The Australian Federal Police (AFP) has led a successful international law enforcement operation to take down Ghost, a dedicated encrypted communication platform allegedly used for drug trafficking, money laundering, organized killings and other crimes and illegal activities.
The creator and administer of Ghost, a 32-year-old man living in New South Wales, Australia, was arrested on September 17 and faces five charges.
The raid, dubbed Operation Kraken by the AFP, involved eight other law enforcement agencies worldwide and was coordinated by a Europol international taskforce.
Ghost, a Crimeware-Only Messaging App
Ghost is an encrypted communication platform the AFP said was exclusively used by organized crime groups worldwide.
The app was allegedly created around 2015 and sold with a modified smartphone provided to the administrators through a network of resellers.
The mobile device was sold to criminals across the globe for about AUD$2350 ($1590), which included a six-month subscription to an encrypted network and tech support.
The AFP estimated there were 376 active handsets in Australia when the operation took place. Most of the alleged offenders who used Ghost are in New South Wales.
The app was also used by organized groups in Ireland, Italy and Central Europe, according to New South Wales Police Force Assistant Commissioner Mick Fitzgerald speaking during a Europol press conference.
Although less ubiquitous than previously disrupted similar apps, such as EncroChat, Sky Global, Phantom Secure or AN0M, Jean-Philippe Lecouffe, Europol’s Operations Director, said during the press conference that Ghost’s “footprint is still global and some very powerful criminal groups are using it.”
Lecouffe explained that the market for such crimeware tools is more fragmented than before, with a more substantial number of smaller networks having replaced the few, bigger ones after they were disrupted by law enforcement.
“For us, the size is not the main factor. Sometimes the smallest network attracts the most significant criminal groups,” Lecouffe added.
Establishing OTF NEXT
In early 2022, the Swedish Police Authority started investigating Ghost and asked international partners, including the AFP, to join an operational taskforce.
In March 2022, Europol created a dedicated task force, OTF NEXT, which was led by the FBI and French Gendarmerie and included the AFP, the Royal Canadian Mounted Police (RCMP), the Swedish Police Authority, the Dutch National Police, the Irish Garda Síochána and the Italian Central Directorate for Anti-Drug Service.
The Icelandic Police have also assisted in the operation.
Europol’s Lecouffe said during the press conference that the operation was headquartered at Europol with secondary operational bases in Australia and Ireland, with over 40 operational meetings between partners over three years.
“Together, we mapped out the network, identified the suppliers and the users and tracked down the infrastructure, […] turning collaboration to concrete results,” he added.
Disrupted by a Supply Chain Attack
In 2024, the AFP managed to infiltrate the crimeware app and performed a supply chain attack against the suspect’s infrastructure.
“The administrator regularly pushed out software updates, just like the ones needed for normal mobile phones. But the AFP was able to modify those updates, which basically infected the devices, enabling the AFP to access the content on devices in Australia,” the AFP said in a public statement.
On September 17 and 18, about 700 AFP officers executed search warrants and provided support during two days of action across four Australian states and territories.
Simultaneously, police action was being undertaken in Ireland, Italy, Sweden and Canada.
More Ghost-Related Arrests to Come
According to the AFP, the successful operation resulted in:
- 38 arrests
- 71 search warrants
- Intervening in 50 threats to life/threats to harm
- Preventing more than 200kg of illicit drugs from harming the Australian community
- Seizing 25 illicit firearms/weapons
Up to 50 alleged Australian offenders accused of using Ghost are facing serious charges, including significant prison sentences.
More Australian and international arrests are expected over the coming days.
Read more: LockBit Takedown: What You Need to Know about Operation Cronos