How an informant and a messaging app led to huge global crime sting

It took $100,000 plus expenses, and the opportunity for a reduced prison sentence, for the smartphone developer to collaborate with the Federal Bureau of Investigation (FBI) in 2018 and kick-start Operation Trojan Shield, according to a court document.

Three years later, the investigation involving 9,000 law enforcement officers from 17 countries saw authorities monitor 27 million messages from 12,000 devices in 100 countries and track the activities of more than 300 organised crime groups, the European Union’s law enforcement agency, Europol, said in a statement.

To date, there have been more than 800 arrests and the seizure of more than eight tonnes of cocaine, 22 tonnes of cannabis, two tonnes of synthetic drugs, 250 guns, 55 luxury vehicles and over $48 million in cash and cryptocurrencies, Europol said. More arrests and seizures are expected, it said.

The U.S. court document – an affidavit from an FBI special agent first published by Vice News – says the “confidential human source”, a former drug trafficker, had been creating a new hardened encrypted phone with a bespoke app called ANOM, also styled An0m. The source came on board after authorities dismantled the Phantom Secure encrypted smartphone network and arrested its CEO in 2018.

For at least a decade, organised crime groups have used phones like Phantom Secure to organise drug deals, hits on rivals and launder illicit earnings without detection, police say. Among many of the phones’ features, content can be remotely wiped if they are seized.

But as one model was put out of business, new ones would enter the lucrative market.

The FBI decided it would launch its own, inserting a master key into the devices that attached to each message and enabled law enforcement officers to decrypt and store them as they were transmitted. The cost in the United States was $1,700 for a six-month subscription, a U.S. official said.

‘Couple of beers’

In 2018, Australian police investigators and analysts met with the FBI. “As you know, some of the best ideas come over a couple of beers,” said Australian Federal Police (AFP) commissioner Reece Kershaw on Tuesday.

Prodded by authorities, the developer-turned-informant tapped his trusted distributors, who targeted the Australian market. They settled on a soft launch in October 2018. The developer gave the distributors only 50 devices to sell. Seeing a “huge payday”, they agreed, according to the affidavit.

As the AFP monitored the messages and photos shared on the devices, “100% of ANOM users in the test phase used ANOM to engage in criminal activity”, the affidavit said. Business grew organically, by word-of-mouth. Soon overseas criminals were flocking to use the ANOM phone.

Law enforcers had “an edge” that they had never had before, said Kershaw. Among hundreds of arrests and tons of drugs seized, Australian authorities said they also disrupted 21 murder plots, including a mass killing, thanks to ANOM.

But, due to “technological issues”, the FBI could not directly monitor the phones in Australia. A court order in late 2019, however, issued by an unspecified country where a server for the phones was located, gave the agency far greater and more timely access to their content.

The FBI and other countries’ law enforcers discovered that Italian organised crime, Asian triads, biker gangs and transnational drug syndicates were all users.

The special agent’s affidavit, and the AFP’s Kershaw, said criminals used the phones openly, often not even using code words and frequently sharing photos of massive drug consignments and details of how they would be transported.

Among the images shared in the affidavit were mounds of blocks of illicit drugs and a diplomatic pouch identified in the court document as French and said to be used to transport cocaine from Colombia. There was also evidence of corrupt government officials and police. Crime groups were being “notified of anticipated enforcement actions”, the affidavit said. “The review of ANOM messages has initiated numerous high-level public corruption cases in several countries.”

Raids targeting users of another encrypted phone, Sky ECC, in March saw ANOM’s popularity surge, with active users growing from 3,000 to 9,000 in months, the affidavit said.

But the expiry of the unspecified country’s court order on Monday signalled the end of the phones’ torrent of criminal intelligence. In a series of news conferences around the world the next day, Operation Trojan Shield was revealed.

If you liked this, try reading:

Nathan Lynch is an experienced writer, public speaker, manager and technology enthusiast in the field of financial regulation and risk management. At Thomson Reuters, Nathan leads a team of experts who provide breaking news, deep analysis and practical guidance to risk practitioners in the global financial services sector.
Nathan manages Thomson Reuters’ award-winning Regulatory Intelligence team across the Asia-Pacific region, tracking developments in financial services law, regulation, financial crime and risk management.
Nathan has been involved in building innovative, tech-based businesses in the financial services “regtech” sector — including Complinet Australia and the Thomson Reuters Risk business.

Subscribe to Business Insight

Discover best practice and keep up-to-date with insights on the latest industry trends.