Front Burner - Canadian encrypted phones, a mass hack, and 10 thousand arrests
Episode Date: December 2, 2024More than 10,000 arrests, a mountain of drugs stopped at the border, and more than a hundred assassination attempts thwarted. Those are just some of the results of a massive police data hacking operat...ion in Europe to disrupt organized crime. And at the center of it all – Vancouver tech company Sky Global – that promised communication couldn’t be hacked by their encrypted phones.Frédéric Zalac, and Radio-Canada’s investigative program Enquête teamed up with journalists from a dozen European media organizations for the year-long investigation.The documentary aired on The Fifth Estate as “Cracked: Crimes Behind Encryption.” You can watch it on YouTube.For transcripts of Front Burner, please visit: https://www.cbc.ca/radio/frontburner/transcripts
Transcript
Discussion (0)
In the Dragon's Den, a simple pitch can lead to a life-changing connection.
Watch new episodes of Dragon's Den free on CBC Gem.
Brought to you in part by National Angel Capital Organization,
empowering Canada's entrepreneurs through angel investment and industry connections.
This is a CBC Podcast.
Hi, I'm Jamie Poisson.
10,000 arrests, a mountain of drugs stopped at the border, and more than 100 assassinations thwarted.
Those are just some of the results of a multi-year operation in Europe to disrupt organized crime. At the center of it all, there is this Vancouver tech company selling
encrypted phones. Sky Global promised their users that their communications could not be hacked,
leading their phones into the hands of criminals around the globe. The company's CEO is now facing charges in the United
States and France. Today, we're talking to Frédéric Zalac. He's an investigative reporter at Enquête,
and he's been working with colleagues in France digging into this story, which has also been
turned into a doc for the Fifth Estate. And he's going to walk us through the truly wild details.
the truly wild details.
Frederic, hey, it's great to have you on the show.
Thanks for coming on.
Hi, Jamie.
Let's start with this company, Sky Global.
What was it that they were selling?
Phones, an app, both?
So basically it was both because it was an app that was installed at first on BlackBerry phones and eventually on iPhones.
It was encrypted end-to-end, like we think of Signal, WhatsApp, but it was more than that.
So it had really high encryption, and it took over some features of the phone as well.
So it disabled the front camera.
It disabled the microphone. You couldn't even make a voice phone call like a regular phone. You couldn't do that. And that was
to secure it as much as possible to limit any possible intrusion. It had a few cloak and dagger
features to it as well. For example, you could hide the app behind a calculator. So you'd have
to do a calculation on it to bring the Sky ECC app on the phone. Other features, for example,
is that you could, if you were under duress, if someone was forcing you to unlock your phone,
you could enter a different password and that password would
trigger a wipe of the phone instantly.
So the whole phone would be erased at that point.
And in cases where your phone is no longer in your hands, it's in people's hands that
you don't want to, you could call customer service to have them remotely wipe your phone.
customer service to have them remotely wipe your phone. So obviously a lot of features that are geared to people that want privacy.
Tell me a little bit more about who the customers, the company's intended customers would be here.
They say that they were targeting journalists, CEOs, celebrities.
And there's been rumors going around the office there that Drake was one of the users.
We reached out to Drake's publicist, but never got a response.
And maybe even NGOs.
We asked the company to give us some of the names, a few names of people that have used it legitimately.
And it took many, many, many months before we got an answer.
And we got only three names back, two small business owners.
And the third man was a hand-to-hand combat expert who was a friend of Sky Global's owner
and who used it for privacy reasons.
So he says that, you know, people in his friends and family
and even in his professional circles were using this for privacy reasons.
But we also know that all those features were also very attractive to criminals. Tell me a bit about the people behind this company, Sky Global.
It's a family company, right?
Yes, it's an interesting story because the CEO, Jean-François Ypres, his parents came from Cambodia.
My parents were war victims of the Khmer Rouge in Cambodia.
My dad had to flee and evade the war.
And Canada is the country that welcomed them.
They arrived in Quebec in 1980, and the family moved to Vancouver,
where he grew up and went to school and all that. And his dad at some point was a janitor at Costco,
but decided to go and study and go to university. So he went to Simon Fraser University, was studying computer science.
And during that time, his son went to university at first, but dropped out to go and start selling
phones in Rogers and Fido dealerships. His mom was a chef in a restaurant here. And so all of them
around here. And so all of them started working for this company that the son created. And they decided to develop these encrypted phones, encrypted devices. And it's actually the father
of Jean-François Heap who designed the encryption algorithm. I mean, my dad's a genius. You know,
there's things that I would never be able to do what my dad does.
He helped build a new technology for data and security.
And that product was called Sky ECC.
They started working on that in 2011.
And then in 2013, they started selling that at a time where privacy issues were making the headlines.
For example, there was the Edward Snowden revelations.
What can the NSA do with this device if they wanted to get into my life?
Chinese intelligence service, any intelligence service in the world that has significant funding and a real technological research team can own that phone the minute it connects to their network.
As soon as you turn it on, it can be theirs. They can turn it into a microphone. They can take
pictures from it. They can take the data off of it. And so it was a good time to come up with an idea like that. I'm a privacy advocate.
The product of SkyACC gave power back to users, to individuals. It gave them the power to really
own their data. We went to the Vancouver office here and I must say it doesn't feel at all like a criminal den. You go around there, it absolutely looks like a typical Silicon Valley tech startup.
There's the foosball in a corner.
They've got the open area, open space.
And so, yeah, it looks absolutely like a normal tech company. Did the EAPs know that their phones were being used by or had become very popular among criminals?
Well, one of the things that the company promised was anonymity. And that was a big, important selling point is that
they said to the potential users, we don't know who you are. We don't collect any information
about you like the big telecom companies would do. And we don't keep your messages. We don't
know anything about you. So that's kind of part of the contract of this whole product is to say, you stay anonymous.
We don't know who you are.
But obviously, they knew that their product could be used by criminals.
And they had examples of that happening. And what they say is they took
some action when they learned that a user was using it to commit crimes, that they would
cancel the account, for example. My technology was never made or designed or intended for criminal
use. You know, I really wish I can go into more details, but with my lawyer's advice and the rules with the U.S., it's improper for me to do so.
But we decided to look at the distributors because it's true that the company Sky Global didn't know who the users were, but they certainly knew who their distributors were and the resellers.
And so we found a lot of distributors that had, especially the top distributors,
had a lot of connections to criminals. And the biggest distributors were actually based in Canada,
mostly in the Toronto area, in the Vancouver area. And these distributors then would have
hundreds of resellers around the world. And we
looked at one of them carefully, what was called a distributor in Mississauga called Global Wireless
Solutions. And when we look at the background of the people that were running that company,
well, we found that they all had criminal records. They had been convicted for drug trafficking in the past,
including Long Min Mason Vo,
who was one of the shareholders and a director of the company,
and a guy called Terry DeNuyen,
who was an original director of the company.
He was one of the incorporators of that company.
So Terry Nguyen has a lot.
He's very well known by police in Toronto.
He's got a long criminal history.
In 2005, he went to Windsor with members of the Asian Assassins Gang that he was part of in Toronto.
members of the Asian Assassins Gang that he was part of in Toronto. So they went to Windsor and did a violent home invasion that I think the Windsor Star said it was like a Tarantino movie
scene that led to a standoff, a three-hour standoff with police. And Nguyen was charged,
convicted, and sentenced to five years in prison for that. And he was forbidden from ever carrying a firearm after that.
And so 10 years later, he's there incorporating this distribution companies with a couple of other guys in Toronto.
And seven months later, after the incorporation, he's distributing these Sky ECC phones.
He goes to a restaurant in Toronto with his girlfriend and two guys come in
and it was like a high-end restaurant
just a few blocks away from CBC
and they shot him and his girlfriend.
His girlfriend ended up in intensive care
for two weeks.
They both survived.
But because he was,
the thing is he was actually carrying
a weapon as well at that point.
The context is there was a war between the Asian assassins and the Chinpaks at that time in Toronto.
So they were gunning each other down.
And police charged him because he had a gun.
He was not allowed to have a gun on him at that point.
So he goes to prison again for two years, comes out of there, and goes back to distributing Sky ACC phones again.
And so we can see that he was in chat groups with high-level management of Sky Global here in Vancouver, including Jean-François Yves, after coming out of prison.
So he was like a high-level distributor
with obviously a very, very dubious past. In the Dragon's Den, a simple pitch can lead to a life-changing connection. Watch new episodes of Dragon's Den free on CBC Gem.
Brought to you in part by National Angel Capital Organization,
empowering Canada's entrepreneurs through angel investment and industry connections.
Hi, it's Ramit Sethi here.
You may have seen my money show on Netflix.
I've been talking about money for 20 years.
I've talked to millions of people, and I have some startling numbers to share with you.
Did you know that of the people I speak to,
50% of them do not know their own household income?
That's not a typo, 50%.
That's because money is confusing.
In my new book and podcast, Money for Couples,
I help you and your partner create a financial vision together. To listen to this podcast, just search for Money for Couples. I help you and your partner create a financial vision together. To listen
to this podcast, just search for Money for Couples. These guys that we've all been talking
about, these folks, they're all based in Canada, but we started this conversation when we were
talking about arrests happening in Europe, right? And so just take me through how this whole
operation went global.
Yeah.
So that was the principles that the company in Vancouver was not selling directly to people, at least not until the end, like the end of 2020, where they set up a website where you could buy it from there. And they had this network of a few, and I would say maybe a handful of five or six big distributors that basically sold 75% of their phones.
And these distributors then would hire resellers in Europe, in Latin America, in different places around the world.
the world, they would also be collecting the money because, and the resellers typically were, you know, small repair, phone repair shops, for example.
And these resellers would be charged of, like they were in charge of getting the money back
for the subscriptions.
And it usually was often paid in cash or in Bitcoins.
And so to, you know, keep the anonymity of all that. So there was a lot in cash or in Bitcoins. And so to keep the anonymity of all that,
so there was a lot of cash coming in,
and they sold a lot in Europe.
One of the places where it was really popular
was the Balkans.
And Global Wireless Solutions,
that distributor in Mississauga,
had hired a reseller in Belgrade who ended up selling these phones to the Serbian mafia,
to a very violent group called the Principi gang.
And not only was he selling these phones, providing these phones to the Principi gang,
he was himself a member of that gang.
these phones to the Principi gang, he was himself a member of that gang.
And that gang actually had a house in the suburbs of Belgrade where they would bring in, lure in some of their enemies, ambush them there.
They would torture them and they would take pictures of that and send the pictures to
their enemies to intimidate them or in between.
They used Kaicici to send those pictures.
So far, what we know from the investigation, like seven murders happened in the house.
None of the bodies were ever found because they would use a mincing machine for the meat.
So they would literally mince their victims and they would throw them
basically to the Danube River that is nearby. There's even a picture of that Sky ACC reseller
Surgeon Lalic who is smiling as he's holding one of the victims. And the local press in Serbia nicknamed the smiling butcher.
Frederick, have you been able to speak with the EAPS, to speak with Sky ECC about these distributors? was unaware of the criminal background of the leaders of global wireless solutions and
that they expected them to follow the terms of service and that if they saw that a distributor
or reseller was involved with criminal undertakings, that they would cut their ties right away.
They didn't answer directly about what happened in Serbia, but in general,
they're just basically saying that they were unaware of that.
Okay. And now I got to come back to this murder room, right? It's really quite chilling to see
the photos inside this room where these gangsters were torturing and murdering people. You have some
of them. And I just, I think it obviously begs the question, how did you get them?
Well, the thing is, these criminals thought that all their communications were completely secret
and no one could ever get their hands on it.
Even on their own phones, these photos would not stay for a long time,
automatically deleted after a certain time.
These photos would not stay for a long time, automatically deleted after a certain time. But what they didn't know is that police in Europe by that point had managed to get a wiretap warrant.
And the servers that Sky Global was using to relay the messages between users were actually located in France.
So they were located in a jurisdiction that the European police could have access to, basically.
So they got a warrant.
They tapped these servers and got all the messages that were being exchanged every day
by 160,000 accounts of SkyCC users.
And in total, that operation lasted for almost two years.
The police got over a billion messages, a billion messages that were encrypted.
At first, they couldn't read them.
But eventually, down the road, some of their experts managed to crack the code and they started being able to read those messages.
I'm just curious, like, were there concerns that tapping that many users? I mean, I would imagine not all of them would be criminals, right?
Like, were there concerns?
But doing that without specific evidence of wrongdoing, that it was too broad of an approach?
That is a very, very good question. And it's at the heart of why this operation in Europe was
a bit controversial, because they didn't know who the users were when they got that warrant.
And there's even a judge in the Mevalon said, no, I can't agree with this because I don't have, you're
not providing me the evidence that they are all criminals.
All the users are criminals.
So they could do it in France because France has more lax laws, if you want, or allows
law enforcement to do that kind of mass interception.
There were changes even after the Paris attacks.
So it was possible to do in France, but not elsewhere.
It would not be possible in Canada.
Like if you want to get a wiretap in Canada,
you have to target it to a specific person.
You also have to give information.
That's why you're thinking that this person is a criminal
or is committing crimes.
So they managed to do it.
They say it was all legal because it was legal to do it in France.
And then they've got access.
But there's some privacy advocates in Europe that are saying this was a fishing expedition.
This should not have been allowed because so many people, their private communications were taken, were intercepted.
Right. But this so-called phishing expedition, it yielded results, right?
Because at the beginning of our conversation, we were talking about 10,000 arrests.
So just take me through what it was that they found once they cracked this encryption.
Well, it was spectacular for the police.
I mean, for them, there's someone linked to police that was saying it's like, you know, you normally find a fish or two when you go fishing.
But now it's like we emptied the ocean and we can see all the fish at the bottom.
We're really leaning hard on this metaphor.
Yeah.
Yeah.
So it was fantastic for police because they could see things
they had never seen.
They could see people higher up in the chain that they would not have seen.
They could see collaborations between criminal networks
that they didn't know about.
They could see the level of drugs being imported in Europe
that was higher than what they thought.
Yeah.
They got—
It's like so much cocaine, right?
So much cocaine.
So much cocaine.
And so they managed to—like 10,000 arrests linked to that.
Up to now, there's 5,000 convictions.
Arrests linked to that.
Up to now, there's 5,000 convictions.
There were, I think it's 121 tons of drugs that were seized. They managed to follow live even for a certain time what was going on.
cartels from moving drugs in container ships from South America, and they could follow them live as they were communicating with the cartel boss in Dubai and then to the ports
in Antwerp and Germany.
And so police managed to seize all that while following that.
They also thwarted some assassination attempts that were
ongoing, and then they managed to save some lives, like 114 killings.
The 114 people were, lives were saved because of what they're doing there.
What have the ramifications been here in Canada?
Well, we know that SkyCC was used in Canada from data we got from the leaked documents.
A lot of Canadians were using those phones, but we haven't heard of a single arrest being announced by police here.
And you compare that to 10,000 arrests in Europe. So we were wondering, why? What's going on here? And we asked the question to the RCMP. They didn't want to talk directly to reply to questions about
Sky ECC, the Sky ECC investigation. But they did say that when they're doing investigations in Canada
about Canadians, they do have to follow Canadian criminal code,
the Charter of Rights and Freedoms.
So that could limit what they do.
The Canadian system doesn't allow us to prosecute them.
It barely allows us to investigate it.
And extremely rarely can we convict anybody in Canada.
Thus, you're seeing the Americans, you know, providing a shield because we just can't do it in Canada in the vast majority of the cases.
Questions that we could ask is maybe the way it was intercepted in Europe, could that stand in court here in Canada?
But up to now, we don't know of any cases linked to that interception.
And as for Jean-François Yip, it's completely legal to sell encrypted phones in Canada.
He's not charged here.
He still operates 20 Fido and Rogers dealerships, and he's free to go.
But he obviously can't go to the U.S. or to France because he'd be arrested there.
But up until this point, we are not aware that there's any extradition process in place.
Frederick, thank you. This was great. Really interesting.
Also has the makings of, I think, probably a pretty interesting movie.
I think there's a Netflix series that's probably going to come out next year.
Oh, for real?
Not surprising.
That makes sense.
All right.
Thank you so much.
It was a pleasure.
You're welcome.
All right.
So you can check out Cracked Crimes Behind Encryption on the Fifth Estate's YouTube channel.
We are going to link to it in our show notes.
That's all for today.
I'm Jamie Poisson.
Thanks so much for listening.
Talk to you tomorrow.