National Crime Agency Repurposes Amazon Cloud


The UK’s National Crime Agency (NCA) repurposed its cloud-based data analytics platform to identify threats to life in messages sent by suspected criminals via encrypted EncroChat phone networks.

Following a software implant on an EncroChat server in Roubaix, French investigators within their digital crime unit were able to infiltrate the encrypted phone network in April 2020, capturing over 70 million messages. Supported by Europol, the operation would result in the arrest of criminals throughout the Netherlands, Germany, Sweden, France and other parts of the world engaging in drug trafficking, money laundering and firearms offences.

The NCA were able to convict over 1,100 people under investigation into the French EncroChat data – Operation Venetic, which has led to a further 3,000 arrests across the UK and over 2,000 suspects currently being charged.

In the UK, the police have seized nearly six and a half tonnes of cocaine, over three tonnes of heroin and close to 14 and a half tonnes of cannabis – along with 173 firearms, 3,500 rounds of ammunition and £80m in cash from various organised crime groups. Europol provided British investigators with overnight downloads of data sourced from phones identified as operating in the UK through Europol’s Large File Exchange – a part of its Siena secure computer network.

With around 9,000 UK-based EncroChat users, the NCA required large volumes of potentially incriminating data to be processed rapidly, resulting in the National Cyber Crime Unit (NCCU) categorising it for human investigators. To automate pre-processing of the data, NCCU added pre-built capabilities from Amazon Web Services into its cloud data platform, such as machine learning software that could extract text, handwriting and data from within EncroChat text messages and photographs.

With more than 200 threats to life, the NCCU could not rely on data scientists to take the time to analyse the data themselves. An off-the-shelf service from Amazon Web Services enabled them to go from standing to full capability within a couple of hours – a timeframe that may have taken over a month to build from scratch themselves.

The NCCU scaled up their existing data analysis platform from tens of users in the NCA to 300 within just two weeks of being informed of the EncroChat investigation. Once historic Realm messages and live text messages from thousands of phones were extracted, the NCA sent intelligence packages in CSV files to Regional Organised Crime Units; the Police Service of Northern Ireland; Scotland Yard; the Metropolitan Police; Border Force; the Prison Service and HM Revenue and Customs.

By shifting from on-premise infrastructure to the cloud, the NCCU has been able to dedicate more time to investigations and less time to hardware procurement and IT infrastructure management.

For more information on big data analytics and any future data analytics conference, check out the upcoming events from Whitehall Media.