Shutdown of Sky Global
Sky Global was a communications network and service provider founded in 2008 in Vancouver, Canada. It developed the world's largest encrypted messaging network called Sky ECC, operating through three servers of the OVHcloud company in Roubaix, France. A significant share of the system's users were international crime organizations involved in drug trafficking, and the company management was suspected of collusion.
In a series of police raids against criminal organizations in several countries in early 2021, a part of Sky's infrastructure in Western Europe was dismantled, and US Department of Justice issued an arrest warrant against the company's CEO Jean-François Eap. On March 19, 2021, the company apparently shut down the operations after BlackBerry cut it off from its services. Its website has been seized by the FBI.
Background
Sky Global was founded in 2008 by Jean-François Eap, in Vancouver, Canada.The company provided Sky ECC, a subscription-based end-to-end encrypted messaging application. Originally developed for the BlackBerry platform, it uses elliptic-curve cryptography for encryption. One of its features was "self-destruction" of messages after a user-defined expiration period. The company modified Nokia, Google, Apple and BlackBerry phones. Phones supplied by the company had cameras, microphones and GPS disabled. If a phone was not contactable by the network, the message would be retained for up to 48 hours, then deleted. The phones had a kill switch: if a user entered a "panic" password, the device would delete its contents. The company website offered a US$4 million prize to anyone who could break the encryption within 90 days. They support Android, BlackBerry and iPhone apps.
Messages were stored using 512-bit elliptic-curve cryptography and network connections are protected by 2048 bit SSL.
171,000 SKY ECC devices were registered, mainly in Europe, North America, several central and South American countries – mainly Colombia – and the Middle East. A quarter of active users were in Belgium and the Netherlands, and half of those were said to be in use around the port of Antwerp.
Communication interception and decryption by law enforcement
In June 2019, following a preliminary investigation into criminal associations and narcotics trafficking, a judge from the Tribunal de Grande Instance of Lille authorized the interception of network communications from the Sky ECC main servers located at the OVHcloud data center in Roubaix, France. However, the communications remained unreadable at that time due to the platform's encryption.On December 17, 2020, a judge from the Tribunal Judiciaire of Paris authorized the implementation of a technical device capable of performing a man-in-the-middle attack. The device, which was activated the following day, functioned by sending invisible push messages to SkyECC handsets. These messages prompted the devices to release specific "decryption elements" or cryptographic keys stored locally on the phones.
By capturing these keys, investigators were able to decrypt both live messages and historical communications that had been previously intercepted and stored. The ability of law enforcement to decrypt older messages using keys obtained later indicates that the Sky ECC encryption protocol might have lacked proper forward secrecy, a security feature that ensures a compromise of current keys does not compromise past communications.
Legal challenges regarding these methods emerged in international courts, specifically concerning the territorial principle of public international law. In August 2025, the High Court of the Canton of Zurich ruled that because the MITM device actively triggered responses from handsets located on Swiss soil without a formal mutual legal assistance request, the operation constituted a violation of Swiss sovereignty.
Raids
On 9 March 2021 around 16:00 Belgian police carried out about 200 raids, arrested 48 people and seized €1.2 million in cash along with 17 tonnes of cocaine. Those arrested included lawyers and members of the Hells Angels, serving police officers, an employee of the public prosecutor's office, civil servants, tax officials and hospital administrators suspected of providing information to the gangs, as well as people suspected of gang-related violence.Belgian federal prosecutor said that "The operation was concentrated on taking down the Sky ECC infrastructure, dismantling the distribution network and seizing the criminal assets of the distributors" and "as many Sky ECC devices as possible" were seized from identified users. The federal prosecutor said about the encryption that "We succeeded. We will send Sky ECC the account number of the federal police".
Belgian and Dutch authorities were alleged to have been able to access the network from 15 February 2021 up to shortly before the raids. About a billion messages were intercepted, about half of which had been decrypted by April 2021—further avenues of inquiry were expected to open as decryption progressed. The Belgian police said the network they had broken into was so trusted by its criminal users that images of torture, execution orders, insider financial and operational information were freely sent.
Raids in the Netherlands were part of Operation Argus, the follow-up to the Lermont operation used to take down EncroChat.
Sky Global disputed claims that their servers and app had been compromised, claiming that they were aware of a fake "Sky ECC" app being available on unsecure phones.
Sky Global said they were "actively investigating and pursuing legal action against the offending individuals for impersonation, false lights, trademark infringement, injurious falsehood, defamation and fraud".
Joris van der Aa, a crime reporter for Gazet van Antwerpen, noted the importance of Operation Sky, saying, "It is a big blow because, in Belgium and a great part of the criminal underworld in the Netherlands, they really trusted Sky as a system. They were so full of confidence, and the police now have so much information on how the underworld was structured, bank accounts, all the corrupt contacts are being arrested. It takes years to build these networks... In South America they will be thinking, 'Let's not do business with these Dutch and Belgian guys any more'... Everyone is waiting for the storm and asking themselves what the police know."
Indictment and shutdown
On March 12, 2021, the US Department of Justice in San Diego, California, issued an indictment against Sky Global's CEO, Jean-François Eap, and a former distributor, Thomas Herdman. They were charged with a "conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act ", and arrest warrants were issued. The indictment states that the Sky Global's devices are "specifically designed to prevent law enforcement from actively monitoring the communications between members of transnational criminal organizations involved in drug trafficking and money laundering. As part of its services, Sky Global guarantees that messages stored on its devices can and will be remotely deleted by the company if the device is seized by law enforcement or otherwise compromised."In response, Eap has published a statement branding the allegations as false, saying that he and his company are being "targeted" because they "build tools to protect the fundamental right to privacy." "Sky Global's technology works for the good of all. It was not created to prevent the police from monitoring criminal organizations; it exists to prevent anyone from monitoring and spying on the global community. The indictment against me personally in the US is an example of the police and the government trying to vilify anyone who takes a stance against unwarranted surveillance."
On March 19, 2021, the company apparently shut down the operations after BlackBerry cut it off from its Unified Endpoint Manager services. Its website has been seized by the FBI.
Aftermath
- On 19 June 2024, seven men were prosecuted in Finnish district court for drug and gun charges for crimes committed during 2020-2021, two lead suspects were convicted 13 years prison sentence for acquiring cocaine, amphetamine and ecstasy as well firearm felony. Five were convicted 3-4 year sentences for the same crimes and laundering money, two charges were dropped. Prosecution was based on messages exchanged in SkyECC application received from foreign police agencies.