Sara Kaufman[1]
On June 8, 2021, the Federal Bureau of Investigation (FBI) and Australia’s Federal Police (AFP) publicly announced the arrests of more than 800 individuals utilizing a FBI-controlled encrypted platform to facilitate their criminal activities.[2] ANOM, a highly popular encryption platform amongst criminals worldwide, was secretly used as a surveillance tool in an investigation known as “Operation Trojan Shield” in order to discreetly observe and curtail the criminal activities in Australia and beyond.[3]
As technology has grown over the years, criminals have utilized hardened encrypted devices as a tool to obstruct any federal investigations against them. Encrypted devices are tools that both send and retrieve encrypted electronic communications, allowing criminals to openly discuss their activities with confidence that their contents will remain secure.[4] For many years, contents in encrypted devices did in fact remain secure; communication was often limited to a self-selected group of individuals using the same encryption platform. Law enforcement agents therefore would be unable to collect evidence regarding the conversations that criminals were having on their encrypted devices.
Companies that provided these encrypted devices were generally aware that their target audience is utilizing their products for criminal activity; in March 2018, the CEO of Phantom Secure, Vincent Ramos, and four other principals of the company were indicted for aiding and abetting the distribution of cocaine. During his plea hearing in October 2018, Ramos admitted that Phantom Secure laundered drug trafficking proceeds, as well as aided and abetted the importation, exportation, and distribution of illegal substances across international borders.[5] Phantom Secure was not the first, nor would it be the last, of the many encrypted devices to appear on the black market to plan and executive criminal activity.
Operation Trojan Shield
While the FBI previously dismantled hardened encryption companies utilized amongst criminals to communicate – such as Phantom Secure – new platforms would emerge as substitutes for their predecessors. In “Operation Trojan Shield,” various European law enforcement agencies, the FBI and AFP collaborated with a confidential source to construct, market, and upkeep the next encrypted communication platform to arise on the black market.[6]
The devices themselves were encrypted but the FBI, AFP, and the confidential source collaborated to build a master key into the existing encryption system.[7] This allowed law enforcement to decrypt and store messages as they were transmitted. For devices located outside of the U.S., an encrypted “BCC” of each sent message is routed to an “iBot” server located outside of the U.S. The message is then decrypted with the master key and then immediately re-encrypted with the FBI encryption code. The newly encrypted message is then passed to a second FBI-owned iBot server to be decrypted for viewing within the U.S.[8] Given the high level of technical care and expertise needed to set up this master key process, the collaboration between the FBI, AFP, confidant, and other European law enforcement agencies was needed to ensure that ANOM could be launched effectively and discreetly within criminal networks.
ANOM could only be used on devices sold within the black market and were stripped of the ability to make calls or send emails. In order to get a hold of an ANOM-encrypted device, each criminal had to be green-lighted by another criminal who was already using the software.[9] Each ANOM user was identified by a Jabber Identification – similar to a smartphone PIN – was chosen by each user to identify themselves as opposed to using their real names.[10] The high level of exclusivity and security behind ANOM increased the confidence that users that their communications would remain private.
Results of the investigation
As high-profile criminals such as Hakan Ayik praised ANOM and encouraged its use to their associates, thousands of criminals worldwide began utilizing ANOM devices to openly discuss their activities. Between October 2019 and May 2021, a total of 11,800 ANOM devices were registered in over 90 countries, with the highest number of users based in Germany, the Netherlands, Spain, Australia, and Serbia.[11]
Considering the strong reputation that ANOM had amongst criminals, plans to import, export, or distribute drugs were sent between encrypted devices without the use of coded language.[12] Text messages shown in a search warrant affidavit filed May 18, 2021, display open conversation regarding cocaine hidden in French diplomatic packages or underneath layers of bananas in shipping trucks.[13]
Through the surveillance of ANOM users, law enforcement agencies from the U.S., Australia, and the European Union were able to seize numerous tons of drugs and millions of dollars in cash.[14] Australian police officers also claim to have acted on 20 “threats to kill,” thereby protecting many innocent civilians who may have otherwise lost their lives.[15]
Although the criminals that utilized ANOM encrypted devices strongly advocated for their high level of security, this could not be further from the truth. The review of messages sent on ANOM devices has opened numerous high-level public corruption cases internationally, as well as investigations of distributors for money laundering, international drug trafficking, and obstruction of justice.[16]
While new encrypted platforms used to emerge once their predecessors were taken down by the FBI, Operation Trojan Shield severely damages the trusted foundation of encrypted devices for communications amongst criminal actors. Though the use of new technology such as encryption devices has allowed discreet criminal activity to go undetected, law enforcement across the globe has proven that, with joint efforts, they can utilize the same tools for their benefit.
The current issue of the IELR will have a more comprehensive discussion of the law enforcement initiative and its implications.
[1] Legal assistant, Berliner Corcoran & Rowe LLP; B.A., Amherst College.
[2] Rachel Pannett and Michael Birnbaum, FBI-controlled ANOM app ensnares scores of alleged criminals in global police sting, The Washington Post, June 7, 2021, https://www.washingtonpost.com/world/2021/06/08/fbi-app-arrests-australia-crime.
[3] Cheviron Aff. ¶ 14, May 18, 2021. https://www.justice.gov/usao-sdca/press-release/file/1402426/download.
[4] Cheviron Aff. ¶ 9, supra.
[5] Cheviron Aff. ¶ 10, supra.
[6] Ben Westcott, For years, the underworld thought its phones were safe. They fell for an encrypted app trap, CNN, June 9, 2021, https://www.cnn.com/2021/06/08/australia/afp-fbi-ANOM-app-operation-ironside/index.html.
[7] Cheviron Aff. ¶ 13, supra.
[8] Id.
[9] Ben Westcott, supra.
[10] Cheviron Aff. ¶ 14, supra.
[11] Cheviron Aff. ¶ 19, supra.
[12] Cheviron Aff. ¶ 29, supra.
[13] Cheviron Aff. ¶ 14, supra.
[14] Ben Westcott, supra.
[15] ANOM: Hundreds arrested in massive global crime sting using messaging app, BBC.COM, June 8, 2021, https://www.bbc.com/news/world-57394831.
[16] Cheviron Aff. ¶ 20, supra.