Encryption text messages The favorite device of criminals was ... an FBI trap

The FBI announced on Tuesday that it had tricked members of organized crime in 90 countries, including Canada, by unknowingly selling them compromised communications devices that allowed authorities to eavesdrop on their messages. The success of the operation is based on the decommissioning of two Canadian providers of encrypted phones which have left a gaping hole in the black market recently. A hole that the police filled themselves.

Published on June 9, 2021Vincent Larouche La Presse

The small device, called ANOM, looks like an ordinary smartphone. It is compact, elegant, easy to handle. But it does not allow you to make a call or browse the Internet. Its only function is to allow holders of identical devices around the world to exchange encrypted text messages deemed invulnerable. Its promoters said that the police could never intercept them. If a device was seized by law enforcement, its contents would be automatically erased. An ideal tool for international drug traffickers.

You had to pay CAN$1,700 every six months to have access to the device. Distribution was by word of mouth within criminal networks. It was a monster success.

Then, over the past few days, within 48 hours, hundreds of users linked to criminal groups were arrested in Australia, New Zealand, and then in several European countries.

On Tuesday, the FBI and the police alliance Europol revealed the pot of roses: the ANOM network had been controlled by the police from the start. The operation was dubbed “Trojan Shield”. The authorities had built a "back door" into the system and secretly encouraged its popularity among organized crime. Investigators have had access to all the messages exchanged on the device.

As of this week, there were 9,000 active devices in circulation, used by 300 criminal groups from all continents, including Colombian cocaine cartels, the Italian mafia, outlaw motorcycle gangs and a host of other trafficking organizations.

1/2

“Supreme irony”

“The supreme irony was that the devices used by these criminals to hide from the authorities were in fact guides for the authorities “said US federal prosecutor Randy Grossman at a press conference.

Encrypted text messages criminals was… an FBI trap

Legal documents filed in a California court expose how the downfall of several former suppliers of similar products, including two Canadian groups, allowed the trap to set in.

According to an affidavit by an FBI agent, it all started in 2017 with the takedown of the Phantom Secure Network, a British Columbia-based provider of encrypted devices for organized crime run by Canadian Vincent Ramos.

When Phantom Secure went down, investigators around the world saw that criminal groups were looking for a new, trustworthy platform to restore their communications. Everyone was looking for the new infallible device to organize international traffic.

In 2018, the FBI arrested a former distributor of Phantom Secure products who was working to develop a new system for organized crime. In exchange for a reduced sentence, he agreed to work for the police. This developer therefore created the ANOM devices in collaboration with the FBI, then he began to distribute them through his old contacts who once sold the Phantom Secure devices.

Several criminal groups have started adopting it. But the competition was strong.

Another such communications network, Encrochat, nicknamed the “gangsters’ WhatsApp”, had emerged in Europe and gained a large following. However, it was dismantled by the French and Dutch police in the summer of 2020, pushing several bosses into the arms of ANOM.

The FBI agent clarified that another Canadian supplier had been trying to fill the same niche in recent years. It was a Vancouver company, called Sky Global and headed by a certain Jean-François Eap, which sold major brand phones specially modified for their needs to organized crime.

Last March, the Sky Global network was taken offline, and criminal charges were brought in the United States against Jean-François Eap (he pleaded not guilty and contests the allegations).

At this time, ANOM became a dominant player on the organized crime scene. Its users nearly tripled in one fell swoop, according to a US search warrant uncovered on Monday.

“Criminals who use devices [of this type] are constantly looking for the next secure device, and the distributors of these devices have made impenetrable criminal communications possible for years. One of the purposes of Operation Trojan Shield is to shake confidence in this entire industry,” the document states.

“Influencers” to promote the device

According to American justice, the ANOM network was run by a small circle of administrators connected to a group of “influencers”, heavyweights of the underworld who promoted their devices to their contacts. Other than the developer hired by the FBI, everyone was unaware that they were promoting a compromised product.

The FBI says its analysis of the 27 million messages exchanged on the ANOM network since 2018 shows that 100% of users were part of the criminal world. According to the American agency, ordinary citizens concerned about protecting their data and their privacy did not have access to this expensive product distributed among a restricted group of criminals.

“To enter the application, you needed an invitation code that someone who was already in the application would send you. It's brilliant on the part of the FBI, to map the human network of organized crime behind, to know who invites whom and therefore who speaks to whom, "explained to La Presse the specialist in computer security Jean-Loup Le Roux.

Documents filed in court show intercepted messages about packages of cocaine sent to Asia in crates of bananas or to Europe in canned tuna or pineapples. Other conversations dealt with assassination plots, corrupting politicians, arms trafficking. The spied groups were apparently convinced that their messages were perfectly protected. "We were surprised by the very free tone" of the exchanges, said Suzanne Turner, an FBI manager.

Including related strikes made over the past few months, more than 800 suspects have been arrested worldwide. Europol and the FBI confirm that users have been identified in Canada. An indictment filed in California also specifies that in North America, the cost of subscribing to ANOM was calculated in Canadian dollars.

The Royal Canadian Mounted Police would not say if it also arrested suspects, but a spokeswoman told La Presse that the operation was carried out "in consultation with the RCMP" and that, according to the police force, the targeted network was not used for any legitimate activity. "These tools are used for the sole purpose of promoting communications related to criminal activities," said Sergeant Caroline Duval.

With Tristan Péloquin, La Presse