Mic Drop: Tracking a Ghost

Podcast: Click Here
Host: Dina Temple-Raston
Episode: Mic Drop: Tracking a Ghost
Release Date: January 31, 2025

In the Mic Drop: Tracking a Ghost episode of Click Here, host Dina Temple-Raston delves into the intricate world of cybersecurity through the lens of Jamie O'Reilly, a renowned Australian cybersecurity expert. The episode unpacks the rise and fall of the enigmatic encrypted messaging app, Ghost, and the coordinated efforts of international law enforcement to dismantle its criminal network.

Introduction to Jamie O'Reilly and Devolon

The episode opens with Dina Temple-Raston introducing Jamie O’Reilly, who shares an anecdote about his early experiences with hacking:

Jamie O'Reilly [00:15]: "My uncle started noticing the Internet bill increase greatly because I was downloading MP3s."

O'Reilly, founder of Devolon, describes his company as akin to a cybercriminal group in terms of expertise but with a mission to protect:

Jamie O'Reilly [03:26]: "We are the closest thing to a cybercriminal group or a nation state bad actor that you will find. And we work with banks and governments and enterprises around the world to try and hack them before the bad guys do."

Discovery of Ghost

Approximately a year prior to the episode, O'Reilly discovered Ghost on a darknet app store named Encryptados. Ghost touted itself as the future of secure encrypted communication, emphasizing complete anonymity and advanced encryption features.

Jamie O'Reilly [04:17]: "This is where I first became aware of Ghost."

Dina elaborates on Ghost's unique selling points, highlighting its ability to offer three layers of encryption without requiring personal information from users, making it particularly attractive to criminals.

Features and Appeal of Ghost

Ghost's appeal lay in its robust security features:

• Anonymity: Users did not need to provide personal information such as phone numbers.
• Cryptocurrency Payments: Subscriptions were paid for using cryptocurrencies, further obscuring user identities.
• Self-Destructing Messages: The app included a system that could delete messages from both sender and recipient devices.

Jamie O'Reilly [04:23]: "The Internet responded with a piece of software that was specialized to extract dial up passwords from Windows computers."

These features made Ghost a preferred tool for illicit activities, ranging from drug trafficking to orchestrating violent crimes.

Law Enforcement Response and Operation Kraken

Recognizing the threat Ghost posed, intelligence agencies across six countries, including Australia’s Federal Police, initiated Operation Kraken. The operation aimed not only to shut down Ghost but also to infiltrate its network and identify its users. Early efforts focused on undermining Ghost’s infrastructure, which was surprisingly vulnerable due to its reliance on outdated technology.

Jamie O'Reilly [08:06]: "And it's kind of the worst type of software criminals could use as well, because it gives direct access to all of their devices through one entry point."

Technical Exploits and Infiltration

Operation Kraken capitalized on Ghost’s technical shortcomings. Police discovered that Ghost was running on an obsolete BlackBerry enterprise server, providing an easy target for intrusion. By deploying a malicious update masquerading as a legitimate software update, law enforcement installed a backdoor into Ghost’s system.

Jamie O'Reilly [08:06]: "And police had a toehold, but they wanted more than that. They wanted to crack into the phones of Ghost users."

This strategic move granted access to 376 devices, allowing authorities to gather critical evidence without alerting the app's administrators or its user base.

Arrests and Operational Outcomes

The infiltration led to significant breakthroughs. JJ Yoonjong, identified as the operator of Ghost, was arrested along with over 30 other individuals involved in various criminal activities facilitated by the app. Authorities seized $9 million in cryptocurrency, around 200 kilograms of illegal drugs, and prevented over 50 threats to human life.

Jamie O'Reilly [10:34]: "We allege hundreds of criminals, including Italian, organized crime, motorcycle gang members, Middle Eastern organized crime, and Korean organized crime, have used Ghost in Australia and overseas."

Operation Kraken's success was not confined to Australia alone; coordinated efforts resulted in international arrests and the dismantling of criminal networks utilizing Ghost.

Analysis of Ghost's Vulnerabilities and the Future of Criminal Communication

O'Reilly reflects on Ghost’s downfall, attributing it to the app’s inherent technical flaws rather than any advanced countermeasures by its developers. The reliance on outdated technology and lack of robust security protocols made Ghost susceptible to infiltration.

Jamie O'Reilly [11:01]: "I started to take a look at under the Hood and look at the infrastructure publicly. I realized, okay, this is really just a matter of like, inexperienced group of people who have just gotten lucky for this long."

This event underscores a broader trend where criminal groups are moving away from centralized encrypted messaging services toward more fragmented and less secure communication methods. O'Reilly suggests that the transient nature of such apps, often held together by "digital duct tape and baling wire," ensures their eventual downfall.

Jamie O'Reilly [12:11]: "I know, hand on heart, that there is a death clock that starts as soon as they launch and really, it's about how long can they last before they get shut down."

Conclusion

Mic Drop: Tracking a Ghost offers a compelling narrative of how sophisticated law enforcement operations can effectively dismantle even the most ostensibly secure criminal communication platforms. Through Jamie O'Reilly's expertise and the coordinated efforts of international agencies, the episode highlights both the vulnerabilities inherent in such systems and the relentless pursuit by authorities to maintain cybersecurity and public safety.

Notable Quotes:

• Jamie O'Reilly [00:15]: "My uncle started noticing the Internet bill increase greatly because I was downloading MP3s."
• Jamie O'Reilly [03:26]: "We are the closest thing to a cybercriminal group or a nation state bad actor that you will find."
• Jamie O'Reilly [04:17]: "This is where I first became aware of Ghost."
• Jamie O'Reilly [08:06]: "And it's kind of the worst type of software criminals could use as well, because it gives direct access to all of their devices through one entry point."
• Jamie O'Reilly [10:34]: "We allege hundreds of criminals... have used Ghost in Australia and overseas."
• Jamie O'Reilly [11:01]: "I realized, okay, this is really just a matter of... inexperienced group of people."
• Jamie O'Reilly [12:11]: "There is a death clock that starts as soon as they launch."

This episode not only illuminates the dark corners of the cyber underworld but also showcases the critical role cybersecurity experts and law enforcement play in combating digital threats.