Australian police arrest suspected head of encrypted Ghost app

Authorities said the operation stopped “a number of threats to life” and seized a drug lab after Australian police infiltrated the messaging service.

Police located servers in France and Iceland and arrested Ghost’s suspected administrator, a 32-year-old Australian named Jay Je Yoon Jung.

Founded in 2017, Ghost became popular with criminals due to its advanced security. It employed three encryption standards, allowed users to destroy all messages sent to a recipient’s phone, and did not require subscribers to reveal any personal information about themselves.

Jung lived in a quiet suburb of Sydney and, according to Australian media, with his parents. He is said to have sold modified smartphones with embedded Ghost code for $2,350 a piece, offering a six-month subscription and technical support with each sale. He is accused of five offences, including supporting a criminal organisation and identity fraud.

Authorities told public broadcaster ABC that police infiltrated Ghost after seizing a mobile phone. “It was really very clever software engineering and modification of updates to these devices to essentially turn them into surveillance devices,” an Australian Federal Police official said.

Europol and Eurojust coordinated the arrests of nine governments, including police from Australia, Canada, France, Ireland, Italy, the Netherlands, Sweden and the United States. Ghost users also included organized crime figures in the Middle East and South Korea. Australian police were able to prevent the death or serious injury of up to 50 people, said David McLean, deputy commissioner of the Australian federal agency, during a press conference.

“The criminals thought they could hide behind technology to coordinate drug and arms trafficking, extreme violence and money laundering across borders,” said Europol Executive Director Catherine De Bolle. “No matter how advanced the technology, no matter how secure they keep their communications, we will find them.”

The shutdown is one of several international law enforcement actions targeting encrypted communications networks. French and Dutch police breached the encrypted messaging service EncroChat in 2020. That operation led to the arrest of 6,558 people worldwide and the seizure of €900 million in illegally stolen funds by police last year, according to authorities (see: EncroChat disruption leads to arrest of over 6,000 suspects).

In 2021, Belgian and Dutch police targeted Sky ECC, another now-defunct encrypted messaging service (see: Police target criminal users of the crypto phone service Sky ECC).

Ghost does not have the same number of users as those two chat networks, Europol’s Deputy Executive Director Jean-Philippe Lecouffe said during the press conference. Disrupting those other services has fragmented the criminal market for encrypted chats, he said. “Sometimes the smaller networks get the most criminals and the most interesting information,” he added. Lecouffe also echoed the now-standard law enforcement plea for technology providers not to offer unbreakable end-to-end encryption, calling access to communications between criminals the “lifeline of our operations.”

Cybersecurity advocates oppose attempts by governments to create a vulnerability in end-to-end encrypted messages, arguing that hackers would eventually discover and exploit that vulnerability. The European Court of Human Rights ruled earlier this year that end-to-end encryption is essential to protecting the right to privacy in digital communications systems, and privacy activists argue that lawful access mechanisms to messages would be a means of mass surveillance. Technology companies generally resist police calls for no end-to-end encryption, citing the need to maintain user trust in online messages.

At the end of August, French authorities arrested Telegram CEO Pavel Durov and charged him with being involved in hacker attacks, sexually abusing children and refusing to cooperate with law enforcement authorities (see: Charges against Telegram CEO threaten end-to-end encryption).

With reporting by David Perera of the Information Security Media Group in Washington, DC