For years, the FBI used a covert encrypted communications network to intercept 20 million messages from international criminal groups.
Hundreds of people have been arrested as part of Operation Trojan Shield, which has taken place in 18 countries. Several suspects have been charged, including members of the Italian Mafia and criminal motorcycle gangs. 224 offenders have been detained, with 3.7 tonnes of drugs and $44.9 million in cash and assets recovered by the Australian Police, who assisted in planning the investigation.
According to newly disclosed court documents, the crackdown was sparked by the death of Phantom Secure, a prominent encrypted phone service. After the company was shut down and its CEO was arrested in 2018, the FBI employed a “source” to sell criminal networks a new software called “Anom.” The FBI had built a master key into its encryption system, which was unknown to individuals who used the platform’s devices. This allowed agents to monitor each message covertly and decrypt and store messages as they were being transferred.
The app grew organically over the next few months, thanks to a “beta test” in Australia and the demise of two more encryption phone companies, Encrochat and Sky Global. This window was exploited by the FBI’s supply-side “source” to send Anom devices to criminals who had used the now-defunct communications channels.
According to the Australian Police, the phones grew in favor among the underworld when high-profile criminals vouched for the app’s veracity.
“These criminal influencers put law enforcement in the back pocket of hundreds of alleged offenders,” Australian Federal Police commissioner Reece Kershaw said in a statement. “Essentially, they have handcuffed each other by endorsing and trusting AN0M and openly communicating on it – not knowing we were watching the entire time.”
According to law enforcement, the aforementioned 20 million texts were collected from 11,800 devices in over 90 countries. The FBI alleged that phones outside of the US forwarded an encrypted BCC of the message to an “iBot” server, breaking down the surveillance process. It was then decrypted using the encryption code before being re-encrypted using FBI encryption code. The message was subsequently forwarded to a second FBI-controlled iBot computer, where it was encrypted, and its contents made public.
The FBI’s supply-side source or an Anom administrator provided each Anom user a unique Jabber Identification (JID). According to the documents, a JID is similar to a PIN in Blackberry Messenger and is “as either a fixed, unique alphanumeric identification or, in the case of more recent devices, a combination of two English words.” Anom users could also choose their own usernames and change them over time.
The FBI kept a list of JIDs and related screen names of Anom users as part of the operation.
Anom devices are currently operational in the wild in numbers of around 9,000.
According to the FBI, the chat network is used by approximately 300 international criminal groups. According to the Australian Police, the discussions included claimed assassination plots, mass drug trafficking, and firearms distribution.
Those affiliated with an Asian crime syndicate and Albanian organized crime are among the other perpetrators. Meanwhile, as part of an interconnected operation, New Zealand Police have made 35 arrests and recovered $3.7 million in assets.