Police announce takedown and arrest mastermind behind criminal comms platform ‘Ghost’

Avatar

Ghost, an encrypted communications platform used by organized crime groups, has been dismantled by a global law enforcement operation, Europol announced on Wednesday, as the Australian Federal Police said they had arrested and charged the suspected mastermind operating it.

Similar to many other encrypted messaging apps, Ghost was distributed via modified mobile phone handsets by resellers. It offered its users various encryption standards to communicate with, and the option to remotely wipe devices to conceal evidence.

The tool, which had been in operation since 2015, was allegedly used by “several thousand people” worldwide to send around a thousand messages a day, with servers located in France and Iceland while the company’s owners were based in Australia.

“We allege hundreds of criminals, including Italian Organised Crime, outlaw motorcycle gang members, Middle Eastern Organised Crime and Korean Organised Crime have used Ghost in Australia and overseas to import illicit drugs and order killings,” AFP Deputy Commissioner Ian McCartney.

The first of several announcements made this week by the Australian Federal Police (AFP) regarding the takedown of the network — and following its infiltration by law enforcement — declared the arrest of Jay Je Yoon Jung, a 32-year-old Australian, who has been charged with running the platform.

In its statement, AFP said: “Law enforcement has again infiltrated a criminal platform and outsmarted organised crime. EncroChat, Sky Global, Phantom Secure, AN0M and now Ghost – all platforms used by transnational serious organised crime – have been dismantled over the past decade.”

A series of coordinated raids and technical interventions took place at the same time as the takedown. As of Wednesday, 51 suspects have been arrested: 38 in Australia, 11 in Ireland, one in Canada, and one in Italy “belonging to the Italian Sacra Corona Unita mafia group.”

Alongside these arrests, Eurpol said a drugs lab was dismantled in Australia, while weapons, drugs and more than €1 million in cash has been seized globally.

Europol said that “recent law enforcement actions targeting platforms used by criminal networks” has caused an increasingly fragmented landscape for encrypted communications.

“Criminal actors, in response, are now turning to a variety of less-established or custom-built communication tools that offer varying degrees of security and anonymity,” posing challenges for law enforcement.

The AFP will allege there are 376 active Ghost handsets in Australia, and said that as a result of its intervention it has prevented more than 200kg of illicit drugs from harming Australians and seized 25 illicit firearms/weapons.

McCartney said: “Over the past two days, about 700 AFP members have executed and assisted in search warrants across four states to arrest those who have used a dedicated encrypted communications platform named Ghost.

“Taking down dedicated encrypted communication devices takes significant skill. But the holy grail is always penetrating criminal platforms to access evidence – and this is where the AFP is world leading,” said the deputy commissioner.

“Because we could read these messages, the AFP, with state partners, were able to prevent the death or serious injury of 50 individuals in Australia,” he added.

Jay Je Yoon Jung is set to make his first court appearance on Wednesday. He faces up to 26 years in prison if found guilty of all charges.

CybercrimeTechnologyNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Russian cyber firm Dr.Web says services are restored after ‘targeted cyberattack’

Next Post

Russia targets Harris campaign with wave of fake videos

Related Posts

GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks

A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were
Avatar
Read More