One drug trafficker texted another that he had a "job" and a proven way to get it done: two kilograms of cocaine from Bogota using the French embassy's protected diplomatic pouch.

The pair were straightforward, because they were using the newest, safest mode of communicating: a special-purpose, highly encrypted, messaging-only cellphone called ANOM that operated on a closed network.

"They have already got a few packages in," Baris Tukel told buyer Shane Geoffrey May, according to US court documents.

As proof, Turkel texted pictures of the pouch bound and stamped "Valise Diplomatique Francaise" and another shot of tightly wrapped drug packs.

"They can do it weekly," he wrote.

Little did they know that ANOM was produced and distributed by the US Federal Bureau of Investigation, and every one of their messages -- and those of thousands of other criminals around the world -- were being copied directly to an FBI server.

- 27 million messages -

Others had the same sense of security. They bickered over prices, and explained smuggling strategies.

Using ANOM, "Ironman" texted "Real G" on how they could get volumes of cocaine into Hong Kong, where they had no one in customs to shepherd it through.

The answer? "Real G" sent "Ironman" a photograph of drug packages layered in between bananas in a shipping crate. First, he said, they would have to send some legitimate banana shipments to ease the way.

Their messages were some of 27 million that the FBI and law enforcement partners in Australia and elsewhere scooped up and decrypted, exposing global criminal networks to an unparallelled extent.

The US Justice Department said "Operation Trojan" Shield reaped a "staggering" amount of intelligence that has led to 800 arrests.

It turned one of the biggest challenges for law enforcement today, widely available, unbreakable encryption apps on cellphones, to law enforcement's advantage.

Officials on three continents announced Tuesday that they had seized 38 tons of cocaine, marijuana, methamphetamine and precursor chemicals; 250 firearms and currencies worth $48 million in the operation.

Some 50 clandestine drug labs were shut down and more than 100 potential murders disrupted.

Law enforcement officials themselves seemed in awe at the result of "Trojan Shield".

FBI Special Agent Suzanne Turner said they were stunned at how openly traffickers exchanged information on the ANOM devices.

"They believed it was secure communications," she told reporters in Washington.

- FBI had master decryption key -

The massive coup came about in 2018, when the FBI shut down a precursor encrypted service called Phantom Secure and arrested its head Vincent Ramos and four others for supporting drug trafficking.

That appears to have led the FBI to a builder of the phones who was working on the next generation. The tech wizard already had one drug conviction and faced new charges.

So they agreed to produce ANOM for the FBI, who paid him or her $170,000 to do so -- adding to the encryption system a digital master key that only the FBI could use.

ANOM would also copy all messages from a user to an FBI-controlled server located in a third country as they were transmitted.

But how to get the bad guys to buy the phones, at $2,000 apiece?

The builder already had a network of trusted distributors in place from previous products, and pitched ANOM to them with the pitchline, "Enforce your right to privacy."

The phone hit the market in October 2018, with distributors first selling about 50 in Australia for a Trojan Shield beta test, the FBI working with the Australia Federal Police.

By 2019 ANOM devices were found around the world, used the most in Germany, Netherlands, Spain, Australia and Serbia, mainly by drug traffickers and money launderers.

The FBI said more than 300 distinct transnational criminal organizations were using ANOM.

- Shutting down rivals -

It had its competitors. The FBI discovered that some gangs compartmentalized operations by different communications technology.

In one, ANOM was used for the logistics of the drug shipments, while Ciphr or Sky were used to deal with the money involved.

But ANOM gained in popularity as law enforcement went after other devices, like in 2020 when European authorities brought down up EncroChat, a four-year-old encrypted handset.

After US authorities closed down another rival, Sky Global, in March this year, active ANOM users soared from 3,000 to 9,000, the FBI said.

Why was ANOM shut down now? Turner said Tuesday that many legal cases were ripening and that "it was time to get these criminals off the street."

But a March blog post by an unknown writer claiming that ANOM was transferring data to unknown servers may have also threatened to expose the network.

ANOM global phone sting: What we know
Sydney (AFP) June 8, 2021 - Law enforcement agencies from three continents on Tuesday revealed a vast FBI-led sting operation that sold thousands of supposedly encrypted mobile phones to criminal organisations and intercepted their messages for years.

Police accounts and unsealed US court documents, first cited by Vice News, reveal an ambitious worldwide plot that was years in the making.

What is ANOM?

ANOM was billed as a fully secure encrypted mobile phone that promised the user total secrecy in communications.

Essentially it was a jailbroken handset that used a modified operating system -- removing any of the normal text, phone or GPS services that would make it trackable and traceable.

On the surface, the device would look like a normal mobile phone, but it contained a "secure" messaging service hidden behind a functioning calculator app.

In theory, the phone operated on a closed network -- ANOM phones could only communicate with other ANOM phones using "military grade" encryption that transferred data via secure proxy servers.

The phones also contained a kill switch to delete contacts or any other data stored locally.

Similar services like Phantom Secure, Sky Global, Ciphr, and EncroChat have for years been used by criminal networks for planning and communication -- and many have been exploited by law enforcement.

Where did the FBI come in?

In March 2018 Phantom Secure's CEO Vincent Ramos was indicted by grand jury and along with colleagues would eventually plead guilty to a raft of charges related to drug trafficking.

Shortly after that, an unnamed "confidential human source" presented the FBI with a next-generation encrypted device -- that would be dubbed ANOM -- which was designed to replace discredited, defunct or infiltrated systems.

The same source agreed to disseminate the now FBI-compromised devices among a network of blackmarket distributors who had sold Phantom Secure to carefully vetted or vouched-for individuals, usually members of organised criminal gangs.

Why did criminals buy it?

Initially, 50 ANOM phones were distributed in a test run, mostly to members of Australian organised criminal gangs.

But through word of mouth they gained in popularity with criminal underworld figures, who reportedly recommended them to friends.

Interest in ANOM exploded in 2020 when European authorities rolled up EncroChat, with dozens arrested, and after Sky Global CEO Jean Francois Eap was detained.

In the end, the FBI, Australian authorities and an unnamed "third country" were able to access more than 20 million messages from 11,800 devices in 90 countries.

They were most popular in Germany, the Netherlands, Spain, Australia and Serbia.

Why did the operation stop?

There is no clear rationale given about why the operation stopped now. However a mixture of suspicions, legal hurdles and strategy may have contributed.

Law enforcement did not have real-time access to phone activity but instead, all sent messages were blind copied or 'BCCed' to FBI servers where they were decrypted.

One server was in a third country where the warrant was due to expire on June 7, 2021.

But even ahead of that deadline, suspicions were being raised.

In March "canyouguess67" posted on WordPress that ANOM was a "scam" and that a device he had tested was "in constant contact with" Google servers and relayed data to non-secure servers in Australia and the United States.

"I was quite concerned to see the amount of IP addresses relating to many corporations within the 5 eyes Governments (Australia, USA, Canada, UK, NZ who share information with one another)," the post said before it was deleted.

In addition, one stated aim for "Operation Trojan Shield" was to undermine trust in encrypted devices, a goal that could only be widely achieved when the operation was made public.

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Tweet

Thanks for being here; We need your help. The Space Media Network continues to grow but revenues have never been harder to maintain. With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords. Our news coverage takes time and effort to publish 365 days a year. If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceMediaNetwork Contributor $5 Billed Once credit card or paypal		SpaceMediaNetwork Monthly Supporter $5 Billed Monthly paypal only

Tough fight looms against ransomware 'epidemic'
Washington (AFP) June 8, 2021
The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses. The attacks hitting the Colonial Pipeline and the major JBS meatpacking operations are examples of a burgeoning cybercrime industry with the potential to inflict pain and extract profits by impacting "critical" networks, experts say. Other recent targets include local governments, hospitals, insurers, a ferry system ... read more