By Mike Corder, Nick Perry and Elliot Spagat, AP
When the FBI dismantled an encrypted messaging service based in Canada in 2018, agents noticed users moving to other networks. Instead of following their tracks to rivals, investigators decided on a new tactic: creating their own service.
ANOM, a secure-messaging service built by the FBI and other law enforcement agencies, launched in October 2019 and solidified its following after authorities took down another rival. Popularity spread by word of mouth.
When ANOM was taken down Monday, authorities had collected more than 27 million messages from about 12,000 devices in 45 languages — a vast body of evidence that fueled a global sting operation. Authorities on Tuesday revealed the operation known as Trojan Shield and announced that it had dealt an “unprecedented blow” to organized crime around the world.
“Each and every device in this case was used to further criminal activity,” said Suzanne Turner, the agent in charge of the FBI in San Diego, where the investigation began in 2016. Users were “upper-echelon, command-and-control” figures in more than 300 criminal organizations.
Unbeknown to criminals, authorities were copied on every message sent on the FBI devices, much like blind recipients of an email.
“The very devices that criminals use to hide their crimes were actually a beacon for law enforcement,” Randy Grossman, the acting U.S. attorney in San Diego, said at a news conference.
More than 800 suspects were arrested and more than 32 tons of drugs seized, including cocaine, cannabis, amphetamines and methamphetamines. Police also seized 250 guns, 55 luxury cars and more than $148 million in cash and cryptocurrencies. An indictment unsealed Tuesday in San Diego named 17 foreign distributors charged with racketeering conspiracy.
The seeds of the sting were sown when law enforcement agencies took down a company called Phantom Secure that provided customized end-to-end encrypted devices to criminals, according to court papers.
Unlike typical cellphones, the devices do not make phone calls or browse the internet — but allow for secure messaging. As an outgrowth of the operation, the FBI recruited a collaborator who was developing a next-generation secure-messaging platform for the criminal underworld called ANOM. The collaborator engineered the system to give the agency access to any messages being sent.
ANOM didn’t take off immediately. But then other secure platforms used by criminals to organize drug-trafficking hits and money laundering were taken down by police, chiefly EncroChat and Sky ECC. That put gangs in the market for a new app, and the FBI’s platform was ready. Over the past 18 months, the agency provided phones via unsuspecting middlemen to gangs in more than 100 countries.
The flow of intelligence “enabled us to prevent murders. It led to the seizure of drugs that led to the seizure of weapons. And it helped prevent a number of crimes,” Calvin Shivers, assistant director of the FBI’s criminal investigative division, told a news conference in The Hague, Netherlands.
The operation was led by the FBI with the involvement of the U.S. Drug Enforcement Administration, the European Union police agency Europol and law enforcement agencies in several countries, said Dutch National Police Chief Constable Jannine van den Berg.
Australian Federal Police Commander Jennifer Hearst called it “a watershed moment in global law enforcement history.”
The ANOM app became popular in criminal circles as users told one another it was a safe platform. All the time, police were looking over their shoulders as they discussed hits, drug shipments and other crimes.
Since October 2019, the FBI cataloged more than 20 million messages from a total of 11,800 devices — with about 9,000 currently active, according to documents, which cited Germany, the Netherlands, Spain, Australia and Serbia as the most active countries.
They say the number of active ANOM users was only 3,000 until Sky, one of the platforms previously used by criminal gangs, was dismantled in March.
While primarily focused on drug trafficking and money-laundering, the investigation also resulted in “high-level public corruption cases,” an FBI agent quoted in the documents said. A goal of Trojan Shield was to “shake the confidence in this entire industry because the FBI is willing and able to enter this space and monitor messages,” the agent said.
Swedish police prevented a dozen planned killings and believe that they arrested several “leading actors in criminal networks,” according to a statement from Linda Staaf, the head of Sweden’s national criminal intelligence unit.
Finnish police said Tuesday that nearly 100 people have been detained and more than 500 kilograms (half a ton) of drugs confiscated, along with dozens of guns and cash worth hundreds of thousands of euros (dollars). In Germany, the general prosecutor’s office in Frankfurt said that more than 70 people were arrested Monday and drugs, cash and weapons were also seized.
In Australia, authorities said they arrested 224 people and seized more than four tons of drugs and $35 million. New Zealand police said they had arrested 35 people and seized drugs and assets worth millions of dollars.
As part of a global operation, the Australian government “struck a heavy blow against organized crime,” Australian Prime Minister Scott Morrison told reporters. “Not just in this country, but one that will echo around organized crime around the world.”
European police last year delivered a major blow to organized crime after cracking an encrypted communications network known as EncroChat, which was used by criminal gangs across the continent.
In March, Belgian police arrested dozens of people after cracking another encrypted chat system and seizing more than 17 tons of cocaine.
The latest effort went even further before authorities decided to take down the service.
The operation will likely lead criminals to wonder whether services they use are run by a government, Turner said, and it has shown that authorities have abundant technical knowledge and international cooperation.
Nick Merrill, a cybersecurity researcher at the University of California, Berkeley, said the investigation offers “a pretty good recipe” for law enforcement agencies to compromise an existing service or build one and wait “for the right time to strike.”
“Either way, these centralized services provide a central point of weakness,” Merrill said.