The UK’s National Crime Agency (NCA) repurposed its cloud-based data analytics platform to identify threats to life in messages sent by suspected criminals over the EncroChat network. With the support of Europol, investigators from France’s digital crime unit infiltrated the encrypted phone network in April 2020, capturing 70 million messages. This operation, known as Operation Venetic, led to arrests in multiple countries, including the Netherlands, Germany, Sweden, and France, targeting criminals involved in drug trafficking, money laundering, and firearms offenses.
Under the NCA’s investigation into the French EncroChat data, more than 1,100 people have been convicted, resulting in over 3,000 arrests across the UK and more than 2,000 suspects being charged. The operation has led to significant seizures, including nearly six and a half tonnes of cocaine, over three tonnes of heroin, almost 14 and a half tonnes of cannabis, 173 firearms, 3,500 rounds of ammunition, and £80m in cash from organized crime groups.
To process the large volume of potentially incriminating data from the estimated 9,000 UK-based EncroChat users, the NCCU, part of the NCA, utilized pre-built capabilities from Amazon Web Services (AWS) on its cloud data platform. These capabilities included machine learning software to extract text, handwriting, and data from EncroChat messages and photographs.
The NCCU scaled up its existing data analysis platform from tens of users to 300 within two weeks of being informed of the EncroChat investigation. Once the messages were processed, the NCA sent intelligence packages to various law enforcement agencies, including Regional Organized Crime Units, the Police Service of Northern Ireland, Police Scotland, the Metropolitan Police, Border Force, the Prison Service, and HM Revenue & Customs, for further analysis.
The NCCU had been developing its cloud-based platform for over three years, with Contino winning the contract to build it on AWS. The shift to the cloud allowed the NCCU to focus more on investigations and less on hardware procurement and IT infrastructure management.
The NCCU utilized various AWS services, including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Relational Database Service (Amazon RDS), Amazon EMR, and AWS Glue, to enhance its data processing capabilities. Amazon GuardDuty was used to monitor network activity and ensure the platform’s security.
In a similar vein, the Netherlands Forensic Institute (NFI) announced that its forensic big data analysis (FBDA) team had modified a computer model to scan for drug-related messages sent between suspected criminals. This “drug-talk” software was developed as part of a research and development project.