FBI and AFP created a fake encrypted chat platform to catch criminals

In the "largest and most sophisticated law enforcement operations to date," a joint international law enforcement created a fake end-to-end encrypted chat platform designed solely to catch criminals.

The FBI and the Australian Federal Police started cooperating three years ago in Operation Ironside (aka Operation Trojan Shield), creating a fake encrypted messaging platform called Anom that was sold exclusively to criminals, allowing law enforcement to listen in on their messages and conversations.

"Since 2019, the US Federal Bureau of Investigation, in close coordination with the Australian Federal Police, strategically developed and covertly operated an encrypted device company, called ANOM, which grew to service more than 12 000 encrypted devices to over 300 criminal syndicates operating in more than 100 countries, including Italian organised crime, outlaw motorcycle gangs, and international drug trafficking organisations," says a press release by Europol.

After reviewing 27 million messages where criminals discussed their activities on the Anom platform, law enforcement was able to arrest 800 people and seize 8 tons of cocaine, 22 tons of cannabis and cannabis resin, 2 tons of synthetic drugs (amphetamine and methamphetamine), 6 tons of synthetic drugs precursors, 250 firearms, 55 luxury vehicles and over $48 million in various worldwide currencies and cryptocurrencies. 

Europol states that the following countries participated in the international coalition: Australia, Austria, Canada, Denmark, Estonia, Finland, Germany, Hungary, Lithuania, New Zealand, the Netherlands, Norway, Sweden, the United Kingdom incl. Scotland, and the United States.

The AFP released the following explainer video to explain how the operation was conducted.

The Anom platform created to snare criminals

Criminal organizations commonly use hardened encrypted messaging platforms to prevent law enforcement from monitoring their communications. 

In 2018, the FBI arrested the CEO of encrypted messaging platform Phantom Secure for marketing customized communication devices to criminal organizations and aiding them in their illegal activities.

The FBI states that after the arrest, they recruited a Confidential Human Source (CHS) who had previously distributed Phantom Secure and Sky Gobal communication devices and was creating their own "next generation" communications device.

According to court documents filed by the FBI and unsealed yesterday, the CHS agreed to work with the FBI in the hopes of a reduced sentence and helped the FBI and the AFP to create a new encrypted messaging platform called Anom.

The CHS also agreed to market the Anom devices to distributors who are known to work with criminal organizations.

To help promote the devices, the operation created the website Anom.io that included a teaser video illustrating the customized messaging device.

When Anom users sent messages, the device would quietly attach a master key to each message that allows law enforcement to decrypt and view the sent messages.

"Before the devices could be put to use, however, the FBI, AFP, and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability."

"By design, as part of the Trojan Shield investigation, for devices located outside of the United States, an encrypted "BCC" of the message is routed to an "iBot" server located outside of the United States, where it is decrypted from the CHS's encryption code then immediately re-encrypted with FBI encryption code."

"The newly encrypted message then passes to a second FBI-owned iBot server, where it is decrypted and its contents available for viewing in the first instance."

The US Attorney's Office for the Southern District of California will be live-streaming a press conference at 11 AM EST regarding Operation Trojan Shield.