When the FBI dismantled an encrypted messaging service based in Canada in 2018, agents noticed that users were moving to other networks. Instead of following in the footsteps of rivals, investigators decided on a new tactic: creating their own service.
ANOM, a secure messaging service built by the FBI and other law enforcement agencies, was launched in October 2019 and solidified its aftermath after authorities shut down another rival. Popularity spread by word of mouth.
When ANOM was taken down on Monday, authorities had collected more than 27 million messages from around 12,000 units in 45 languages - a wealth of evidence driving a global sting operation. Authorities on Tuesday unveiled the operation known as the Trojan Shield and announced that it had given an “unprecedented blow”
“Every unit in this case was used for further criminal activity,” said Suzanne Turner, an FBI agent in San Diego, where the investigation began in 2016. Users were “top echelons, command-and-control.” 300 criminal organizations.
Unknown to criminals, authorities were copied on every message sent to the FBI units, as were blind recipients of an email.
“The devices that criminals use to hide their crimes were actually a beacon for law enforcement,” Randy Grossman, acting U.S. attorney in San Diego, told a news conference.
More than 800 suspects were arrested and more than 32 tonnes of drugs were seized, including cocaine, cannabis, amphetamine and methamphetamine. Police also seized 250 guns, 55 luxury cars and more than $ 148 million in cash and cryptocurrencies. An indictment that was not sealed Tuesday in San Diego identified 17 foreign distributors accused of conspiracy to commit violence.
The seeds for the sting were sown when law enforcement officials took down a company called Phantom Secure, which provided bespoke end-to-end encrypted devices to criminals, according to court papers.
Unlike typical mobile phones, the devices do not make phone calls or surf the Internet – but allow secure messaging. As an outgrowth of the operation, the FBI recruited a collaborator who was developing a next-generation secure messaging platform for the criminal underworld called ANOM. The employee designed the system to give the agency access to the messages sent.
ANOM did not start immediately. But then other secure platforms used by criminals to organize drug trafficking and money laundering were removed by the police, mainly EncroChat and Sky ECC. It put gangs in the market for a new app, and the FBI’s platform was ready. Over the past 18 months, the agency has provided telephones via unsuspecting intermediaries to gangs in more than 100 countries.
The flow of intelligence “enabled us to prevent murder. It led to the seizure of drugs that led to the seizure of weapons. And it helped prevent a series of crimes, ”Calvin Shivers, assistant director of the FBI’s investigation department, told a news conference in The Hague, the Netherlands.
The operation was led by the FBI with the involvement of the US Drug Enforcement Administration, the European Union Police Agency Europol and law enforcement agencies in several countries, said Dutch National Police Chief Jannine van den Berg.
Australian Police Chief Jennifer Hearst called it “a watershed in global law enforcement history.”
The ANOM app became popular in criminal circles when users told each other that it was a secure platform. All the while, police looked over their shoulders as they discussed hits, drug shipments, and other crimes.
Since October 2019, the FBI has cataloged more than 20 million messages from a total of 11,800 units – with about 9,000 currently active, according to documents citing Germany, the Netherlands, Spain, Australia and Serbia as the most active countries.
They say the number of active ANOM users was only 3,000 until Sky, one of the platforms previously used by criminal gangs, was dismantled in March.
While it was primarily focused on drug trafficking and money laundering, the investigation also resulted in “high-level public corruption cases,” said an FBI agent quoted in the documents. One goal of the Trojan Shield was to “shake the confidence of this entire industry because the FBI is willing and able to enter this space and monitor communications,” the agent said.
Swedish police prevented a dozen planned killings and believe they arrested several “leading actors in criminal networks”, according to a statement from Linda Staaf, head of Sweden’s national criminal intelligence unit.
Finnish police said on Tuesday that nearly 100 people had been detained and more than 500 kg (half a tonne) of drugs confiscated along with dozens of cannons and cash worth hundreds of thousands of euros (dollars). In Germany, the Frankfurt Public Prosecutor’s Office said more than 70 people were arrested on Monday and drugs, cash and weapons were also seized.
In Australia, authorities said they arrested 224 people and seized more than four tonnes of drugs and $ 35 million. New Zealand police said they had arrested 35 people and seized millions of dollars worth of drugs and assets.
As part of a global operation, the Australian government “struck a hard blow against organized crime,” Australian Prime Minister Scott Morrison told reporters. “Not just in this country, but one that will echo around organized crime around the world. . “
Last year, European police delivered a major crackdown on organized crime after cracking an encrypted communications network known as EncroChat, which was used by criminal gangs across the continent.
In March, Belgian police arrested dozens of people after cracking down on another encrypted chat system and seizing more than 17 tonnes of cocaine.
The latest effort went even further before the authorities decided to shut down the service.
The operation is likely to make criminals wonder if services they use are run by a government, Turner said, and it has shown authorities have ample technical knowledge and international cooperation.
Nick Merrill, a cyber security researcher at the University of California, Berkeley, said the study offers “a pretty good recipe” for law enforcement agencies to compromise an existing service or build one and wait “at the right time to strike.”
“Either way, these centralized services present a key weakness,” Merrill said.
Suggest a correction