How a Fake FBI-Encrypted Device Ensnared Criminals Around the World
By Masood Farivar June 08, 2021
The global sting operation billed as "Trojan Shield" that led to the arrests of hundreds of criminals this week began with the takedown of an encrypted device maker catering to drug traffickers around the world.
In 2018, the FBI dismantled Canada-based Phantom Secure, forcing its customers â€” at the time estimated at more than 10,000 â€” to look for other encrypted apps.
To fill the void, the FBI in late 2019 recruited a "confidential human source" to launch its own hardened encrypted device company called ANOM, putting a new, secure communications product on the market. The informant in turn introduced the device to his network of trusted distributors, allowing the use of the device to grow organically, according to an FBI affidavit.
The ANOM app quickly took off in the criminal underworld. So confident were ANOM's distributors and administrators in the secrecy of the devices that "they openly marketed them to other potential users as designed by criminals for criminals," Andy Grossman, acting U.S. Attorney for the Southern District of California, said at a press conference Tuesday in San Diego, announcing charges against 17 foreign nationals accused of administering and distributing the app.
Australian media reported that the country's most wanted fugitive, Hakan Ayik, was given early access to the device by undercover agents and unwittingly promoted ANOM to his associates.
Demand for the messaging app grew when European investigators dismantled the popular EncroChat encrypted platform in July 2020. And usage exploded when the FBI dismantled Sky Global, another encrypted platform, in March 2021, officials said.
In all, more than 12,000 ANOM encrypted devices and services were sold to more than 300 criminal syndicates in over 100 countries, law enforcement officials announced on Tuesday. The users included Italian organized crime, Australian motorcycle gangs, international drug trafficking organizations and corrupt law enforcement officials.
"And every single person who used ANOM used it for a criminal purpose," Grossman said.
Believing ANOM shielded them from surveillance, the users openly discussed criminal activities such as drug concealment methods and shipments, money laundering and in some cases, violent threats against individuals, officials said.
"Some users negotiated drug deals via these encrypted messages and sent pictures of drugs, in one instance hundreds of kilograms of cocaine concealed in shipments of pineapples and bananas, and in another instance, in cans of tuna, in order to evade law enforcement," Grossman's office said in a statement.
Sweeping strategy, scale
Unknown to the users, the FBI was monitoring their conversations all along. A copy of every message sent from every ANOM device was transmitted to a server in an unidentified foreign country, according to court documents.
The data was then provided to the FBI, which reviewed the communications for criminal activity and shared them with law enforcement agencies around the world. Law enforcement officials said they obtained more than 27 million messages in 45 different languages exchanged over the ANOM app during the 18 months of the investigation.
"The supreme irony here is that the very devices that these criminals were using to hide from law enforcement were actually beacons for law enforcement," Grossman said.
While the FBI had previously infiltrated encrypted communications platforms used by criminals, Operation Trojan Shield marked the first time the bureau operated its own platform, which at the time of its takedown on Monday had more than 9,000 active users.
The operation was unprecedented in its scale, innovative strategy, international coordination and investigative outcome, Grossman said. Law enforcement agencies from 16 countries took part in the investigation, searching 700 locations and arresting more than 800 people, including 300 over the last two days, on a range of criminal charges. In addition, more than 32 tons of narcotics and more than $48 million in international currencies were seized.
In the U.S., prosecutors unsealed federal charges against 17 foreign nationals, including Ayik, with drug trafficking, money laundering and obstruction of justice. Eight of the 17 were taken into custody late Monday. The rest remain at large.
Law enforcement officials said the sting operation's real significance lay beyond the arrests and seizures.
"The immense and unprecedented success of Operation Trojan Shield should be a warning to international criminal organizations: Your criminal communications may not be secure, and you can count on law enforcement worldwide working together to combat dangerous crime that crosses international borders," said Suzanne Turner, special agent in charge of the FBI's San Diego field office.
|Join the GlobalSecurity.org mailing list|