ANOM Sting Operation

The ANOM (also stylized as AN0M or ΛNØM) sting operation (known as Operation Trojan Shield (stylized TRØJAN SHIELD) or Operation Ironside) is a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle clubs, drug syndicates and other organised crime groups.

Background

The shutdown of the Canadian secure messaging company Phantom Secure in March 2018 left international criminals in need of an alternative system for secure communication.Multiple sources:
*
* Around the same time, the San Diego FBI branch had been working with a person who had been developing a "next-generation" encrypted device for use by criminal networks. The person was facing charges and cooperated with the FBI in exchange for a reduced sentence. The person offered to develop ANOM and then distribute it to criminals through their existing networks. The first communication devices with ANOM were offered by this informant to three former distributors of Phantom Secure in October 2018.

The FBI also negotiated with an unnamed third country to set up a communication interception, but based on a court order that allowed passing the information back to the FBI. Since October 2019, ANOM communications have been passed on to the FBI from this third country.

The FBI named the operation "Trojan Shield", and the AFP named it "Ironside". Europol set up the Operational Task Force Greenlight.

Distribution and usage

The ANOM devices consisted of a messaging app running on Android smartphones that had been specially modified to disable normal functions such as voice telephony, email, or location services, and with the addition of PIN entry screen scrambling to randomise the layout of the numbers, the deletion of all information on the phone if a specific PIN is entered, and the option for the automatic deletion of all information if unused for a specific period of time.

The app was opened by entering a specific calculation within the calculator app, described by the developer of GrapheneOS as "quite amusing security theater", where the messaging app then communicated with other devices via supposedly secure proxy servers, which also – unknown to the app's users – copied all sent messages to servers controlled by the FBI. The FBI could then decrypt the messages with a private key associated with the message, without ever needing remote access to the devices. The devices also had a fixed identification number assigned to each user, allowing messages from the same user to be connected to each other.

About 50 devices were distributed in Australia for beta testing from October 2018. The intercepted communications showed that every device was used for criminal activities, primarily being used by organised criminal gangs. About 125 devices were shipped to different drop-off points to the United States in 2020.

Use of the app spread through word of mouth, and was also encouraged by undercover agents; drug trafficker Hakan Ayik was identified "as someone who was trusted and was going to be able to successfully distribute this platform", and without his knowledge was encouraged by undercover agents to use and sell the devices on the black market, further expanding its use. After users of the devices requested smaller and newer phones, new devices were designed and sold; customer service and technical assistance was also provided by the company. The most commonly used languages on the app were Dutch, German and Swedish.

After a slow start, the rate of distribution of ANOM increased from mid-2019. By October 2019, there were several hundred users. By May 2021, there had been 11,800 devices with ANOM installed, of which about 9,000 were in use. New Zealand had 57 users of the ANOM communication system. The Swedish Police had access to conversations from 1,600 users, of which they focused their surveillance on 600 users. Europol stated 27 million messages were collected from ANOM devices across over 100 countries.

Some skepticism of the app did exist; one March 2021 WordPress blog post called the app a scam.

Arrests and reactions

The sting operation culminated in search warrants that were executed simultaneously around the globe on 8 June 2021. It is not entirely clear why this date was chosen, but news organisations have speculated it might be related to a warrant for server access expiring on 7 June. The background to the sting operation and its transnational nature was revealed following the execution of the search warrants. Over 800 people were arrested in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle gangs, drug syndicates and other crime groups. In the European Union, arrests were coordinated through Europol. Arrests were also made in the United Kingdom, although the National Crime Agency was unwilling to provide details about the number arrested.

The seized evidence included almost 40 tons of drugs (over eight tons of cocaine, 22 tons of cannabis and cannabis resin, six tons of synthetic drug precursors, two tons of synthetic drugs), 250 guns, 55 luxury cars, and more than $48 million in various currencies and cryptocurrencies. In Australia, 224 people were arrested on 526 total charges. In New Zealand, 35 people were arrested and faced a total of 900 charges. Police seized $3.7 million in assets, including 14 vehicles, drugs, firearms and more than $1 million in cash.

Over the course of the three years, more than 9,000 police officers across 18 countries were involved in the sting operation. Australian Prime Minister Scott Morrison said that the sting operation had "struck a heavy blow against organised crime". Europol described it as the "biggest ever law enforcement operation against encrypted communication".

In 2022, ''Motherboard'' journalist Joseph Cox published documents stating that the FBI obtained message data through the cooperation of an unnamed country within the European Union.

Australia

About 50 of the devices had been sold in Australia. Police arrested 224 suspects and seized 104 firearms and confiscated cash and possessions valued at more than 45 million AUD.

Germany

In Germany, the majority of the police activity was in the state of Hesse where 60 of the 70 nationwide suspects were arrested. Police searched 150 locations and in many cases under suspicion of drug trafficking.

Netherlands

In the Netherlands, 49 people were arrested by Dutch police while they investigated 25 drug production facilities and narcotics caches. Police also seized eight firearms, large supplies of narcotics and more than 2.3 million euros.

Sweden

In Sweden, 155 people were arrested as part of the operation. According to police in Sweden which received intelligence from the FBI, during an early phase of the operation it was discovered that many of the suspects were in Sweden. Linda Staaf, head of the Swedish police's intelligence activities, said that the suspects in Sweden had a higher rate of violent crime than the other countries.

United States

No arrests were made in the United States because of privacy laws that prevented law enforcement from collecting messages from domestic subjects. However, the United States Department of Justice indicted seventeen persons (all foreign nationals) under the Racketeer Influenced and Corrupt Organizations Act for their participation in "the ANOM enterprise" which spread the devices.

Legal challenges

, multiple court cases have been brought in Australia to challenge the legitimacy of the ANOM sting operation. A judgment in one of the cases before the Supreme Court of South Australia has ruled in favor of the police.

See also

* EncroChat – a network infiltrated by law enforcement to investigate organized crime in Europe
* Ennetcom – a network seized by Dutch authorities, who used it to make arrests
* Sky Global – a communications network and service provider based in Vancouver, Canada

References

External links

{{Commons category , Operation Trojan Shield

ANOM.io - Domain Seized
- as of 8 June 2021, this displays FBI and AFP graphics, a "Trojan Shield" graphic and a "This domain has been seized" notice, with a form inviting visitors "To determine if your account is associated with an ongoing investigation, please enter any device details below"

2021 in international relations
2021 in law
Anonymity networks
Deception operations
Encryption debate
Secure communication
Operations against organized crime
Law enforcement operations
Trojan horses
June 2021 events
History of cryptography
Federal Bureau of Investigation operations