Tuesday, June 08, 2021

Australian cops, FBI created backdoored chat app, told crims it was secure – then snooped on 9,000 users' plots

Hundreds of arrests already in Oz, details of European and US ops to be revealed soon


Simon Sharwood, APAC Editor
Tue 8 Jun 2021 

The Australian Federal Police (AFP) has revealed it was able to decrypt messages sent on a supposedly secure messaging app that was seeded into the criminal underworld and promoted as providing snoop-proof comms.

The app was in fact secretly built by the FBI, and designed to allow law enforcement to tune into conversations between about 9,000 users scattered around Earth.

Results in Australia alone have included over 500 warrants executed, 200-plus arrests, the seizure of AU$45m and 3.7 tonnes of drugs, and the prevention of a credible threat to murder a family of five. Over 4,000 AFP officers were involved in raids overnight, Australian time. Europol and the FBI will detail their use of the app in the coming hours.

The existence of the app — part of Operation Ironside, which quietly began three years ago — was revealed at a press conference in Australia today, where AFP commissioner Reece Kershaw said that, during informal meetings over beers, members of the AFP and the FBI cooked up the idea of creating a backdoored app. The idea built on previous such efforts, such as the Phantom Secure platform.

The app, called AN0M, was seeded into the organised crime community. The software would only run on smartphones specially modified so that they could not make calls nor send emails. These handsets were sold on the black market between criminals as secure messaging tools. The app would only communicate with other AN0M-equipped phones, and required payment of a monthly fee.

“We were able to see every handset that was handed out and attribute it to individuals,” Kershaw said.

“Criminals needed to know a criminal to get a device,” reads the AFP’s announcement of the operation. “The devices organically circulated and grew in popularity among criminals, who were confident of the legitimacy of the app because high-profile organised crime figures vouched for its integrity.”

But the software had a backdoor. Commissioner Kershaw said the organisation he leads “provided a technical capability to decrypt the messages,” and that as a result his force, the FBI, and Europol were able to observe communications among criminals in plain text.

“All they talk about is drugs and violence,” Kershaw said. “There was no attempt to hide behind any kind of codified information.” Intercepts included comments about planned murders and information about where and when speedboats would appear to shift contraband.

Kershaw said the surveillance enabled by the app is legal under the terms of Australia’s Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. Law enforcement agencies in other jurisdictions also had legal cover for their use of the software.

However, some of those authorities were set to expire. That, and an operational decision to end the operation due to the opportunity to act on intelligence gathered using AN0M, led to today’s disclosures.

AN0M gave us insights we never had before


“The use of encrypted apps represents significant challenges,” Kershaw said. “AN0M gave us insights we never had before.”

The commissioner acknowledged that criminals will now adjust their behaviour as a result of this news, but suggested the AFP is working to develop similar capabilities. “This was a small platform. We know there are bigger ones. We will ensure we have the technology to disrupt criminals."

FBI International Operations Division legal attaché for Australia Anthony Russo offered similar comments, saying: “Criminals should be on notice that law enforcement are resolute to continue to evolve our capabilities.”

Kershaw somewhat smugly suggested that organised crime will take a while to bounce back from this operation, as intercepts of AN0M conversations suggest that arrests made before the app was revealed have sparked internecine warfare and revenge plots.

By the way, it turns out someone was able to figure out the FBI's ruse in March this year, though they thought the software had been backdoored by its makers and not the Feds. A blog post describing the workings of the code was later deleted. ®
FBI paid renegade developer $180k for backdoored AN0M chat app that brought down drug underworld

From hidden master keys to pineapples stuffed with Bolivian marching powder — this story has it all
Tue 8 Jun 2021 // 22:58 UTC
3

The FBI has revealed how it managed to hoodwink the criminal underworld with its secretly backdoored AN0M encrypted chat app, leading to hundreds of arrests, the seizure of 32 tons of drugs, 250 firearms, 55 luxury cars, more than $148M, and even cocaine-filled pineapples.

About 12,000 smartphones with AN0M installed were sold into organized crime rings: the devices were touted as pure encrypted messaging tools — no GPS, email or web browsing, and certainly no voice calls, cameras, and microphones. They were "designed by criminals, for criminals exclusively," one defendant told investigators, Randy Grossman, Acting US Attorney for the Southern District of California, told a press conference on Tuesday.

However, AN0M was forged in a joint operation by Australian and US federal law enforcement, and was deliberately and surreptitiously engineered so that agents could peer into the encrypted conversations and read crooks' messages. After Australia's police broke the news that the messaging app had recorded everything from drug deals to murder plots — leading to hundreds of arrests — now the FBI has spilled its side of the story, revealing a complex sting dubbed Operation Trojan Shield.


The Dept of Justice's Randy Grossman walks through journalists through Operation Trojan Shield at a press conference on Tuesday

"For the first time the FBI developed and operated its own hardened encrypted device company, called AN0M," Grossman said.

"Criminal organizations and the individual defendants we have charged purchased and distributed AN0M devices in an effort to secretly plan and execute their crimes. But the devices were actually operated by the FBI."
Playing the long game

According to court documents [PDF] this all came about after the shutdown of Phantom Secure, a Canadian biz selling Blackberry phones customized for encrypted chat to the criminal community. CEO Vincent Ramos pleaded guilty in 2018 to conspiring with drug traffickers and was sentenced to nine years behind bars and had $80M in assets seized.

The closure of Phantom Secure put the staff working there on the FBI's radar. The bureau's San Diego office recruited a developer at the company as a confidential human source (CHS), court documents state. This source had previously been sentenced to six years in the clink for importing illegal drugs, and agreed to cooperate with the Feds to reduce any future punishment potentially coming their way.

Crucially, not only had this programmer worked on the Phantom Secure's encrypted messaging software, but they were also doing work on rival encrypted comms service Sky Global — which also sold modified handsets with secure messaging features — as well as developing their own secure customized phone called AN0M.

"The CHS … had invested a substantial amount of money into the development of a new hardened encrypted device," the indictment by FBI Special Agent Nicholas Cheviron reads.

"The CHS offered this next generation device, named 'AN0M,' to the FBI to use in ongoing and new investigations. The CHS also agreed to offer to distribute AN0M devices to some of the CHS’s existing network of distributors of encrypted communications devices."

And so, in October 2018, the three-year sting operation began.

The CHS — who was paid $120,000 plus $59,000 in living and travel expenses by the authorities — worked with the FBI and the Australian Federal Police to hide a master decryption key into the AN0M app. Messages sent by the software's users were quietly copied and sent off to servers controlled by law enforcement, who were able to use the key to decrypt the texts. Technically speaking, each message is effectively BCC'd to a so-called iBot server located outside the United States that strips away the AN0M-level encryption, and re-encrypts the text for law enforcement. This text is then sent to another server, where the contents can be decrypted and viewed by investigators.

The first three distributors for AN0M were based Down Under. As the Australian authorities were ahead of the FBI in getting a legal framework in place to snoop on these conversations, the Oz cops were first in examining the chatter — albeit just conversations involving users either in Australia or with a nexus to it. Presumably, the AN0M app was set up to send the messages to a server in Australia's jurisdiction.

In this beta test, 50 handsets were passed out Down Under, and this phase of the operation was successful; two of the country's biggest criminal gangs were successfully penetrated and the message copying system worked perfectly. Aussie police reviewing the texts said they found 100 per cent were related to crime. Everyone who used the app was assigned a unique ID, and these handles were known to the police.
Let's go global

In the next phase, the CHS expanded the distribution network beyond Australia, and the FBI found itself in a position to collect the data. After negotiations with an unnamed third country, a message-relaying iBot server was set up in that nation to collect the BCC'd conversations, and on October 21, 2019, it began beaming copies of crooks' chats from AN0M handhelds to an FBI-owned system every Monday, Wednesday, and Friday. The third country's officials had secured a court order for the surveillance, and the FBI used a Mutual Legal Assistance Treaty, also known as an MLAT, to obtain the decrypted material.

Sales of AN0M grew steadily, and got a boost when French and Dutch police took down the EncroChat encrypted service in 2020. When a similar swoop shuttered Sky Global in 2021, demand skyrocketed. After the latter take-down, AN0M sales tripled to more than 9000 handsets, each costing $1700 with a six-month subscription to the AN0M encrypted messaging network, Grossman said.

The data haul from the application was immense: more than 27 million messages from 100 countries, and between 300 criminal gangs. This included more than 400,000 photos, typically of drugs or guns and, crucially, shipment plans.


A photo shared via the app. It's tuna surprise. The surprise being there's no tuna. It's coke. Source: DoJ. Click to enlarge

Belgian police, tipped off by the AN0M data, in 2020 captured 613 kilos of cocaine hidden in tuna cans. These were traced to an Ecuadorian supplier, who was caught with another 1523 kilos of coke in a container that would have shipped to Antwerp.


Would make for one hell of a Hawaiian pizza — cocaine-stuffed pineapples. Source: DoJ. Click to enlarge

After intercepting chat about cocaine shipments, on May 12 this year Spanish police seized 1595 kilos of cocaine hidden in hollowed out pineapples. The delivery, from a supplier in Costa Rica, had an estimated street value of $70M.

Police around the world have made 800 arrests from AN0M-gathered intelligence, including cuffing six US law enforcement officers. Of all of those detained, they primarily face charges of drug trafficking, money laundering, gun violations, and violent crime.

Grossman also announced Uncle Sam had indicted 17 suspects on RICO charges relating to the use and marketing of the AN0M handsets. Most of these people are said to be distributors, though the prosecutor said three were administrators who helped run the service. Eight of those RICO suspects have already been collared and detained.

"Operation Trojan Shield has shattered any confidence the criminals may have in the use of hardened encrypted devices," Grossman concluded. ®

No comments:

Post a Comment