Earlier this year I wrote an article explaining why country of origin is particularly important when either installing a security service or buying security products from an international company. In it, I explain how the Netherlands has recently lost the respect/trust of the cyber security community, essentially doing a complete 180 on their stance towards the cyber security industry over the course of the last 3 years – drastically cutting down on internet privacy/security companies operating out of their country. This includes the closing of Ghostmail servers in 2015 and the raiding/confiscation of servers belonging to Dutch VPN service providers in 2016.
Imagine my surprise then when I come across another headline this morning explaining how Dutch authorities have once again raided/confiscated the private servers of another security based company – Ironchat. In a press release made available to the public on November 6th 2018, Dutch authorities announced that they had arrested “a 46-year-old man from Lingewaard, and his partner, a 52-year-old man from Boxtel.” Explaining how police have already been able to decrypt the data, giving them access to over 258,000 chat messages sent across the server – revealing countless illegal activities and opening the door to numerous new investigations in the future.
For example, about the arrests in question, according to Aart Garssen, Head of the Regional Investigation Service in the Eastern Netherlands, “we rolled up a drug lab in Enschede. We have also found more than € 90,000 in cash in various campaigns, automatic weapons and large quantities of hard drugs (including MDMA and cocaine). In addition, we received an imminent retaliatory action in the criminal circuit of Twente. Four arrests have been made this morning. This brings the total number of arrests today to 14.” This is also just the tip of the iceberg, police have already indicated that the data uncovered today is only going to be “used to start new criminal investigations.”
Unfortunately, there is no justifying the behavior of IronChat, their owners or what they used their encrypted service/servers for. As an outspoken and self proclaimed “privacy hawk,” it is just unfortunate to see another group of thugs soil the industries reputation. It only serves to undermine the trust of legitimate privacy/security companies trying to make a name for ourselves and do the right thing. Needless to say though, IronChat’s website and servers have been taken offline, and will remain offline permanently.
Fact-Sheet Prepared by Dutch Police: