The Canadian accused of building a digital den for drug dealers

This episode delves into the story of a Canadian linked to a tech company that provided encrypted smartphones, which were used by criminal networks.

1. Encrochat sold encrypted smartphones to users seeking privacy, attracting criminals who used these devices for illicit activities.
2. French police infiltrated Encrochat by planting malware disguised as a software update, which led to thousands of arrests and significant drug busts.
3. The episode raises questions about the balance between individual privacy rights and the needs of law enforcement.
4. Paul Kruski's background and operations demonstrate the challenges in regulating and overseeing tech companies that operate in the shadows.
5. The legal ramifications for Kruski and his associates highlight the global challenges in tackling cybercrime and digital privacy.

1: Introduction

Vas Bednar introduces the podcast, setting the stage for a discussion on significant trends in business and technology. Vas Bednar: "I'm Vas Bednar, and every Friday I'm going to be having a conversation about big defining trends in business and technology."

2: The Rise of Encrochat

The episode describes Encrochat's business model and its appeal to a clientele that included criminals seeking to evade police detection. Joe Castaldo: "Encroachat sold actual smartphones... these were modified Android devices."

3: The Fall of Encrochat

Details of how French police infiltrated Encrochat's network, leading to a massive crackdown on criminal activities. Joe Castaldo: "And when users installed this update, what it did is it sent copies of their messages."

4: Paul Kruski's Profile

Exploration of Paul Kruski's life, his motivations for starting Encrochat, and his eventual arrest. Alexandra Pizzadsky: "He was a very private individual... very obsessed with privacy."

1. Evaluate digital privacy tools critically: Understand the security features and potential vulnerabilities of encrypted communication tools.
2. Stay informed about digital rights: Keep abreast of how laws and regulations might affect your digital privacy.
3. Use technology responsibly: Be aware of how your digital footprint can be tracked and used by both corporations and governments.
4. Support transparent practices: Advocate for clear policies from technology providers regarding data handling and user privacy.
5. Educate others about digital security: Share knowledge about secure communication practices to help protect against surveillance and data breaches.

Paul Krusky is an unassuming tech nerd whose company, EncroChat, was once just one of the world’s many encrypted phone services. Now, he is in a French prison as police accuse him of building a digital den for Europe’s drug dealers.

Globe reporters Joe Castaldo and Alexandra Posadzki explain how EncroChat wound up at the centre of thousands of criminal arrests in Europe and what we know about Paul Krusky’s past and the charges against him.

People

Paul Kruski

Companies

Encrochat

Content Warnings:

None

Vas Bednar
Welcome to lately a new Globe and Mail podcast. I'm Vas Bednar, and every Friday I'm going to be having a conversation about big defining trends in business and technology that are reshaping our everyday find lately, wherever you get your podcasts.

Manica Ramon Wilms
In recent years, there have been a series of big drug and crime busts in Europe that resulted in more than 6500 arrests.

More than €700 million have been seized, along with nearly 1000 weapons, 271 homes, 971 vehicles, 83 boats, and 40 planes.

And at the center of all of this is one tech company called Encrochat.

Heres how report on business. Journalists Joe Castaldo and Alexandra Pizzadsky describe it.

Joe Castaldo
Encroachat was a company that sold specialized smartphones that had added security features on them so that users could message each other without having to worry so much about getting hacked or having police or intelligence agencies spying on them.

Alexandra Pizzadsky
So nobody, not even encroachat itself, could spy on your conversations.

Manica Ramon Wilms
And connected to encroachat is a Canadian named Paul Kruske, who's also been arrested.

Joe Castaldo
I think at a very high level, you could see the encroachat story as being about the tension between our right to privacy and the powers of law.

Alexandra Pizzadsky
Enforcement and also what level of surveillance we're willing to accept as a society in order to essentially maintain law and order.

Manica Ramon Wilms
Today, Alexandra and Joe join me to explain the fall of encroachat and the mysterious man who ran it.

I'm Manica Ramon Wilms, and this is the decibel from the Globe and Mail.

Alex. Joe, thank you so much for being here.

Alexandra Pizzadsky
Thanks for having us.

Joe Castaldo
Thank you.

Manica Ramon Wilms
So, Joe, let's start with you. Let's just start by getting a sense of what it looks like. If you actually had encroachat on your phone, could you describe what that would be like?

Joe Castaldo
Yeah. So it wasn't like an app on your phone. Encroachat sold actual smartphones. These were modified Android devices that had, like, the GPS functionality stripped out the camera, the microphone disabled, and it wouldn't look that different because these phones did run Android, like lots of smartphones do. But an encroachat user could put in a passcode and then get to the second secret encroachat operating system.

Manica Ramon Wilms
So this is an operating system. So this is like an iOS or something that's on your phone?

Joe Castaldo
Exactly. So on the surface, it just looked like a regular smartphone, but it was anything but.

Manica Ramon Wilms
And so then what are you buying? I guess, as a customer, are you buying the software, the physical phone itself. Like, I guess I'm wondering how anchor chat was making money here.

Joe Castaldo
So if you were an encroachat user, you would buy the encroachat phone for about 1000 euro because they were big in Europe. And then you would have to get a subscription plan for another 1500 euro. That was for about six months. And that included customer service and things like that. So you're buying both the phone and the service package that goes along with it.

Manica Ramon Wilms
Okay. And Alex kind of continuing on with what is actually included here in an anchor chat offer. What are some of the key features that anchor chat would offer to its users? So what would you actually get from this?

Alexandra Pizzadsky
Yeah, so one of the main things was that users, they're essentially buying access to other encroachat users. Right. And so you have this messaging app where you're talking to other people who are also on the encroachment network. So you're sort of buying your way into this network of people and all of them are using aliases. And the system came with these sort of special privacy features. So, for example, you could send messages that would self destruct.

So that if your phone were ever seized by law enforcement, for example, or the other person's phone was seized by law enforcement, those messages that you had sent were no longer there. And there was also this feature where you could punch in a certain code and it would just erase the whole device.

Manica Ramon Wilms
Wow.

Alexandra Pizzadsky
So you could look like, oh look, I'm just entering my password so that I can give you access to my phone, but actually I'm erasing everything that's on there. And then on top of that, the same sort of panic wipe feature could be done remotely through customer service.

Manica Ramon Wilms
And do we know how many people were using encroachment?

Alexandra Pizzadsky
So at one point, before it was shut down, there were more than 60,000 users on the network.

Manica Ramon Wilms
Wow. Okay, so not insignificant.

Okay, so who would want to use this kind of phone, Alex? So 60,000, that's a lot of people. But yeah. Who does this appeal to?

Alexandra Pizzadsky
Well, you know, if you talk to people who are selling encroachat devices like resellers, they might tell you that some of their customers could include journalists who want to communicate securely or celebrities who want to be able to communicate securely. But according to law enforcement, particularly authorities in France, which ended up doing the big infiltration of the anchor chat system, it was predominantly organized crime.

Manica Ramon Wilms
Okay, so let's talk about the company behind the software. Now, what do we know about the origins of Encroachat, we don't know a.

Joe Castaldo
Whole lot, to be honest.

Encroachat was a very low profile, secretive company. It wasn't out there trying to drum up publicity for itself or putting its executives out there for media interviews and so on. We do know that it appears to have some links to another company that predated encroachat out of Vancouver that was called esoteric communications, and it did something very similar. It sold secure smartphones for communications.

And esoteric's website raises fears of law enforcement intrusion and snooping and hacking and all of that, and sort of talked about privacy. And these are ideological terms. It seems that Paul Kruski, the alleged CEO of Encroachet, was kind of swimming in these waters as well. We found a post made by somebody with the name Paul Kresky in 2013 on this message board for something called the Guardian Project, which is an open source effort to make secure communications apps for journalists and human rights activists and things like that. And in this post, the authorization author, Paul Kruski, is basically complaining about one of the apps, saying that it's very cumbersome to use. It lacks important features like self destructing messages and things like that. So there was some frustration there. And this post was made around the time that it seems like encroachat was incorporated. But the only explanation we have for why encore chat was started, and specifically Paul Kruskis motivations, comes from his lawyer in France, who told us that his only goal was to provide a technology that would fully respect the privacy of its users.

Manica Ramon Wilms
So let's talk a little bit more about Paul Kruski, then. Alex, I know that you and Joe spoke to, I think, over a dozen people about him. What do they tell you about what he's like as a person?

Alexandra Pizzadsky
We had to piece together a lot of different sources of information because he kept a very low profile. So he was not really out there in the public eye. He was a very private individual. And he, in fact, was very obsessed with privacy, to the point that one person we spoke to who knew Paul and his wife socially said that they'd bought an Alexa, and Paul chided him for buying a listening device that was essentially spying on him. You know, what we know about Paul is that he grew up in Guelph, Ontario. He attended a catholic high school.

Then he graduated from New York University, and after doing so, he co founded this Internet startup in the Waterloo area called World without Wire, which was serving sort of small and medium sized businesses in the area. And one of the things that we discovered, actually was that Paul had this business partner in world without wire named Paul Cator. And Paul Cader had this interesting kind of side business at the time called Zed marketing that was selling satellite tv packages to consumers. And in 2005, DirecTV, which is a satellite provider out of the US, ends up suing Zed marketing for $20 million US, alleging that they were engaging in a complex piracy scheme that was defrauding DirecTV. And one of the defendants is Paul Kruski. But as far as we know, it doesn't look like Paul was particularly involved in the business. There's not really any single allegation against him specifically. He's simply listed as the administrative and technical contact on Zed marketing's website.

Manica Ramon Wilms
Okay.

Alexandra Pizzadsky
And then around that time, Paul and his wife appear to leave Canada.

They sell their home in Ontario and they move to the Dominican Republic. And here we get this kind of window into their lives via his wife's posts on Facebook. So they're kind of living what looks to be a very quiet sort of normal expat life in the Dominican.

His wife is volunteering with a dog rescue. She's really passionate about dogs. They have many dogs living in their own home. Paul is really into horses. There's photos of him riding a horse on the beach. And, you know, one person that we spoke to actually said that Paul was, you know, a pretty reserved person who actually preferred dogs to people. And another person told us that he actually was not particularly well liked, that he was a very smart individual and he could talk at length about many different topics, but he kind of rubbed some people the wrong way. He could come off as pretty arrogant.

Manica Ramon Wilms
Okay.

Alexandra Pizzadsky
It's kind of unclear to us exactly how he was making money at this time, but some people told us that it was through online gambling and he had this kind of very intense poker playing style.

Joe Castaldo
We spoke to a couple of people who played poker with Paul, both in Waterloo and in the Dominican Republic. And he was a sore loser, essentially. He could not accept that he lost and would complain and say the outcome was unfair.

He was a good poker player, but he couldn't accept that chance played a role in whether or not he won. So he had a big ego at the table.

Manica Ramon Wilms
We'll be right back.

Vas Bednar
Welcome to lately a new Globe and Mail podcast that's all about navigating life in the new economy. I'm your host, Bastner.

Every Friday I'm going to be having a conversation, maybe even a raucous one, about big defining trends. In business and technology that are reshaping our everyday. Its about the innovations that are changing our world, whether youve noticed them yet or not. Join us for the latest on lately wherever you get your podcasts.

Manica Ramon Wilms
So we know that eventually, after a few years of operating, anchor chat is infiltrated by police.

Joe, how did that happen?

Joe Castaldo
So the national police in France opened an investigation into Encroachat in about 2017 because they noticed that when they were arresting drug dealers or people with ties to organized crime, they had these encroachat phones that they couldn't get into.

So they opened this investigation and eventually they learn that Encroachat's servers are with a commercial cloud provider that has a data center in a city in northern France. So despite Encroachat's claims of being ultra secure, they didn't own their own servers offshore or in a bunker somewhere. They were just with a commercial cloud provider. So they were able to copy part of Encroachat's server and from there write a piece of malware, essentially, and ship it to encroachat users. And I disguise it as like a software update.

Manica Ramon Wilms
Wow.

Joe Castaldo
And when users installed this update, what it did is it sent copies of their messages.

Manica Ramon Wilms
So they thought this was like a super secure system, which it was until the police kind of hacked it, essentially.

Joe Castaldo
Exactly. And so there were kind of two phases to this. So the police could receive copies of messages and images, but then they also figured out how to read messages in real time, and they were monitoring users for about a period of two months in 2020.

Manica Ramon Wilms
Can I just ask, is that legal? Can police just do that, hack a company like that?

Joe Castaldo
So far, it appears to be, yes, they did have judicial authorization to do this.

But the hack or the infiltration is hugely contentious and a point of debate.

If this happens to encroachat, could something similar happen to more mainstream companies and services?

The other thing to point out is we don't know what kind of interaction there was between law enforcement and encroachat before this hack. So, I mean, law enforcement make, you know, lawful access requests to telecom companies, social media companies all the time as part of investigations. And, you know, usually companies comply if it's a legal request. Encroachat may have been opposed to that kind of thing. There was an old blog post on the Encroachat website. We don't know who at Encroachat wrote it, but it was criticizing BlackBerry for complying with these lawful access requests. Sort of the implication there being, well, we encroachat, we're not going to. We're going to keep you safe. So, you know, if a company doesn't comply with that kind of thing, maybe that does necessitate more extreme measures.

Manica Ramon Wilms
Okay. But either way, police hacked it. They got in to see these messages on encroachat. So, Alex, once the police were in, what did they find?

Alexandra Pizzadsky
Once the police are inside the system, what they're seeing is these users who are hiding behind these aliases, like kind taylor, feral whale, merry sword, bang, bang, boom, boom. And they're bragging about the huge quantities of cocaine and heroin that they're moving, the profits that they're earning from those drug deals, they're orchestrating money laundering schemes. They're even plotting murders of rivals. And at one point, dutch police find this torture chamber inside of a shipping container. They retrieve messages that talk about a tub for waterboarding and cutters for fingers and toes. So some really grotesque things there. And then one day, all of a sudden, in June 2020, anchor chat blasts this message to all of its users, which says that they've had their domains seized illegally by government and advising users to power off and get rid of their phones immediately.

Joe Castaldo
Wow.

Manica Ramon Wilms
What did police do with all these messages? So they're seeing all this stuff, Alex, like, messages about moving drugs, maybe even, like, taking hits on people. What did. What did police do?

Alexandra Pizzadsky
Well, essentially, they start arresting people and they start seizing money and drugs, large quantities of money and drugs. And one number that we have is that there's been more than 6500 arrests in connection with Anchor chat.

Manica Ramon Wilms
All right, so it makes sense that people talking about moving drugs, for example, on Anchorage chat would get arrested. But Krusky also got arrested. Right, so, Joe, why did he get arrested?

Joe Castaldo
Yeah. French prosecutors allege that Paul Kruski is essentially the CEO of Encroachat. And more specifically, they are alleging that he and others knowingly sold these phones to known criminals so that they could continue to do crimes without being caught by police. So the allegation is he assisted organized crime.

We don't know much about what evidence there is to support that. How do they know that he knew who his customers work? How do they know that he was knowingly assisting organized crime? We don't know specifically what criminals or what criminal networks he was allegedly supporting. But in one court document, it does say that the leaders of Encroachat were in direct contact with a major spanish drug trafficker and dutch biker gangs. So that's one aspect to it. And the other is that prosecutors are alleging that encroachat itself was a criminal organization that engaged in money laundering.

Manica Ramon Wilms
Okay, well, let's talk about the money laundering, then, Alex. Do we know how that allegedly worked?

Alexandra Pizzadsky
What authorities are essentially alleging is that money from the sale of the phones and the subscriptions was laundered through companies and banks around the world by people who are based in Spain and Dubai who didn't solely work for anchor chat. And so authorities lay out this kind of convoluted system of operating. What they're alleging is that anchor chat was not a single legal entity, but rather was this sort of web of different companies around the world. And so you have the phones being manufactured in China, and then they're being prepared in Spain, allegedly. And so you then have a spanish company delivering the phones to a Hong Kong based entity called Searle Limited, then Surro selling the phones to a Dubai based company called Zykov, and then Zykov paying licensing fees and connection fees to another company based in the Cayman Islands, and to Nimbus communications in Hong Kong. And then Nimbus is the one who's buying the SIM cards from this british company with Paul Kruski's name on the orders. And so what law enforcement is alleging is that you have these companies that are being set up in Hong Kong solely for the purpose of receiving funds from encroachet users. The companies are allegedly changing all the time, and money is moving between them, and invoices are being created to justify those movements, purely with the intention of disguising the origin of those funds.

Manica Ramon Wilms
Wow.

What has Paul Kruski said about all of this?

Joe Castaldo
We were not able to speak directly to Paul Kruski. He is in custody in France. He was extradited from the Dominican Republic earlier this year. But we were in touch with his lawyer in France, this guy named Antoine Weill, who's well known in France. He was part of Julian Assange's international defense team.

And he told us that Kresky denies all of the charges and that there's no evidence to support these charges and that he is innocent. Kreski has been cooperating with investigators and the judge in this case, and Antoine Weil is certain that the truth will ultimately prevail in this case.

Manica Ramon Wilms
Just in our last few minutes here, I'm wondering if we can talk about some of the big picture issues that we've kind of been talking around here. Right? We've been talking about privacy and when law enforcement needs access to things. I guess you've both been reporting on this story, what does this tell us about the bigger issues of when our privacy needs to be protected versus when police, when law enforcement need access to things in order to stop criminal activity?

Joe Castaldo
Yeah, I mean, obviously, we do have a right to privacy. You can't have a free functioning democracy and fear that your private conversations could be obtained by law enforcement and used against you. At the same time, you know, these services are enticing to criminals, and law enforcement has to be able to do their job to, you know, thwart and prevent organized crime and keep society safe. In Canada and other countries, there's a whole body of law that outlines how and when law enforcement can access private communications to aid in investigations. But then there's a change in technology or a company like encroachet comes along, and all of that has to be reassessed again, I think part of the.

Alexandra Pizzadsky
Challenge is that everything is moving online more and more. And so police do need to be able to find a way to do their work online, too. So often the test of that is actually judicial authorization. Right? So essentially a search warrant. So in the anchor chat case, they did have judicial authorization to carry out this infiltration of the anchor chat network. One of the things that critics of this law enforcement action have been saying is just the scale of the infiltration, right. And so we don't know how surgical it was, really, in terms of, if you do have more than 60,000 users, how many of them are actually doing criminal activity and how many are maybe just innocent people who are now being spied on as a result of this police action? And so I think it's about us as a society trying to find, like, where is that line? How much surveillance is appropriate, how much surveillance is too far, how much involvement by a CEO or how much knowledge by the leader of a company is required in order to be able to say, yes, this was a criminal enterprise because, you know, as people have pointed out, there could be, you know, various drug deals and criminal activities happening via signal or imessage, and we don't see the CEO's of those companies sitting behind bars. And so, you know, here we have a case that looks to be quite different. This, you know, service had a number of features that, you know, at least law enforcement allege were kind of tailor made for organized crime. And so they're arguing that this is different.

This is not just your kind of run of the mill encrypted chat app like signal or telegram, but I think this is something that is still very much kind of playing out through various courts around the world.

Manica Ramon Wilms
Alex, Joe, thank you so much for being here and for sharing your reporting.

Joe Castaldo
Thank you.

Alexandra Pizzadsky
Thanks for having us.

Manica Ramon Wilms
That's it for today. I'm Mainica Ramon Wells. Our producers are Madeleine White, Rachel Levy McLaughlin and Michal Steinhouse. David Crosby edits the show. Adrian Chung is our senior producer, and Matt Fraynor is our managing editor.

Thanks so much for listening, and I'll talk to you soon.