Netherlands security company Black Box Security was raided by the Dutch Police and shuttered on suspicion of money laundering and operating a criminal enterprise. Black Box was the inventor of the Iron Phone and the Iron Chat app. Together, they were supposed to provide an unbreakable encrypted chat service. This service became a popular favorite among cyber and other criminals.
According to Sophos Naked Security, the police in The Netherlands successfully cracked the encryption and have been reading the messages for quite some time, in all about a quarter of a million messages. The information they gathered allowed them to close a drug laboratory, and make several other arrests. Eventually, because of the compromised communication channel and police activity, the criminals using these phones started accusing each other of working with the police. The Politie had to shut it down and arrest everyone in order to avoid bloodshed on the streets.
Encryption is a useful protection when implemented properly. The problem was with the way the encryption in the phone and app were implemented. This is not the first time that poor encryption has been beaten by smarter cryptographers. In some of the earlier ransomware variants, the attackers were using SHA-1 and other easily cracked methods to create their encryption keys. In those cases, the encrypted data was easily recovered. This is just another example of the dangers of home brewed encryption.
The other lesson is this: when searching for encryption solutions such as encrypted email, browsing, messaging, and services such as VPN, it falls on you, the subscriber, to perform your due diligence to ensure that you are getting the security, secrecy, privacy and anonymity you are expecting. Not all services perform as advertised, so checking customer reviews and independent testing labs can help you find reliable alternatives.