetcom should have alerted security-conscious criminals to treat encrypted phones with caution. In 2020, Erik Van De Sandt, a member of the Dutch National High-Tech Crime Unit, told students at Cambridge University that the central weakness of private networks was that their encryption protocols were developed in secret, often by cryptographers who were not as good as their promises. "You have to look at the anthropology," Van De Sandt told the students. Because encrypted-service providers focus "on an exclusively criminal community," he explained, "they apply confidentiality over their own business process. . . . You can never really test that security until it's too late." He continued, "That's a real problem for all criminals. . . . You end up with a really bad product because there's no transparency. Lucky us!"
Despite the networks’ shortcomings, they continued to find customers. The police in the Netherlands and in other countries started looking for weaknesses in the Continent's two most popular networks: EncroChat and Sky E.C.C. In advertisements, EncroChat claimed that it housed its servers in secure locations "offshore." This wasn't true: they were in a regular data center in Roubaix, an industrial city in northeastern France. The French National Gendarmerie, having realized that all EncroChat communications appeared to route through Roubaix, investigated. In January, 2019, in the early stages of a joint French-Dutch operation, the Gendarmerie executed a warrant to secretly copy EncroChat's servers. Analysts then began hunting for a flaw in the system that they could exploit.
They soon found one. According to one expert, the French had copied EncroChat's development server, where new code is created and tested. Engineers were able to create a piece of malware and then ship it, disguised as an update, onto all EncroChat phones. The operation, which began in April, 2020, worked in two phases. First, it sent the police copies of all texts and images stored on EncroChat phones. (EncroChat normally deleted messages after seven days, but even just a week's worth of texts provided rich insights about customer identities and behaviors.) In the second phase, which lasted about two months, the police figured out how to read messages in real time. Jannine van den Berg, a chief constable of the Dutch police, told reporters, "It was as if we were sitting at the table where criminals were chatting." EncroChat was shut down in July, 2020. The investigation has had a particularly seismic effect in Britain, where the network had some ten thousand users. More than twenty-eight hundred arrests have been made in the U.K., and the British court system is still loaded up with EncroChat cases.
Link copied
The operation against Sky E.C.C. followed a similar pattern. Somewhat unbelievably, Sky's servers were also situated in Roubaix. They, too, were copied by the French police. Sky's messages ran on a different system than EncroChat's, and it was more difficult to infect the network with bulk malware. Instead, someone with knowledge of the investigation told me, analysts seem to have launched a "protocol attack" that deceived handsets into revealing their private keys.
Sky E.C.C. suffered the same fate as EncroChat—including what Europol, the European Union's law-enforcement agency, describes as a "live phase" of three weeks, when all messages could be secretly read in real time. In March, 2021, police chiefs in several countries gleefully announced Sky's downfall. The company's founder, Eap, was indicted in the United States for racketeering and for facilitating "the transnational importation and distribution of narcotics through the sale and service of encrypted communications devices." (Eap has denied the charges, and Sky Global has written a motion claiming that its assets were unfairly targeted; a lawyer for the firm has asserted that only a "small fraction" of its customers were involved in illegal activities.)
Three months after Sky's demise, the F.B.I. and the Australian Federal Police announced the shutdown of an0m—a network with many fewer users than Sky or EncroChat, and with a strikingly different origin. American and Australian agents had created an0m themselves, to ensnare criminals. A confidential source who had once worked for an encrypted phone network had helped the agencies to develop an app and to introduce an0m phones to major organized-crime figures—among them the Australian drug kingpin Hakan Ayik, who has been on the run in Turkey. The F.B.I. and the Australian Federal Police didn't need to decrypt an0m messages. By design, every text sent on the network was blind-copied to a server in Europe and read by police investigators in America.
Andrew Young, a former federal prosecutor in the Southern District of California, led the an0m operations, and he told me that one of the goals of the sting was to "dismantle the business model" of encrypted phones as a tool of organized crime. Young explained, "My argument was always, If we do this, then they’re back to whispering, covering their mouths, outside of storefronts. Because how could you ever have confidence in whatever comes next?"
It's not yet clear whether the encrypted-phone paradigm has truly been broken. Criminals still need to talk to one another. Moreover, the prosecutorial value of messages garnered in encrypted-phone stings has been called into question. Although many criminals have been convicted as a result of the stings—more than four hundred in the U.K. alone—lawyers defending people arrested on this basis have objected to the messages’ being used as evidence, arguing that the wholesale collection of private communications violates the privacy or wiretap laws of a particular country, or that the messages alone fail to prove involvement in crime.
Whatever the outcome of such legal wrangles, the Great Decrypt has unquestionably provided a bounty of intelligence. It has never before been possible to see so vividly how many thousands of criminals talk to one another when they think nobody is listening. Europol, which coordinated joint international investigations, has become a hub for analyzing decrypted phone intelligence. The agency's trove is vast; it has examined about a billion messages from Sky E.C.C. alone. Officers working on these operations say the decrypted messages have reshaped their views of how organized crime works: its scale, its cunning, its ruthlessness.
In October, the two most senior Europol officers working on serious and organized crime met with me at the agency's headquarters, a forbidding office building in a quiet neighborhood of The Hague. Jean-Philippe Lecouffe, a Frenchman, and Jari Liukku, a Finn, have more than seventy years’ worth of policing experience between them. Neither could remember another breakthrough in which they had learned so much so quickly. For one thing, Liukku said, the phone busts had apprised them of important figures in organized crime who had been "completely unknown" to them and who must have felt "untouchable." Now these men—it was almost always men—were active targets.
Lecouffe told me that, before the encrypted-phone stings, police forces were "a bit in the dark" about how organized crime functioned from day to day, even if the occasional successful investigation provided faint illumination on a group or an activity. Suddenly, it was if somebody had switched on thousands of klieg lights, and "we could not only take a picture but a movie."
Some of the most shocking phone intelligence, investigators say, comes from Montenegro. In the nineteen-nineties and two-thousands, the most lucrative racket for Montenegrin gangs was smuggling cigarettes into Europe, primarily through the Adriatic port of Bar. Such trade continues, but tobacco now has a serious competitor: cocaine. The country's two most effective criminal groups, the Kavač and the Škaljari, are named for neighboring areas in the harbor city of Kotor. These gangs have networked with the Balkan diaspora to forge connections with South American drug producers and European financiers, and they now move narcotics in vast quantities. The two groups are also committed to exterminating each other: some fifty members of the gangs have been killed by rivals in recent years.
In Montenegro, organized crime is a frequent but dangerous topic of conversation. Since the population is only six hundred and twenty thousand, and since smuggling is a high-turnover business in a small economy, and, furthermore, since the trade cannot continue without some complicity from state officials, when you talk of crime in Montenegro you are often talking about politics. In 2003, anti-Mafia prosecutors in Italy accused the Montenegrin Prime Minister, Milo Đukanović, of being the linchpin of a cigarette-smuggling racket. He was also accused of conspiring with senior figures in the Camorra crime family. For twenty months, Italian investigators wiretapped Đukanović (the old-fashioned way). He had, they later wrote, "promoted, set up, directed and, in any case, participated in a Mafia-type association" that had turned Montenegro "into a paradise for illicit trafficking." Đukanović, who denied the charges, had diplomatic immunity and never faced trial in Italy; the case against him was dropped in 2009. For a long time, the scandal didn't harm him politically. He and his party, the D.P.S., remained in power until 2020, and Đukanović held the largely ceremonial role of President until this year. (He was defeated in a runoff by Jakov Milatović, a young pro-E.U. candidate.)
A handful of campaigning journalists have been reporting on the nexus of crime and governmental corruption in Montenegro. On a trip to the country this past January and February, I met with two of the most daring of them: Olivera Lakić, of the news portal Libertas, and Jelena Jovanović, of the newspaper Vijesti. Death threats against both women have been common, and security guards protect them twenty-four hours a day. In 2018, Lakić was shot in the leg, in broad daylight. The same year, Jovanović was interviewing a source at a café when the man was murdered in front of her. None of the bullets that the gunman fired hit Jovanović, but she sees the killer's "orange eyes" in her nightmares.
After Sky E.C.C. was infiltrated, the balance of power suddenly swung toward reporters in Montenegro, where the network had been popular. Europol analyzed the billion messages that it had harvested from the bust using software, developed by the agency, that scoured texts for key words and phrases. The word "liquidate," in several languages, prompted an alert; so did "sleep" and "crack"—code words for murder. In mid-2021, Europol sent the first of many intelligence packages to Montenegrin prosecutors detailing major crimes and graft that implicated top officials in state institutions. The contents of the packages were secret, but at least one source in Montenegro, worried that the intelligence might be buried by corrupt prosecutors, leaked the documents to journalists. This fear was justified: a special prosecutor, Saša Čađjenović, was arrested this past December for having failed to act on Europol intelligence packages that were damning both to senior figures in the Kavač gang and to police officers covering up the gang's activities. (Čađjenović is in jail awaiting trial.)
In April, 2022, Olivera Lakić wrote an astonishing report for Libertas based on the Europol intelligence. It detailed how Milos Medenica, the son of Vesna Medenica, one of Montenegro's most senior judges, appeared to have plotted with a corrupt police officer to import cigarettes and cocaine through Bar's port. In one text, Milos told the policeman, "Right now I’m working on cigarettes. You know 100% I left for Bar from 11p.m. on Thursday." Moreover, intercepted messages sent by Milos suggested that his mother was protecting the illegal enterprise. Vesna, he said, had the power to influence judges in criminal cases, and even to initiate multimillion-dollar embezzlement cases against her son's enemies. "I went to her," Milos texted one correspondent, according to a later story, in Vijesti. "Everything is going as it should, preparations are being made who will handle the case."
The reports spurred prosecutors into action. Vesna was arrested before she could board a flight to Belgrade, and Milos subsequently surrendered. The trial of the Medenicas and several alleged co-conspirators is scheduled to begin in May in the capital, Podgorica. At a preliminary hearing that I attended, the courtroom wasn't big enough, and some defendants were sitting among lawyers and reporters. Vesna, wearing a black ensemble and spiked heels, sat two rows in front of journalists from Libertas, whose reporting had helped precipitate her downfall. It's a small country.
Even before the encrypted-phone stings, Transparency International had ranked Montenegro as one of the most corrupt nations in Europe. Nevertheless, the scale of the graft revealed by the Sky E.C.C. bust was even bigger than expected. During my visit, a fresh Europol intelligence package arrived, based on Sky E.C.C. messages. Several government ministers and law-enforcement figures told me that it detailed the activities of a dozen Montenegrin police officers who had communicated with criminals on the network. In fact, Europol's intelligence about the police force was worse than I had been led to believe. According to a March report in Libertas, élite officers had used Sky E.C.C. to send photographs of themselves torturing suspects to friends within the Kavač gang; in the wake of the report, the director of police was fired, and twelve more police officers were arrested.
Dritan Abazović, Montenegro's young and charismatic Prime Minister, has campaigned against organized crime and its facilitators. This stance, among others, has decreased his popularity—he lost a vote of confidence in August and now leads a lame-duck Parliament—but he still seems committed to the fight. I visited his office in January and asked him about the impact of the Sky E.C.C. sting. "It was like an atomic bomb had come to Montenegro," he said. "High-level policemen, the head of the judiciary! After all of our suspicions . . . finally, we can say, ‘This is really something that is happening.’ " He continued, "The opening of the Sky application was the most powerful weapon in the history of our fight against organized criminal groups."
The phone intelligence underscores how central cocaine has become to organized crime in Europe. In the past two decades, the cocaine business on the Continent has far outpaced the heroin and synthetic-drug markets. A comprehensive 2021 investigation by the think tank InSight Crime revealed that Colombian cocaine cartels had shifted their focus to Europe after losing control of American distribution to Mexican groups. As a result, the cocaine business is now primarily a shipping business.
Decrypted texts have helped authorities map this modern Silk Road. Sky E.C.C. had about seventy thousand active users, nearly a quarter of them clustered around the two busiest seaports in Europe: Rotterdam, in the Netherlands, and Antwerp, in Belgium. Customs officers now believe that about half of Europe's cocaine arrives at these ports. In January, I visited both places. The scale of a major seaport is difficult to comprehend. Driving from one end of Rotterdam's port to the other took forty minutes. Mountains of multicolored containers were piled up like giant Legos, among steepling cranes.
Last year, more than twenty million containers were handled in Rotterdam or Antwerp. Customs officials inspected fewer than two per cent of them. They likely missed a lot of contraband. Nevertheless, through a synthesis of the phone intelligence and on-the-ground policing, they discerned several current patterns of trafficking. The most popular method of shipping cocaine into these ports is called Rip On/Rip Off. A Rip On gang in a port in South or Central America loads cocaine into a shipping container and then relays its location to a Rip Off gang in Europe, which enters the destination port, finds the container, and spirits the product out in a truck. Europol analyzed many messages containing the serial numbers of target containers, consignment sizes, and other instructions.
The head of Belgian customs, Kristian Vanderwaeren—a droll man of fifty-eight with white hair and bushy black eyebrows—told me that, in 2022, his officers had enjoyed a record year, seizing a hundred and ten tons of cocaine in Antwerp alone. Cocaine, which typically costs about fifty dollars a gram in Europe, is often cut with substances such as lidocaine and baking powder. If the cocaine arriving in Antwerp had a purity of eighty per cent and was sold at sixty per cent—the current standard—the bounty was worth nearly eight billion dollars.
Seized coke is burned. In December, bonfires at the port of Antwerp were so enormous that the event was dubbed White Christmas by local newspapers. However, police and traffickers work on the assumption that only ten to fifteen per cent of cocaine entering major seaports will be seized. Vanderwaeren's teams can X-ray entire containers, and they assiduously target freight arriving from the producer nations of Latin America. Nonetheless, officers will never be able to inspect all containers from such ships. A load of fresh fruit can be held up for only so long. It's likely that, even with the help of the phone intelligence, customs officials in Antwerp missed some six hundred tons of cocaine last year.
Criminal groups work hard to minimize losses in the ports. Vanderwaeren pointed to a few particularly clever strategies for off-loading drugs. Sometimes, he explained, crooks circumvent targeted scanning using a technique called the Rip Off Switch, in which they mask the provenance of incoming cargo by, say, transferring it to a container from a "safe" country while the ship is at an intermediary European port. Recently, Vanderwaeren has witnessed a new method, known as the Trojan Horse, in which a Rip Off gang enters the port of Antwerp or Rotterdam from another European port while living within a container. By arriving in the seaport at the same time as a consignment of drugs, they can off-load the product before a customs officer has the chance to inspect the container. During a heat wave in the summer of 2019, a pair of traffickers locked inside a container in Antwerp called Belgian police on regular phones asking to be rescued. After a two-hour search, the two, who were stripped to the waist and badly dehydrated, were found and then arrested.
In 2021, the Belgian and Dutch police made some five hundred arrests within a month of the Sky E.C.C. bust, but Vanderwaeren was busier than ever in 2022. "I had thought that the Sky operation would break the criminal organization fundamentally," he told me. "But we didn't stop the tsunami."
The phone intelligence has helped Europol understand why the cocaine trade is not so easily defeated. Its systems are more flexible, less hierarchical, and less fragile than previously thought. Antwerp and Rotterdam may be the most important seaports for the cocaine business, but—if Vanderwaeren and his officers become too adept at their jobs—there are alternatives. Not long ago, port inspectors at Le Havre, in France, detected the Trojan Horse smuggling method for the first time.
Link copied
Just as border agents conduct risk analysis on ships from South America, criminals conduct their own assessments of European ports. When Europol officials sifted through criminals’ messages, they learned that many ports they had considered to be less important for cocaine trafficking were becoming major hubs: Livorno, Italy; Sines, Portugal; Vlissingen, the Netherlands. South American traffickers, meanwhile, were shipping drugs from new locations, hoping that these rutas frías—"cold routes"—would elude police detection. Paraguay, a formerly low-risk point of origin, was shipping cocaine with more frequency. Within the headquarters of Europol, in The Hague, officers began speaking of a "waterbed effect," in which police pressure on one geographic area pushed volume into another.
Hitching a ride on commercial ships is, of course, only one method of moving drugs. The phone intelligence exposed various ways that private craft are used in trafficking. In one conversation, captured on an0m, a group of traffickers in Australia and Southeast Asia, including Hakan Ayik—the kingpin who became an early adopter of the network—discussed using a yacht to sail five hundred kilograms of cocaine from Barranquilla, Colombia, to a spot a hundred miles off the coast of "Lor." This was shorthand for "Lord of the Rings," meaning New Zealand. (The police investigators also noted that the texts referred to Australia as "Order," suggesting a mischievous play on words: "Lor and Order.") According to the plan, once the yacht reached the right location, the drugs would be attached to a buoy and dropped into the ocean; the G.P.S. coördinates of the cargo would be transmitted to a New Zealand-based "catch crew," which would collect the load by trawler.
Many other such plots have come to light. In August, 2021, British border agents seized two tons of cocaine from the luxury yacht Kahu in the English Channel. Prosecutors have presented phone evidence showing that the yacht had rendezvoused off the coast of Barbados with another boat, out of Suriname, before crossing the Atlantic with its cargo. An Englishman, Andrew Cole, was in charge of delivering the cocaine to a shore crew in England led by a man code-named Viking. The police arrested Cole before he had the chance. His final text to his boss in South America: "We are getting boarded."
Cocaine is a multinational business, but, before the encrypted-phone busts, organized criminals were thought to work most readily with their own countrymen, or with people of the same ethnic background. Certainly, criminal groups bound by national or ethnic identity exist, but the decrypted conversations showed how often major criminals form international associations that defy expected political alignments. Albanians and Serbs, for instance, can apparently put aside their historical differences to make money together. At Europol, officers now talk less often of organized criminal groups and more often of criminal networks. Lecouffe, the French officer, told me of his surprise at finding how often western Balkan languages were being spoken in decrypted conversations picked up in Central and South America. He laughed, and said, "What are they doing here?"
In June, 2019, in the port of Philadelphia, officers from the U.S. Customs and Border Protection agency boarded the container ship M.S.C. Gayane, which had recently sailed from Chile, via Panama and the Bahamas, and was bound for Rotterdam. The agents found some twenty tons of cocaine, which they estimated to be worth more than a billion dollars. The agency has never made a bigger seizure of drugs. A group of Montenegrin sailors was arrested. They had been recruited as smugglers by a Balkan group: some for as little as fifty thousand dollars each, but the chief mate had been promised more than a million. American prosecutors believe that, while the Gayane was at sea, several consignments of cocaine were transported to it by speedboat at night; the sailors hoisted sacks of coke on board using the ship's crane and stored the drugs in shipping containers, taking care to replace the seals. During the voyage, the Montenegrins recruited two Samoan members of the crew to join their scheme. Somehow, Customs and Border Protection got wind of the enterprise. The Montenegrin sailors were using what the prosecution called "narco phones" provided by their superiors. No American law-enforcement agency has admitted to harnessing messages from phones in the Gayane operation.
Montenegrin is not the only western Balkan language to feature prominently in the encrypted chats. On Sky E.C.C., Albanian was one of the most-used languages, after English. Zoran Brdjanin, the former director of Montenegro's police force, told me phone intelligence had revealed that his countrymen were now increasingly embedded in countries all along cocaine routes. Whereas Montenegrins were once only couriers, now they were deeply involved in transportation and distribution. This was the same path forged by the Mexican cartels, which originally served as mules for drugs entering America, then took control of that entire supply chain. (Brdjanin was fired from his post in March, after revelations of corruption and violence in the Montenegrin police force; Prime Minister Abazović said that he did not "question Brdjanin's professional capacity" but added that a police director needed "to know about criminals in his units.")
Although many gangsters on encrypted networks were low-level figures, these conversations have helped law-enforcement officials build detailed cases against "high value targets." Daniel Kinahan is a forty-five-year-old Irishman who leads an organization that, according to the U.S. Treasury, "smuggles deadly narcotics, including cocaine, to Europe, and is a threat to the entire licit economy through its role in international money laundering." Sports fans may also know Kinahan as the former owner of MTK Global, a boxing management company, and as the man whom Tyson Fury, the World Boxing Council heavyweight champion of the world, publicly thanked for arranging two title bouts against Anthony Joshua. (After Fury's acknowledgment sparked outrage, he distanced himself from Kinahan.)
In 2017, Kinahan got married at the "seven-star" Burj Al Arab hotel, in Dubai. The guest list for the wedding was soon pinned to the walls of national police agencies. It included Ridouan Taghi, a Moroccan Dutch man currently on trial in the Netherlands for several murders and attempted murders; Edin (Tito) Gačanin, a Bosnian whom the D.E.A. describes as one of the world's top traffickers; Richard Eduardo Riquelme (El Rico) Vega, a Chilean Dutch man, who was convicted in the Netherlands two years ago of laundering drug money and of leading an assassination ring; and Raffaele Imperiale, a senior figure in the Camorra family. (Imperiale has become a state's witness.)
According to a Europol officer, at the time of the wedding these high-level criminals were considered to be working in their own fiefdoms. But Sky E.C.C. intelligence, coupled with testimony from a Dutch witness who can be known only as Nabil B., showed that the wedding had doubled as a business meeting for a giant Irish-Bosnian-Chilean-Dutch-Moroccan-Italian crime consortium. This group became known to law enforcement as the Super Cartel. The Sky E.C.C. intelligence indicates that the group, among other trafficking activities, established an investment fund for shipments of cocaine. Irish investigators believe that the M.S.C. Gayane shipment was financed by the Super Cartel. Jari Liukku, at Europol, noted that criminal networks "are making deals among themselves to lower the risks when it comes to the detection and loss of financial assets, when it comes to multi-ton cocaine shipments." In other words, "they are acting like normal businessmen."
In March, 2020, a British man named Ryan James Hale, who is associated with the Kinahan cartel, texted a Bulgarian contact on Sky E.C.C. about a huge shipment of cocaine headed for the Mediterranean coast of Spain: "We are going to load 700 kilos today. . . . Your part is 30% of the charge." Six hundred and ninety-eight kilos of cocaine were soon seized in Valencia. One of Hale's alleged conspirators, Anthony Alfredo Martínez Meza, a Panamanian who appears to have organized the loading of the shipment, texted his frustration when the consignment was seized: "I shit on my fucking life."
This past November, Operation Desert Light—a joint operation of the Dutch, Emirati, French, Spanish, Belgian, and American police forces—arrested forty-nine people suspected of being linked to the Super Cartel, including Hale and Martínez Meza. Europol jubilantly announced that a major blow had been struck against a network responsible for importing some thirty per cent of Europe's cocaine. Daniel Kinahan, his brother, and his father are the only top members of the Super Cartel who have not been arrested. There is a five-million-dollar reward for information leading to each man's capture.
If you’re involved in a large narcotics operation, logistics is only half the battle. Laundering the money is equally complex. Thanks in part to phone-chat surveillance, investigators learned that the Kinahan gang often dealt with a glut of cash by relying on a technique that once prospered along the original Silk Road: the hawala system of money transfer. In this system, cash doesn't move across borders. Rather, trusted informal bankers, known as hawaladars, hold large pools of money and pay out to clients upon receipt of a token. This informal banking system, which remains popular in the Arab world and in South Asia, has legitimate uses, but it is also seductive to organized criminals. When Hezbollah expanded its drugs and gunrunning businesses, it made use of hawala. Law-enforcement agencies now refer to a hawala or hawala-like arrangement as an "informal value-transfer system."
Robert McAllen, a money-laundering investigator from Northern Ireland, studies such systems. He explained to me that they rely on a "controller network," which effectively operates as a trading exchange, with billions of dollars of liquidity and with representatives scattered around the world. Each controller network moves value in a similar way: somebody in Dublin, for instance, wants to transfer half a million euros to a bank account in Dubai without using the mainstream financial system. For a commission of about nine per cent, an agent of the controller recognizes that the money exists in Dublin, and sends out instructions to collectors in Dubai to recognize the value there. The settlement within the network is then completed over a period of years.
When informal value-transfer systems were discussed on encrypted networks, the preferred token, McAllen told me, was the serial number of a low-denomination bill: five dollars, or dirhams, or euros. The sender and the recipient in the exchange shared the bill's serial number, and the exchange was completed. The EncroChat bust, in particular, illuminated how popular such informal systems had become. In the messages, there were myriad references to a "tkn"—a token. Photographs of serial numbers were often sent in return.
McAllen said such transactions were so dizzying that he inverted the traditional investigator's credo. "You can't follow the money," he explained. "You’ll go blind." Instead, he attempted to identify particular patterns of behavior—"typology and methodology"—and acted on the assumption that anybody engaging in those patterns must be attempting to move dirty money. He told me of cases in which the value transfers were so numerous and roundabout that it would be impossible, on the basis of any single trade, to determine the money's ultimate destination. The only reason that he had been able to figure out how such exchanges worked, he said, was "because they’ve talked about it so much on EncroChat."
Conversations on Sky E.C.C. proved similarly enlightening. In September, 2022, Johnny Morrissey, an Irishman who formerly worked as a night-club doorman in Manchester, was arrested in Spain on suspicion of laundering hundreds of millions of euros for the Kinahan gang, using hawala. During the investigation into Morrissey, which lasted eighteen months, agents in Ireland, the U.S., and Spain surmised from his texts and other evidence that he had been washing some three hundred and fifty thousand euros a day. "He was the Kinahans’ C.F.O.," Roy McComb, a former senior investigating officer for Britain's National Crime Agency, who has knowledge of the Kinahan group, explained to me. But Morrissey, McComb emphasized, was no financial innovator: "All he did was use a trusted and essentially off-the-grid system to move money. He wasn't Barclays Bank. He was a customer of Barclays Bank." Morrissey is currently awaiting trial in Spain.
Violence courses through the decrypted texts. In 2020, EncroChat messages revealed the existence of a torture site in a disused shipping container in Wouwse Plantage, south of the port of Rotterdam. Another six containers had been designed as cells to hold prisoners. When officers raided the torture container, they found a dentist's chair with restraints for arms and legs, in addition to finger clamps, scalpels, hammers, pliers, gas burners, and duct tape. One area had been reserved for waterboarding. The room was soundproofed.
According to EncroChat conversations, a man called Roger P. by the Netherlands’ court system, who was widely known in the underworld as Piet Costa, appears to have set up the site. Costa, who is thought to have worked for a Colombian cartel, was recently sentenced to fifteen years’ imprisonment for his role in a shipment of cocaine exceeding eight thousand pounds. Before his arrest, he sent a text about a few prisoners held by his group, adding, "I hope I get the chance to torture them."
Costa's opportunity never arose, because the construction of the torture site happened at the same time as the live phase of the EncroChat investigation. The police were duty bound to intercede whenever they became aware of an imminent threat to someone's life, even at the risk of the operation, but the torture chamber was raided before it was used. Across Europe, officers intervened in such cases with alarming frequency. British police alone acted to thwart some two hundred "threats to life" that had been discussed on EncroChat conversations. (Courts are now racing to keep pace with these interventions: a London gangster who asked on EncroChat for "2 savages" to avenge an attack on his mother, and spoke of his "James Bond ting"—a Walther PPK handgun—was recently convicted at the Old Bailey for conspiracy to murder.) At Europol, Lecouffe has explained that, although he was of course unsurprised to find that criminals used violence, he was shocked at "the level of violence" in Europe.
In the Netherlands and Belgium, murder rates remain low, but the atmosphere has changed as underworld activity has spilled into everyday life. In 2019, Derk Wiersum, the lawyer for Nabil B., the star witness in the Dutch government's murder case against Ridouan Taghi and sixteen other suspects, was shot dead outside his home, in Amsterdam. Two years later, Peter de Vries, the Netherlands’ most famous crime reporter, was murdered. De Vries had been a confidant of Nabil B.'s. Nine men have been arrested for their involvement in the crime. One suspect was intercepted on a call telling his girlfriend that de Vries was "always sticking his nose in where it doesn't belong," and "that's why they shot him."
In January, while I was visiting Antwerp, an eleven-year-old girl in the city was shot and killed in her home. The victim was the niece of an alleged trafficker, Othman El Ballouti, who grew up near the port and who was reportedly running much of the city's cocaine business; he is now thought to live in Dubai. The bullet that killed the girl was apparently meant for another family member. I visited the murder scene, which was on a quiet street in a district called Merksem. Several years ago, a gangland killing in such a place would have been unthinkable.
Violence is endemic to the drug trade, but in much of northern Europe it has been possible to imagine that drug-related brutality is a problem that occurs elsewhere: in Mexico, in America, in southern Europe. The phone intelligence, along with a slew of grisly headlines, has dispelled that myth. In June, 2022, after a wave of shootings, the mayors of Amsterdam and Rotterdam wrote to the Dutch Parliament, warning of "a criminal culture of violence that is acquiring Italian features." The mayors added, "It's not just about conflicts erupting over control of the drugs trade, but we are also seeing violence as a display of power and with the intention of weakening our democratic legal system."
In September, 2022, as if to prove the mayors’ point, the Belgian justice minister, Vincent Van Quickenborne, was placed under heightened security when law enforcement learned of a kidnapping plot against him. A car containing multiple weapons was discovered on the street where he lived with his family, and four Dutchmen connected to the drug trade were soon arrested. Belgian media reported that the plot was intended to force a prisoner exchange: Van Quickenborne for a high-profile trafficker. It was the kind of move that cartels in Latin American countries have been making for years.
Phone intelligence has also revealed that the nations at the center of the European cocaine trade are becoming infected with corruption. Vanderwaeren, the Belgian customs chief, told me that gangs cannot expect to move drugs through the port of Antwerp without at least the tacit assistance of port workers. "The criminal organization must have somebody in the terminal infrastructure who knows the container where the drugs are stored, and how they are stored," he told me. Sometimes port workers are bribed; sometimes they are threatened; sometimes it is a combination of both.
Link copied
In May, 2021, after the Sky E.C.C. bust, ten people working at the port in Antwerp were arrested for colluding with gangs. This past December, a thirty-year-old clerk for a company at the port was jailed for six years for aiding and abetting a drug trafficker. She had used the Sky E.C.C. network to provide the trafficker with arrival times for cargo shipments, serial numbers of containers, and PIN codes to access them.
Decrypting criminal messages sometimes made it possible to see how much it cost, in bribes, to move cocaine. For one shipment to Barcelona, crane drivers, dock workers, and port managers were collectively paid about four hundred and forty thousand euros to ease the passage of the consignment. In some messages, correspondents pondered whether they should delay the arrival of the cocaine while a dockworker in the gang's pay recovered from illness.
Andrew Young, the prosecutor in the an0m case, was taken aback by the intersection of graft and crime that he saw in the messages: "You think of organized crime and public corruption as different, but they’re really not. Both have the same goal, which is they’re trying to take over legitimate institutions for their own ends. And they use each other to do it." He continued, "When you get to a community, whether it's in Antwerp, New York, or Tijuana, where government officials are the actual criminals—not working for the criminals, but the actual criminals themselves—it's just so difficult to get rid of."
In February, a Montenegrin trafficker agreed to discuss how the bust of Sky E.C.C. had affected the criminal fraternity in Montenegro. (The conditions of our interview were that I could not name him or quote him.) We met a little later than we had planned. A drug dealer had been shot outside a restaurant in Podgorica that day. The trafficker knew the victim and had been at the hospital.
We met in the back office of an auto-body shop, along with my translator and a well-connected man who had helped set up the encounter. The trafficker chain-smoked Parliaments, and he had a giant frame, elephant-gray skin, and dark circles under his eyes. He wore a T-shirt emblazoned with the face of Vladimir Putin, of whom he was a fan. By contrast, he hated the E.U., Americans, and gay people—groups that he freely lumped together. Occasionally, his son arrived to empty the ashtray.
Soon after we sat down to talk, the trafficker told my translator that there’d be no interview after all: he wasn't a snitch, and never would be. Nevertheless, he continued to speak, and I continued to listen. The trafficker said that he had thrown his Sky E.C.C. phone into the sea two weeks before the entire network was suspended, having received a warning of some kind about the police infiltration. I wasn't sure whether to believe this, but it was possible: Montenegrin police had acted on "threat to life" information from Europol before the Sky network was dismantled, and had foiled murders based on the intelligence. A corrupt police officer involved in one of those operations may have offered favored clients a tipoff.
In any event, the trafficker did not seem worried about being arrested merely on the basis of his texts. He was worried, however, about a new spirit of law enforcement in his country. The Prime Minister, Abazović, had appeared on television two nights earlier to name and shame citizens believed to be involved in organized crime and corruption. The trafficker told me that he was grudgingly impressed with the Prime Minister: every single detail of the television speech was correct. He also complained that, since the phone surveillance had begun, security in the port of Bar had improved. A task force of British border agents now worked there to help stop the flow of contraband into Europe, and appeared to be doing an effective job. Large-scale cigarette smuggling, the trafficker conceded dolefully, was not viable for the moment.
What about cocaine? Was trade still brisk? The trafficker turned away from me and said, in so many words, that he was going to beat me up and leave me in a ditch somewhere. Then he turned to me again, and, since he threatened to break my bones, I feel no guilt about quoting him. "You shouldn't ask such fucking questions," the trafficker said, in Serbian. "In Montenegro, it's bad for your health."
The trafficker may not have wanted to answer the question, but the statistics speak for themselves: the cocaine business is still booming. The record seizures at Antwerp last year were celebrated as a victory by customs officials, but they may simply indicate a higher volume of drugs being trafficked at the port. It is impossible to measure what one cannot see. There are other ways to gauge the health of the trade. The price of cocaine in Europe has remained steady, and is perhaps even falling in places. The average purity of cocaine in Europe, meanwhile, is up. These trends do not indicate a commodity under stress. Wastewater analyses also suggest that as many Europeans as ever are using the drug.
Across the Atlantic, in Colombia, Peru, and Bolivia, which cultivate ninety-nine per cent of the world's coca plants, farming techniques are improving. Toby Muse, the journalist who wrote "Kilo," a harrowing investigation into the cocaine trade in Colombia, told me that in recent years growers had been planting many new and especially fecund varieties of the coca bush, and had become increasingly skilled at using herbicides. "There's never been more cocaine produced than there is now," Muse told me.
European politicians whose job it is to counter the trade are left in a muddle. In Antwerp's port, I met Vincent Van Peteghem, the Deputy Prime Minister of Belgium and its Minister of Finance. Since his ministry encompasses the customs office, cocaine is his problem. He told me that, although there were measures a government could take to combat organized crime—better scanners, more customs officers, improved collaboration between national police forces—the flow of drugs would stop only if there was a change in attitude among Europeans. "Drugs are being normalized in our society," he said. "Users need to look themselves in the mirror. They are putting our security in danger. I hope they are wise enough to understand that, without demand, there is no supply."
A moral appeal to cocaine users seemed unlikely to succeed. I wondered how hopeful police forces were feeling. At Europol, Lecouffe described the period between the infiltration of Ennetcom and the an0m sting as analogous to the period between law enforcement's adoption of the wiretap and its exposure to the public: a time of unrivalled police dominance. The crooks talked as if nobody were listening. The police listened without being seen. That period was over. Police had made thousands of arrests, and major criminals had been jailed, but organized crime remained robust.
Of course, investigators at Europol and elsewhere were still sorting through the billions of texts seized during the stings, and new discoveries could lead to hundreds, if not thousands, of additional investigations. Meanwhile, police forces continued to announce successful infiltrations. In February, German and Dutch investigators reported that they had broken into Exclu—a network created in the so-called CyberBunker, an underground server farm outside Traben-Trarbach, Germany, and associated with an Irish trafficker named George (the Penguin) Mitchell, who is now on the lam in Portugal. Altogether, the phone surveillance has been instrumental in arresting—or, at the very least, seriously handicapping—thousands of Europe's most serious criminals.
Lecouffe was surprisingly breezy about the challenges ahead. It was not his job to ponder whether the war on drugs was futile; his job was to help cops catch crooks. The phone intelligence had provided a detailed map of the underworld that would guide him for years. He wasn't worried that criminals would now be more cautious with their communications or would migrate to such encrypted apps as Signal and WhatsApp. Throughout history, power in the relationship between law enforcement and its quarry has swung this way and that. But criminals would always be vulnerable, he said, because "there are two things they cannot avoid—to move themselves and their goods from one place to another, and to communicate." ♦
An early printing of this article credited the incorrect artist for the illustration above.