The ANOM (also stylized as AN0M or ΛNØM) sting operation (known as Operation Trojan Shield or Operation Ironside) is a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a Trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organized crime, outlaw motorcycle clubs, drug syndicates and other organized crime groups.
Background
The shutdown of the Canadian secure
messaging company Phantom Secure in March 2018 left international criminals in
need of an alternative system for secure communication. Around the same time, the San Diego FBI
branch had been working with a person who had been developing a
"next-generation" encrypted device for use by criminal networks. The
person was facing charges and cooperated with the FBI in exchange for a reduced
sentence. The person offered to develop ANOM and then distribute it to
criminals through their existing networks.
The first communication devices with ANOM were offered by this informant
to three former distributors of Phantom Secure in October 2018.
The FBI also negotiated with an unnamed
third country to set up a communication interception, but based on a court
order that allowed passing the information back to the FBI. Since October 2019,
ANOM communications have been passed on to the FBI from this third country.
The FBI named the operation "Trojan
Shield", and the AFP named it "Ironside".
Distribution and Usage
The ANOM devices consisted of a
messaging app running on smartphones that had been specially modified to
disable normal functions such as voice telephony, email, or location services. After checking that normal functionality was
disabled, the messaging apps then communicated with one another via supposedly
secure proxy servers, which then copied all sent messages to servers controlled
by the FBI. The FBI could then decrypt the messages with a private key associated
with the message, without ever needing remote access to the devices. The devices also had a fixed identification
number assigned to each user, allowing messages from the same user to be
connected to each other. According to a
since-deleted Reddit post discovered by Motherboard, the ANOM app was "for
Android"; a WordPress blog post described the app as using a "custom
Android OS".
About 50 devices were distributed in
Australia for beta testing from October 2018. The intercepted communications
showed that every device was used for criminal activities, primarily being used
by organized criminal gangs.
Use of the app spread through word of
mouth, and was also encouraged by undercover agents; drug trafficker Hakan Ayik
was identified "as someone who was trusted and was going to be able to
successfully distribute this platform", and without his knowledge was
encouraged by undercover agents to use and sell the devices on the black market,
further expanding its use. After users
of the devices requested smaller and newer phones, new devices were designed
and sold. The most commonly used
languages on the app were Dutch, German and Swedish.
After a slow start, the rate of
distribution of ANOM increased from mid-2019. By October 2019, there were
several hundred users. By May 2021, there had been 11,800 devices with ANOM
installed, of which about 9,000 were in use.
New Zealand had 57 users of the ANOM communication system. The Swedish Police had access to
conversations from 1,600 users, of which they focused their surveillance on 600
users. Europol stated 27 million
messages were collected from ANOM devices across over 100 countries.
Some skepticism of the app did exist;
one March 2021 WordPress blog post called the app a scam.
Arrests and Reactions
The sting operation culminated in search
warrants that were executed simultaneously around the globe on 8 June 2021. It is not entirely clear why this date was
chosen, but news organizations have speculated it might be related to a warrant
for server access expiring on 7 June. The
background to the sting operation and its transnational nature was revealed
following the execution of the search warrants. Over 800 people were arrested
in 16 countries. Among the arrested
people were alleged members of Australian-based Italian mafia, Albanian organized
crime, outlaw motorcycle gangs, drug syndicates and other crime groups. In the European Union, arrests were
coordinated through Europol. Arrests
were also made in the United Kingdom, although the National Crime Agency was
unwilling to provide details about the number arrested.
The seized evidence included almost 40
tons of drugs (over eight tons of cocaine, 22 tons of cannabis and cannabis
resin, six tons of synthetic drug precursors, two tons of synthetic drugs), 250
guns, 55 luxury cars and more than $48 million in various currencies and
cryptocurrencies. In Australia, 224 people were arrested on 526 total charges. In New Zealand, 35 people were arrested and
faced a total of 900 charges. Police seized $3.7 million in assets,
including 14 vehicles, drugs, firearms and more than $1 million in cash.
Over the course of the three years, more
than 9,000 police officers across 18 countries were involved in the sting operation.
Australian Prime Minister Scott Morrison said that the sting operation had
"struck a heavy blow against organized crime". Europol described it
as the "biggest ever law enforcement operation against encrypted
communication".
No arrests were made in the United
States because of privacy laws that prevented law enforcement from collecting
messages from domestic subjects.
No comments:
Post a Comment