FBI, Australian Police Ran A Backdoored Encrypted Chat Service For Three Years

from the we've-got-a-server-on-the-inside-[wink] dept

Recently unsealed documents have revealed the FBI and the Australian Federal Police ran a backdoored encrypted communications service for more than three years, resulting in dozens of arrests and several large drug busts. Here’s a brief summary via Joseph Cox for Motherboard.

For years the FBI has secretly run an encrypted communications app used by organized crime in order to surreptitiously collect its users’ messages and monitor criminals’ activity on a massive scale, according to a newly unsealed court document. In all, the elaborate operation netted more than 20 million messages from over 11,800 devices used by suspected criminals.

This honeypot/chat app went into development following law enforcement’s takedown of other encrypted phone providers like Phantom Secure and Sky Global. According to the unsealed warrant [PDF] targeting a Gmail account of a suspect, the backdoored communications offering was the direct result of the indictment of Vincent Ramos, the CEO of Phantom Secure.

After Ramos was arrested, San Diego FBI agents recruited a Confidential Human Source (“CHS”) who had been developing the “next generation” encrypted communications product, poised to compete for market share against established hardened encrypted device competitors. At the time, the void created by Phantom Secure’s dismantlement provided a new opportunity for criminal users to switch to a new, secure brand of device. The CHS previously distributed both Phantom Secure and Sky Global devices to TCOs [transnational criminal organizations] and had invested a substantial amount of money into the development of a new hardened encrypted device. The CHS offered this next generation device, named “Anom,” to the FBI to use in ongoing and new investigations. The CHS also agreed to offer to distribute Anom devices to some of the CHS’s existing network of distributors of encrypted communications devices, all of whom have direct links to TCOs.

ANoM was first distributed to criminals in Australia by the FBI’s source. But not before both the FBI and AFP added interception capabilities.

The FBI opened a new covert investigation, Operation Trojan Shield, which centered on exploiting Anom by inserting it into criminal networks and working with international partners, including the Australian Federal Police (“AFP”), to monitor the communications. Before the device could be put to use, however, the FBI, AFP, and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability. By design, as part of the Trojan Shield investigation, for devices located outside of the United States, an encrypted “BCC” of the message is routed to an “iBot” server located outside of the United States, where it is decrypted from the CHS’s encryption code and then immediately re-encrypted with FBI encryption code. The newly encrypted message then passes to a second FBI-owned iBot server, where it is decrypted and its content available for viewing in the first instance.

The investigation began in Australia with the AFP intercepting messages, utilizing the expanded powers given to it by 2018’s Telecommunications and Other Legislation Amendment (TOLA) to secure permission to intercept every communication carried by the ANoM devices. But the permission it received had limits. It was only able to “discuss generally” the content of the intercepted communications, rather than share them directly with the FBI.

As more devices made their way into the hands of suspected criminals, the FBI began performing its own interceptions. But it didn’t do it directly. Instead, it asked an unnamed third country to perform the interception for it with the understanding it would hand over intercepted communications to the FBI.

[T]he FBI itself was not yet reviewing any of the decrypted content of Anom’s criminal users. Also by summer of 2019, the investigative team engaged representatives from a third country to receive an iBot server of its own and obtain the contents of communications occurring between Anom users… The third country agreed to obtain a court order in accordance with its own legal framework to copy an iBot server located there and provide a copy to the FBI pursuant to a Mutual Legal Assistance Treaty (“MLAT”). Unlike the Australian beta test, the third country would not review the content in the first instance. FBI geo-fenced the U.S., meaning that any outgoing messages from a device with a U.S. MCC would not have any communications on the FBI iBot server.

[…]

In October 2019, the third country obtained a court order which enabled the copying of the iBot server and the receipt of its contents every two to three days. The initial MLAT between the U.S. and the third country authorized FBI to receive data from October 7, 2019, through January 7, 2020. […]

Since October 2019, the third country has obtained additional court order pursuant to its own laws to copy the iBot server and the United States has obtained the server data pursuant to additional MLATs. The third country provides Anom server data to the FBI every Monday, Wednesday, and Friday, and will continue to do so until the expiration of the third country’s court order on June 7, 2021. This data comprises the encrypted messages of all of the users of Anoms with a few exceptions (e.g., the messages of approximately 15 Anom users in the U.S. sent to any other Anom device are not reviewed by FBI).

The 15 or so users in the US were monitored by the Australian Federal Police for “any threats to life” and this information “shared generally” with the FBI. Once this was all in place, the FBI was soon swimming in intercepted messages from all over the world.

Since October 2019, the FBI has reviewed the content from the iBot server in the third country pursuant to the MLAT. They have translated the messages (where necessary and where translations are available) and have catalogued more than 20 million messages from a total of 11,800 devices (with approximately 9000 active devices currently) located in over 90 countries.

The affidavit notes that most of ANoM’s users reside in Serbia, Germany, Netherlands, Spain, and Australia. Other than Australia, no other country (or their applicable laws/legal processes) are discussed.

There’s a whole lot of criminal activity being discussed using these devices. And not all of it is directly drug-related.

[T]he review of Anom messages has initiated numerous high-level public corruption cases in several countries. The most prominent distributors are currently being investigated by the FBI for participating in an enterprise which promotes international drug trafficking, money laundering, and obstruction of justice.

[…]

From those messages, more than 450,000 photos have been sent detailing conversations on other encrypted platforms discussing criminal activity, cryptocurrency transactions, bulk cash smuggling, law enforcement corruption , and self-identification information.

Yep. Law enforcement corruption.

Information reviewed on the platform has revealed law enforcement sensitive information passed to TCOs, such as reports and warrants. TCOs have also been notified of anticipated enforcement actions against the TCO or other criminal associates.

This multi-national investigation shows it’s still possible to take down criminal organizations despite their use of encrypted communications. One solution for law enforcement appears to be to “roll your own” — one that allows investigators to listen in on conversations as they happen.

Filed Under: , , , , ,
Companies: anom

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI, Australian Police Ran A Backdoored Encrypted Chat Service For Three Years”

Subscribe: RSS Leave a comment
8 Comments
Scary Devil Monastery (profile) says:

For once, a smart move by law enforcement

This is really the way to go about it.

  • Build an encrypted app you have full control over.
  • Get your snitches and undercover agents to sell it to the criminal sector like the best thing since sliced bread.
  • Collect the information and start up investigations.
  • Go to court.

Mind you, there are a few moral implications around building and setting up a massive sting op this way. To whit, I’m fairly sure this involves more than a few gray areas and outright black ones narrowly circumvented by loopholes just to remain legal.

It also doesn’t set a good precedent to have government operating communications infrastructure explicitly built to monitor deplorables.

ECA (profile) says:

Re: For once, a smart move by law enforcement

The BIG part of this tends to be, how fast the criminals figure out WHERE the info came from to get arrested.
Better to Collect TONS and years of data, then to let loose the idea that, ‘That program was the only way I communicated, with others’.

And I really wonder sometimes, that as a Criminal, Why not get someone With abit of programming skill, LOOK at the program you are using BEFORE you use it. AND MAKE your OWN Chat program, QUIT using what is around and made by others.

Anonymous Coward says:

Re: Re: For once, a smart move by law enforcement

And I really wonder sometimes, that as a Criminal, Why not get someone With abit of programming skill, LOOK at the program you are using BEFORE you use it. AND MAKE your OWN Chat program, QUIT using what is around and made by others.

There’s a Key & Peele skit to this degree, about a bank heist where they become men on the inside, working to keep a low profile, and gradually getting the money given to them by the mark each week. Then after 30 years they leave like ghosts.

To say that if they were capable of doing what you’re saying, they’d just be developing those apps, not necessarily being criminals.

Tanner Andrews (profile) says:

Re: For once, a smart move by law enforcement

narrowly circumvented by loopholes just to remain legal

Do not count on it. The FBI does not have a history of carefully remaining legal. Rather, they have a history of trying not to get caught. That, combined with AUSAs who do not prosecute the guys on “their team”, generally provides adequate safety for the FBI operatives.

Scary Devil Monastery (profile) says:

Re: Re: For once, a smart move by law enforcement

"Do not count on it. The FBI does not have a history of carefully remaining legal."

Well, no, I’ll admit that I’m not assuming the FBI’s to necessarily be competent enough to go sliding through the loopholes they’ve bargained for rather than run smack into the wall.

But at least when a bureaucracy has a mechanism in place whi9ch at some point renders something horribly shady fully legal they can argue good faith. Which, in many jurisdictions renders the group of civil servants calling the shots immune to prosecution barring some fairly exotic evidence is brought to the table…

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...