Taking the Fight to Encrypted Crime Networks: Why the ANOM Sting Is So Important

More than 800 arrests have been made worldwide following an operation that encouraged criminals to use an encrypted comms network operated by the US Federal Bureau of Investigation (FBI) with assistance from Australian law enforcement. Dubbed Operation Trojan Shield, the FBI’s plan was to distribute the ANOM encrypted messaging app to mafia and drugs gangs that have grown wary of using public networks that are likely to be surveilled. Undercover officers seeded the distribution of ANOM by persuading underworld figures including Australian fugitive and alleged drug trafficker Hakan Ayik to recommend the app to their criminal associates. The app then spread virally between criminals. The success of this strategy is partly illustrated by the FBI’s map of all the countries that had ANOM users as of last month (pictured above).

A US Department of Justice announcement described the ANOM sting as ‘an investigation like no other’.

…criminals sold more than 12,000 ANOM encrypted devices and services to more than 300 criminal syndicates operating in more than 100 countries, including Italian organized crime, Outlaw Motorcycle Gangs, and various international drug trafficking organizations…

…agents catalogued more than 27 million messages between users around the world who had their criminal discussions reviewed, recorded, and translated by the FBI, until the platform was taken down…

The users… openly discussed narcotics concealment methods, shipments of narcotics, money laundering, and… violent threats… Some users negotiated drug deals via these encrypted messages and sent pictures of drugs, in one instance hundreds of kilograms of cocaine concealed in shipments of pineapples and bananas, and in another instance, in cans of tuna…

Grand totals for the entire investigation include 800 arrests; and seizures of more than 8 tons of cocaine; 22 tons of marijuana; 2 tons of methamphetamine/amphetamine; six tons of precursor chemicals; 250 firearms; and more than $48 million in various worldwide currencies. Dozens of public corruption cases have been initiated over the course of the investigation. And, during the course of the investigation, more than 50 clandestine drug labs have been dismantled. One of the labs hit yesterday was one of the largest clandestine labs in German history.

Australian police said they had acted on 20 different ‘threats to kill’ whilst the Swedish Police Head of Intelligence said the operation led to the prevention of more than 10 murders. The execution of the sting saw over 9,000 police officers searching 700 locations around the world.

The sting was described as the ‘biggest ever law enforcement operation against encrypted communications’ by a Europol press release, though this description misses the point entirely. In this instance the police were not fighting encrypted comms, but using the promise of encrypted comms to lure criminals into using a network that was not actually secure.

I recently argued that police were losing the battle against encrypted comms based on the trends in the number of users identified each time a new criminal comms network is infiltrated and taken down. It is great that law enforcement bodies have proven to be far more intelligent than I could have appreciated. Trying to catch criminals after they set up an encrypted comms network is going to be increasingly problematic because the technology is widespread and there is no way to erase what people know about cryptography. Many governments have already imposed modifications to services provided by legitimate comms providers to ensure the police have back door access or to make it easier for law enforcement to decipher messages. Watering down encryption on legal networks is the reason why criminals are motivated to create their own networks, and nothing will prevent them from using the strongest possible encryption. This means the police are likely to end up playing an endless game of whack-a-mole if their only strategy is to infiltrate each criminal comms network that rises to replace the last network taken down.

Setting up a bogus encrypted network is a game changer for law enforcement. It means police are listening in to all the criminal activity on a network from its inception, their bogus network is displacing the rise of genuine criminal networks that would otherwise have been created to satisfy demand, and criminals now have reason to fear that any network they adopt may just be a front for a sophisticated police operation. The FBI and their peers deserve considerable praise for changing the rules so they could finally get ahead of the criminal’s game.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.