Law enforcement’s latest takedown targets a shadowy network that has long eluded capture.
The Australian Federal Police (AFP) have arrested and charged a 32-year-old man for creating and managing Ghost, an encrypted communication platform allegedly built to serve the criminal underworld. This takedown, dubbed Operation Kraken, marks a significant victory in the fight against encrypted criminal networks—a battle law enforcement has waged for over a decade.
About 700 AFP officers executed search warrants across four states and territories, marking the operation’s pinnacle. Near-simultaneous raids unfolded in Ireland, Italy, Sweden, and Canada, signaling a coordinated effort to dismantle the network. Ghost’s alleged users, nearly 50 of whom are Australians, face charges ranging from drug trafficking to violent crimes.
The Ghost Mastermind’s Fall
The suspect, arrested at his Narwee home, allegedly managed the Ghost platform from Australia—a first for the nation. Although Ghost had operated for nearly a decade, the AFP only gained the upper hand in 2022 when international partners joined forces to infiltrate the platform. The effort resulted in police gaining access to encrypted messages, allowing them to intercept criminal activities in real-time.
The global task force OTF NEXT, spearheaded by Europol, the FBI, and French Gendarmerie, brought together agencies from Canada, Sweden, Ireland, and others. The AFP played a pivotal role, creating a covert solution to modify Ghost’s software updates, effectively turning criminal users’ devices into evidence-gathering tools.
Breaking the Myth of Anonymity
For years, Ghost users believed the platform’s encryption shielded them from law enforcement. But as Deputy Commissioner McCartney put it, “the holy grail is always penetrating criminal platforms,” and the AFP’s success in infiltrating Ghost proves that belief wrong. The AFP prevented over 50 threats to life and disrupted the flow of illicit drugs and firearms, thanks to their newfound access.
Ghost is just the latest in a string of encrypted networks taken down by law enforcement, following the likes of EncroChat, AN0M, Sky Global, and Phantom Secure. Each takedown sends the same message to criminals: no platform is truly secure from the combined efforts of global law enforcement.
International Impact
In Australia alone, Operation Kraken led to 38 arrests, the execution of 71 search warrants, and the seizure of over 200 kilograms of illicit drugs and 25 weapons. However, the operation’s reach extends far beyond Australian borders. 11 others were arrested in Ireland, one in Canada and one in Italy belonging to the Italian Sacra Corona Unita mafia group, the Europol said.
Europol Executive Director Catherine De Bolle echoed the sentiment, stressing that no criminal network can evade their collective efforts. De Bolle emphasized Europol’s role in turning collaboration into actionable results, stating, “No matter how hidden these networks think they are, they can’t escape the law.”
Decoding the Ghost’s Network
Ghost wasn’t merely an app; it was a sophisticated system tailored for the needs of the underworld. Users could purchase it anonymously, and it employed three encryption standards. One standout feature allowed users to send a code that triggered the self-destruction of all messages on the target phone. This made it easier for criminal networks to evade detection, counter forensic efforts, and coordinate cross-border operations.
The alleged mastermind worked with a network of resellers to distribute modified smartphones with encrypted software, each priced at around $2,350. The price tag included a six-month subscription to Ghost’s encrypted network and technical support for users—a level of service that underscores the scale of Ghost’s operations.
Thousands of people worldwide used Ghost, and every day, exchanged roughly a thousand messages on the platform.
By September 17, there were 376 active Ghost devices in Australia alone, most concentrated in New South Wales. The platform catered to a range of organized crime groups, from outlaw motorcycle gangs to international syndicates with ties to Italian and Middle Eastern organized crime. These groups used Ghost to coordinate drug trafficking, launder money, and even arrange contract killings.
Road to Operation Kraken
Ghost’s downfall began in 2022 when international law enforcement partners targeted the platform, leading the AFP to establish Operation Kraken. The task force deployed a unique technical solution that allowed them to access encrypted communications—a move that changed the course of the investigation.
Among the most damning pieces of evidence gathered were the messages exchanged by users. These messages offered a glimpse into the high-stakes world of organized crime, where anonymity was paramount, and a single misstep could lead to deadly consequences.
AFP Commissioner Reece Kershaw warned organized crime in 2021 that their days of relying on encrypted platforms were numbered. “The lives of many serious criminals dramatically changed when they realized their phone—and those who vouched for it—had betrayed them,” he said in a statement. With Ghost’s demise, that warning has become a reality for yet another criminal network.
For the AFP, the operation isn’t just a technical win; it’s a showcase of their world-class capabilities in digital forensics, intelligence gathering, and covert operations. By infiltrating Ghost, the AFP not only stopped crimes in progress but also sent a clear signal to organized crime groups that their encrypted tools are not impenetrable.
The Future of Encrypted Platforms
The Ghost takedown raises questions about the future of encrypted communication platforms in organized crime. As law enforcement agencies continue to improve their technical capabilities, the arms race between criminal syndicates and global policing intensifies.
Assistant Commissioner Tony Longhorn of Western Australia Police noted that organized crime syndicates continue to rely on encrypted platforms to distribute drugs and weapons. “The landscape of encrypted communications remains highly dynamic and segmented, posing ongoing challenges for law enforcement,” Europol said.
However, Longhorn emphasized that no platform offers true anonymity, and with every operation, law enforcement inches closer to closing that gap.
Europol said it is focused on tackling criminal use of encrypted communications, while advocating for a balanced approach that respects privacy and legal standards.
Private companies must also ensure their platforms aren’t havens for criminals, providing lawful data access under judicial oversight, in line with fundamental rights.
Law enforcement needs access to suspect communications to fight serious crimes, but this can coexist with privacy protection, cybersecurity, and strong legal safeguards.
As the legal proceedings against the alleged Ghost administrator unfold, law enforcement agencies across the globe are watching closely.
A Warning to Criminal Networks
The successful infiltration and dismantling of Ghost echo a broader trend in law enforcement’s approach to organized crime. Criminal platforms, once thought to be untouchable, are falling one by one. For the criminals who relied on Ghost, the game is over. And for those still using encrypted platforms, the message is clear: no network is safe forever.
As Catherine De Bolle succinctly put it, “No matter how hidden these networks think they are, they can’t evade our collective effort.”
