Saturday, December 12, 2020

Encrochat "Bites the Dust"? Think Twice

Since when does law enforcement attacking a commercial encryption phone and software company constitute news? Keep reading.

It appears that for a while the news was a buzz with law enforcement managing to obtain access to the primary domain that used to control the entire Enrochat franchise and actually eavesdropped on its communications which led to arrests.

The bad news? It appears that someone got it all wrong in the context of attacking a commercial encryption software and device which basically means that anyone can attack any service or a vendor that appears to be using encryption for the purpose of catching "ordes of cybercriminals".

Sample network reconnaissance for Encrochat's network:
hxxp://encrotalk.encrochat.ch - 216.187.86.233 - Email: encrochatnetwork@protonmail.com
hxxp://encrotalk2.encrochat.ch - 124.217.254.93
hxxp://encrotalk3.encrochat.ch - 185.55.53.173

hxxp://chat.encrochat.ch - 91.134.188.27
hxxp://status.encrochat.ch - 145.239.192.20
hxxp://jasper.encrochat.ch - 54.38.250.133
hxxp://update.encrochat.ch - 51.38.255.43 - 51.38.255.42 - 137.74.125.228
hxxp://sims.encrochat.ch - 54.38.250.133
hxxp://marvin.encrochat.ch - 145.239.192.63 - 149.56.23.134
hxxp://stargate.encrochat.ch - 91.134.128.107 - 149.56.23.134
hxxp://connect.encrochat.ch - 145.239.192.32 - 145.239.192.28 - 5.254.102.251
hxxp://currency.encrochat.ch - 54.38.250.21
hxxp://notes.encrochat.ch - 147.135.143.142 - 216.187.80.153
hxxp://dmo.portal.encrochat.ch - 91.134.128.98 - 51.38.21.251
hxxp://nexus.encrochat.ch - 149.56.251.50
hxxp://vanc.encrochat.ch - 216.187.86.36
hxxp://portal.encrochat.ch - 216.187.117.207
hxxp://media.im.encrochat.ch - 145.239.192.60 - 147.135.143.151
hxxp://connect.talk.encrochat.ch - 145.239.192.49 - 37.59.24.100
hxxp://encrotalk2.encrochat.ch - 91.134.188.24
hxxp://test.encrochat.ch - 149.202.201.156
hxxp://encrotalk3.encrochat.ch - 91.134.188.23 - 91.134.188.24 - 91.134.188.25


Believe it or not but the Encrochat entire bust history is currently available online for sale meaning a bad OPSEC (Operational Security) is taking place or that someone's playing dirty and is on purposely sharing the entire database to the public.

Talk to me about public accountability? Someone should be definitely looking forward to obtaining access to the database and look for criminal sentiments in the context of justifying the law enforcement operation.