Police in sixteen countries have launched multiple raids after intercepting the communications of organised criminal groups in the biggest police hacking operation undertaken to date.
Drug dealers and other criminal groups in the UK, Europe, Canada, Australia, New Zealand and the US were sending messages on an encrypted communications network, unaware that it was being run the FBI.
The network, known as An0m, offered encrypted Android phones and an encrypted computer platform that claimed to offer its users secure communications.
The FBI created An0m as a closed encrypted platform to target organised crime, drug trafficking and money laundering.
An0m had 9,000 users world-wide. Users were unaware that the FBI had been harvesting their private communications.
The platform is the latest in a string of encrypted communications networks, known as Criminally Dedicated Secure Communications (CDSC) networks to be breached by law enforcement.
Operation Trojan Shield brought together the FBI, the US Drug Enforcement Agency, Europol and law enforcement agencies from multiple countries.
Europol described the operation, which it said targeted some of the world’s foremost criminals, as the “most sophisticated effort to date to disrupt the activities of criminals operating from all four corners of the world.”
The An0m network was cracked by a technical expert from the Australian Federal Police (AFP), who developed a “trojan horse app” that was able to decrypt messages and read them in real time.
More than 9,000 officers across the world, including 4,500 from Australia worked on the investigation.
Australia invoked TOLA
Australian law enforcement agencies used controversial legal powers, in the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, to obtain access to the encrypted communication.
The law, known as TOLA, allows law enforcement and intelligence agencies to require information technology providers to assist in accessing the content of encrypted data.
The Australian Federal Police said that investigators were able to monitor 25 million messages from criminal groups involved in drug trafficking, money laundering and murder.
Criminals, described by the police as high-level targets, spoke openly on the platform.
Blogger warned of police infiltration
The secret operation was almost exposed by a blogger in March, who warned in a now deleted post that An0m had been compromised.
The blogger, known as “canyouguess67” warned that An0m passed data through the US and was being monitored by US law enforcement.
“Stat away from An0m if you value your privacy & safety. They are compromised, liars and your data is running via USA – passed onto Law Enforcement and other Entities,” the blog read.
The blogger said that the company did not own its own servers and that “any reasonable authority would be able to access their servers with relative ease”.
The blogger wrote: “I was able to locate all of their proxy servers including their main servers with minimal ease, all operating with the 5 eyes alliance.”
One server was based in Romania, where it could be easily infiltrated without An0m’s knowledge.
“The only thing An0m is good at is spreading misinformation without presenting the facts,” the blogger wrote.
The first hints of the operation emerged on the morning of 7 June 2021 when German news sites reported that police had raided drug laboratories, cannabis plantations and cocaine storage facilities.
Spiegel reported that German police conducted searches of more than 100 suspected drugs criminals in the early hours of the morning.
In Sweden, svt reported that police raided addresses in Stockholm, Gothenburg, and Helsingbord.
The Australian Federal Police said that 4,500 officers across Australia were executing 100s of search warrants on the morning of 7 June 2021.
The operation comes three months after Belgium and Dutch police announced they had cracked the Sky ECC cryptophone network used by 70,000 people worldwide.
The French Gendermarie, working with the Dutch Police, cracked the EncroChat encrypted phone network in April 2020.
The investigation led to arrests around the world, including over 1,500 arrests by UK police forces led by the National Crime Agency in operation Venetic.
Sixteen countries took part in a co-ordinated operation against criminals using An0m, including Australia, New Zealand, Canada, the UK and the USA.
Austria, Denmark, Estonia, Finland, Germany, Hungary, Lithuania, Sweden, Norway and the Netherlands also took part in the operation.
The operation to snare organised crime groups started three years ago, as a joint operation between the FBI and the AFP.
The FBI and the AFP had previously worked together in Operation Safecracking to crack the encrypted phone network, Phantom Secure.
The FBI began covertly running An0m without the knowledge of organised crime groups to fill the vacuum left by Phantom Secure.
Mobile phones loaded with the An0m app were sold on the black market. The phones were stripped of their capability so that they could not make calls or send emails.
Users could only send messages to other people with An0m phones.
Criminals were confident of using the app because high-profile organised criminals vouched for its integrity.
The AFP said that that Operation Ironside which tracked criminals using An0m in Australia had led to the arrest of 224 offenders throughout Australia.
More than 3.7 tonnes of drugs, 104 weapons and millions of dollars of cash and property have been seized under the operation since 2018.
AFP Commissioner Reece Kershaw described the operation as a “world-first”. He said it would provide state and territory police with years of intelligence and evidence.
“These criminal influencers put AFP in the back pocket of hundreds of alleged offenders,” he said.
“Essentially, they have handcuffed each other by endorsing and trusting An0m and openly communicating on it – not knowing we were watching the entire time".
Speaking at a press conference, Kershaw said AFP has been able to prevent 21 threats to life, including a mass shooting with a machine gun at a café.
He said that criminals were brazen at using the app to discuss drugs deals or other crimes.
Intercepted messages showed that criminals were doing businesses behind each other’s backs.
Kershaw said that although An0m was an important encrypted communications app, other bigger encrypted platforms are being used by organised criminals.
“They are almost certainly using those encrypted platforms to flood Australia, with drugs, guns and undermine our economy by laundering billions of dollars of illicit profit,” he said.
Police in New Zealand said they had seized £3.7 million in assets along with drugs, firearms, and vehicles.
Read more on Hackers and cybercrime prevention
Berlin court reverses ban on use of EncroChat evidence in criminal trials
Dutch prosecutor ordered to give evidence on EncroChat hack
Berlin court finds EncroChat intercept evidence cannot be used in criminal trials
FBI planned a sting against An0m cryptophone users over drinks with Australian investigators