The FBI ran an "encrypted" chat application for organized criminals
The FBI has secretly operated an encrypted communication platform for many years, enabling it to intercept 20 million messages from international criminal organizations. As part of an investigation ca...
01/08/2021
The FBI has secretly operated an encrypted communication platform for many years, enabling it to intercept 20 million messages from international criminal organizations. As part of an investigation called "Operation Trojan Horse Shield," hundreds of people were arrested in 18 countries. Suspects including members of the Italian Mafia and illegal motorcycle gangs have been prosecuted. The Australian police who helped conceive the sting arrested 224 criminals and seized 3.7 tons of drugs and US$44.9 million in cash and assets.
The crackdown was essentially borne out of the demise of a popular encrypted phone service, known as Phantom Secure, according to newly unsealed court documents. After that enterprise was shut down and its CEO arrested in 2018, the FBI used a "source" to peddle a new app, dubbed "Anom," to criminal networks. Unknown to those who used the devices featuring the platform, the FBI had built a master key into its encryption system. This allowed agents to surreptitiously monitor each message and enabled them to decrypt and store messages as they were transmitted.
Over the following months, the app organically grew on the back of a "beta test" in Australia and the dismantling of two additional encryption phone enterprises, Encrochat and Sky Global. The FBI's supply-side "source" used this window to distribute Anom devices to criminals who had used those now-defunct messaging channels. The phones grew in popularity within the underworld after high-profile criminals vouched for the app's integrity, Australian Police noted.
"These criminal influencers put [law enforcement] in the back pocket of hundreds of alleged offenders," Australian Federal Police commissioner Reece Kershaw said in a statement. "Essentially, they have handcuffed each other by endorsing and trusting AN0M and openly communicating on it – not knowing we were watching the entire time."
Overall, law enforcement have catalogued the aforementioned 20 million messages from a total of 11,800 devices located in over 90 countries. Breaking down the surveillance process, the FBI said that phones outside of the US routed an encrypted BCC of the message to an “iBot” server. From there, it was decrypted from the encryption code and then immediately re-encrypted with FBI encryption code. The message was then routed to a second FBI-owned iBot server, where it was decrypted and its content made available for viewing.
Each Anom user was also assigned to a particular Jabber Identification (JID) by the FBI's supply-side source or an Anom administrator. A JID is akin to a PIN in Blackberry Messenger, according to the documents, which describe it "as either a fixed, unique alphanumeric identification or, in the case of more recent devices, a combination of two English words." Anom users were also able to select their own usernames and could change their list of usernames over time. As part of the operation, the FBI maintained a list of JIDs and corresponding screen names of Anom users.
There are currently about 9,000 Anom devices in the wild. According to the FBI, it has used the chat platform to identify more than 300 transnational criminal organizations. Australian police, who helped intercept local information, said these communications included suspected murder, mass drug trafficking and the distribution of firearms. Other criminals include criminals related to Asian criminal groups and Albanian organized crime. At the same time, the New Zealand police have arrested 35 people and seized $3.7 million in assets as part of their interconnected operations.