On June 7, law enforcement over 16 countries made sure to optimize the last benefits of all the criminal communications intercepted on Anom, an encrypted message service managed by the F.B.I.
Between June 7 and 8, several raids of police occurred in the world as part of a massive international cooperation between 16 countries. The operation was called Trojan shield in the United States, Ironside in Australia, Spyglass in New Zealand or Taskforce greenlight at the Europol. It consisted of having access to the communications of the criminals without their knowledge. Over the last 18 months, the F.B.I intercepted 27 million messages sent via the application Anom. Thought of as a secure encrypted platform perfect for criminals to escape law enforcement controls, it was in fact an application managed by the F.B.I.
Over the last 18 months, the operations led to 800 arrests, seizures of more than 32 tons of drugs, including 8 tons of cocaine or 22 of marijuana, or $48 million USD in worldwide currencies and cryptocurrencies. More than 100 death threats were mitigated and 50 illicit drug labs dismantled. The operation allowed to infiltrate more than 300 criminal groups in more than 100 countries with the use of more than 12,000 phones according to the law enforcement officials.
The international law enforcement partners were Australia, Austria, Canada, Denmark, Estonia, Finland, Germany, Hungary, Lithuania, New Zealand, the Netherlands, Norway, Scotland, Sweden, the United Kingdom, the United States.
F.B.I. recruited an asset who built a encrypted device: Anom
It all started in 2018 with the arrest of the CEO of Phantom Secure along with four other principals of the company. Phantom Secure was a Canada-based encrypted device platform that allowed criminals to hide their organizations from law enforcement. The company bought Blackberry phones, removed all functionalities – including texts, calls, Internet, camera, GPS – and installed an encrypted system so that the phones could only communicate with each other. It used to work like an affiliation program in which a new customer needed to be referenced by an existing user, making it more trustworthy.
Phantom Secure wasn’t the only platform providing such service. In July 2020, EncroChat was dismantled by Belgium, France, and the Netherlands. Sky Global was another one but got taken down in march 2021 as well. All the headwinds to encrypted message services created a void in the market filled with the F.B.I. device. Before the dismantlement of Sky, 3,000 devices tracked by the F.B.I. were in use in March when 6,000 were on the market in June.
In 2018, F.B.I. agents in San Diego recruited a “Confidential Human Resource” who previously distributed Sky Global and Phantom Secure devices to transnational criminal organizations according to court documents. The CHS had invested a large amount of money to develop another encrypted device, “ANOM”, and provided it to the F.B.I for their investigations. The CHS was offered a possibility to a reduction of the six-year-prison sentence and has been paid $120,000 by the FBI plus $59,500 of living and travel expenses. Every message sent by the platform was routed to servers owned by the F.B.I., deciphered, stored and reencrypted in real time. And the Australian Federal Police helped on getting the device into the market.
A criminal influencer helped the distribution of the spying phones with Anom
The informant provided modified phones, such as the Google Pixel, to three former Phantom distributors connected with criminals, primarily in Australia. The system worked similarly to Phantom. The price was about $1,700 AUD ($1,300 USD) for a six-month period in Australia, €1,000-€1,500 ($1,200-$1,800 USD) in Europe or $1,700 CAD ($1,400 USD) in Canada. The messaging service was only activated through a calculator app with a code given by an existing user. The phone allowed voice and text messages, videos and photographs to be exchanged. Australian authorities even promoted it on the social platform Reddit.
The Australian Federal Police was allowed by court to monitor the 50 Anom devices in the black market. In 2019, the popularity of Anom started to take off. In fact, the distribution really increased when an alleged high-profile Australian criminal had recommended the device to some of his associates. The U.S. identified 17 distributors of the Anom phones.
Born from Turkish parents, the man, 42, had escaped to Turkey in 2010 and renounced his Australian nationality in 2019. But he still managed operations for drug import in Australia. He was known as a criminal influencer, the “Facebook gangster“. He was one of the few administrators of the Anom enterprise and could initiate new subscriptions, set up access for distributors, remove accounts or reset devices. Police has now advised him to turn himself in as he was in danger considered that he almost put the handcuffs to many of his partners.
27 million messages from 12,000 phones used for criminal activities
However, the Australian law enforcement wasn’t allowed to share the messages to other countries. The U.S. then found another country where a server could be located with a court order allowing messages to be shared and used by the F.B.I. from October 2019 on. The name of the third country wasn’t mentioned in the U.S. court document but the Netherlands said it analyzed the messages and provided them to Europol for other partners to use.
Between October 2019 and June 2021, 27 million messages from 12,000 devices in over 100 countries have been reviewed. The top five countries where Anom devices were used were Germany, the Netherlands, Spain, Australia, and Serbia. Messages were exchanged in 45 languages, with most of them in Dutch, German and Swedish. San Diego Field Office was the hub for more than 100 agents and analysts and 80 linguists who were pooled together since the take down of Phantom Secure.
Over the millions of messages, the authorities could see a shipment of cocaine from Ecuador to Belgium hidden in tuna cans. 1,595 kilograms of cocaine were hidden in pineapples in a container from Costa Rica to Spain. Drug was labelled with a batman logo. Or 2 kilograms of cocaine passed through a French diplomatic sealed enveloped from Colombia to Australia. Some traffickers were aware of police interventions which initiated to dozens of public corruption cases.
A fruitful collaboration that started over a couple of beers
The court order of the third country expired on June 7, 2021, marking an end to the global investigation with the network shutdown.
In the last 24-48 hours of the operation, there were more than 7,000 law enforcement officers deployed for 500 arrests around the world and 700 locations searched.
In Australia, for the last day of the operation, 4,000 officers were involved in hundreds of arrest warrants. Since 2018, operation Ironside previously led to no less than 224 arrests, 3,700 kilograms of drugs seized, 104 firearms confiscated, $45 million AUD in cash and many assets, including jewelry, phones or computer taken away. The organizations spread out from Australian-based Italian mafia, motorcycle gangs, Asian crime syndicates to Albanian organized crime. 1,650 Anom phones were used in Australia. It also shut down six clandestine laboratories and uncovered 21 murder plots, including a suburban mass shooting at a café.
Prime Minister Scott Morrison said “this is a watershed moment in Australian law enforcement history“. Australian Police Force was indeed a real initiator of the project. “Some of the best ideas come over a couple of beers“, AFP Commissioner Reece Kershaw said at a media briefing about how the FBI and AFP came up with the plan of the operation.
Cooperation with the U.S. and Australia has also recently allowed them to create a plot to three alleged drug dealers who tried to import $700 million USD worth of cocaine in Australia, accounting for the supply of a year in New South Wales, Australia’s most populous state with 8.1 million people including Sydney.
Multiple arrests in several countries in less than 48 hours
In New Zealand, 35 people were arrested facing 900 charges of drug dealing or money laundering. One man faces 164 charges, another 120.
Sweden police reported 70 arrested suspects and more than 100 homes searched between June 7 and June 8. Many of them were involved in drug traffic or planned explosions and shootings in Sweden. Another 5 Swedish alleged criminals were arrested in Spain. The country joined the program in September 2020 and had already arrested 80 persons and intervened before 10 planned murders before the last bust.
In the Netherlands, 49 people were arrested and 25 locations related to drugs were dismantled, 2.3 million euros ($2.8 million USD) in cash were discovered. Dutch law enforcement developed the tools that allowed them to interpret millions of messages from different languages, which was also made available to Europol so that it could analyse the data.
Nearly 100 people were arrested in Finland, more than 60 in Germany. A lab was one of the largest ever dismantled in Germany.
More arrests were expected after the official announcement. Anom accounted for only 5% of encrypted communications in Australia. Bigger platforms are still being used by criminals.
Media sources and useful links:
- Press conference – Operation Trojan Shield/OTF Greenlight, YouTube, June 2021, Free access
- FBI’s Encrypted Phone Platform Infiltrated Hundreds of Criminal Syndicates; Result is Massive Worldwide Takedown, United States Department of Justice, June 2021, Free access
- AFP-led Operation Ironside smashes organised crime, Australian Federal Police, June 2021, Free access
- FBI Targets Encrypted Platforms Used by Criminal Groups, F.B.I., June 2021, Free access
- International Criminal Communication Service Dismantled, F.B.I., March 2018, Free access
- How we tracked down Australia’s most wanted man to his glamorous new life, The Sidney Morning Herald, June 2021, Free access
- Large Bust of Cocaine in Australia Tipped by Casino Gambling, Newsendip, June 2021, Free access