Police arrested more than 800 people worldwide in a huge global sting involving encrypted phones that were secretly planted by the FBI, law enforcement agencies said Tuesday.
Officers were able to read the messages of global underworld figures in around 100 countries as they plotted drug deals, arms transfers and gangland hits on the compromised ANOM devices.
The evidence from “Operation Trojan Shield” prevented around 100 murders and foiled several large-scale drug shipments, said officials from the FBI, the EU’s police agency Europol and other countries as far afield as Australia.
“The results are staggering,” FBI Assistant Director Calvin Shivers told reporters at Europol’s HQ in The Netherlands.
He said the FBI had provided criminal syndicates in over 100 countries with the devices over the last 18 months “that allowed us to monitor their communications.”
Europol said police from a total of 16 countries launched raids on the basis of evidence from the phones, around 12,000 of which were distributed worldwide.
“This information led over the last week to hundreds of law enforcement operations on a global scale from New Zealand to Australia to Europe and the USA, with impressive results,” said Jean-Philippe Lecouffe, Deputy Director Operations at Europol.
“More than 800 arrests, more than 700 locations searched, more than 8 tonnes of cocaine.”
– ‘Heavy blow’ –
Australian police said the supposedly hardened encrypted devices were handed out to operatives within the mafia, Asian crime syndicates, drug cartels and outlaw motorcycle gangs as part of the elaborate FBI-led plot.
In Australia alone, more than 200 people have been charged as part of the operation, which Prime Minister Scott Morrison said Tuesday had “struck a heavy blow against organised crime — not just in this country, but one that will echo around organised crime around the world”.
The operation began after global police work in the past two years disrupted two other major encrypted phone networks used by criminals, Encrochat and SkyGlobal.
“The closure of those two encrypted communication platforms created a significant void in the encrypted communication market,” said New Zealand police.
To fill the void, “the FBI operated its own encrypted device company, called ‘ANOM’,” the New Zealand police added.
The FBI’s Shivers said this enabled them to “turn the tables” on criminals.
“We were actually able to see photographs of hundreds of tonnes of cocaine that were concealed in shipments of fruit, we were able to see hundreds of kilos of cocaine that were concealed in canned goods,” Shivers said.
According to unsealed court documents cited by US media outlet Vice, the FBI worked with insiders to develop and distribute AN0M devices through the Phantom Secure network of existing criminal customers, unloading 50 — mostly to Australia — as a “beta test.”
– ‘They came to us’ –
The devices are said to have had no email, call or GPS services and could only message other ANOM phones.
They could only be bought on the black market — for around $2,000 — and required a code from an existing user to access.
“They actually came to us seeking these devices,” Shivers said.
Australian agencies helped get the phones in the hands of underworld “influencers” — including an Australian fugitive drug boss on the run in Turkey — in a bid to gain trust.
The cover appeared to be blown in March 2021 when a blogger detailed AN0M security flaws and claimed it was a scam linked to Australia, the United States and other members of the FiveEyes intelligence sharing network. The post was later deleted.
The Australian Federal Police said that as a result of the operation, a total of 224 people were now facing more than 500 charges in Australia alone, while six underground drug labs were shut down and firearms and Aus$45 million (US$35 million) in cash was seized.
“We allege they are members of outlaw motorcycle gangs, Australian mafia, Asian crime syndicates and serious and organised crime groups,” federal police commissioner Reece Kershaw said.
New Zealand Police detective superintendent Greg Williams said 35 people had been arrested across the country.
Police in New Zealand seized methamphetamine, firearms, and millions of dollars in cash and assets during the operation.
ANOM’s website — which once offered “military grade” encryption services and devices with special features like “light and dark” display themes — was unavailable Tuesday, with a message from authorities that the “domain has been seized.”
Law enforcement agencies from three continents on Tuesday revealed a vast FBI-led sting operation that sold thousands of supposedly encrypted mobile phones to criminal organisations and intercepted their messages for years.
Police accounts and unsealed US court documents, first cited by Vice News, reveal an ambitious worldwide plot that was years in the making.
What is ANOM?
ANOM was billed as a fully secure encrypted mobile phone that promised the user total secrecy in communications.
Essentially it was a jailbroken handset that used a modified operating system – removing any of the normal text, phone or GPS services that would make it trackable and traceable.
On the surface, the device would look like a normal mobile phone, but it contained a “secure” messaging service hidden behind a functioning calculator app.
In theory, the phone operated on a closed network – ANOM phones could only communicate with other ANOM phones using “military grade” encryption that transferred data via secure proxy servers.
The phones also contained a kill switch to delete contacts or any other data stored locally.
Similar services like Phantom Secure, Sky Global, Ciphr, and EncroChat have for years been used by criminal networks for planning and communication — and many have been exploited by law enforcement.
Where did the FBI come in?
In March 2018 Phantom Secure’s CEO Vincent Ramos was indicted by grand jury and along with colleagues would eventually plead guilty to a raft of charges related to drug trafficking.
Shortly after that, an unnamed “confidential human source” presented the FBI with a next-generation encrypted device – that would be dubbed ANOM – which was designed to replace discredited, defunct or infiltrated systems.
The same source agreed to disseminate the now FBI-compromised devices among a network of black market distributors who had sold Phantom Secure to carefully vetted or vouched-for individuals, usually members of organised criminal gangs.
Why did criminals buy it?
Initially, 50 ANOM phones were distributed in a test run, mostly to members of Australian organised criminal gangs.
But through word of mouth they gained in popularity with criminal underworld figures, who reportedly recommended them to friends.
Interest in ANOM exploded in 2020 when European authorities rolled up EncroChat, with dozens arrested, and after Sky Global CEO Jean Francois Eap was detained.
In the end, the FBI, Australian authorities and an unnamed “third country” were able to access more than 20 million messages from 11,800 devices in 90 countries.
They were most popular in Germany, the Netherlands, Spain, Australia and Serbia.
Why did the operation stop?
There is no clear rationale given about why the operation stopped now. However a mixture of suspicions, legal hurdles and strategy may have contributed.
Law enforcement did not have real-time access to phone activity but instead, all sent messages were blind copied or ‘BCCed’ to FBI servers where they were decrypted.
One server was in a third country where the warrant was due to expire on 7 June 2021.
But even ahead of that deadline, suspicions were being raised.
In March “canyouguess67” posted on WordPress that ANOM was a “scam” and that a device he had tested was “in constant contact with” Google servers and relayed data to non-secure servers in Australia and the United States.
“I was quite concerned to see the amount of IP addresses relating to many corporations within the 5 eyes Governments (Australia, USA, Canada, UK, NZ who share information with one another),” the post said before it was deleted.
In addition, one stated aim for “Operation Trojan Shield” was to undermine trust in encrypted devices, a goal that could only be widely achieved when the operation was made public.