Ironside: Police trick criminals with ANOM Crypto-Devices and Messenger app

Sicherheit (Pexels, allgemeine Nutzung)[German]It is the stuff of a detective story. Among criminals, cell phones with encrypted communication using the messenger service ANOM were very popular. What the criminals didn't know was that the American FBI had taken over ANOM and was able to listen in on the criminals' conversations and communications. Now there were worldwide arrests as part of Operation Ironside.


German blog reader Bolko had already summarized it very compactly in a comment here in the blog. The FBI had also circulated the self-developed crypto app "ANoM", but the encrypted communication could listen to the FBI for years.Therefore, there were hundreds of house searches and arrests worldwide today.

"Operation Ironside" was the name of a deception maneuver during World War II. In 1944, the Allies tricked the Nazis into believing that the British navy would soon land on the northern French coast. To feed the Germans the fabricated information, the British used several double agents.

In a press release, Europol provides some details about the entire operation. Since 2019, the U.S. Federal Bureau of Investigation (FBI), in close coordination with the Australian Federal Police, strategically developed and covertly operated an encrypted device company called ANOM. The company's product was a crypto phone based on Android, with ANOM claiming that it was a special custom ROM for Android smartphones. This was supposed to provide a particularly secure environment and encryption. This company has now supplied more than 12,000 encrypted devices to over 300 criminal syndicates in more than 100 countries. Among them are Italian organized crime (Mafia), outlaw motorcycle gangs and international drug trafficking organizations.

Criminals in need for encrypted communications

Criminal networks have a high demand for encrypted communications platforms to facilitate their criminal activities. However, the market for encrypted platforms is considered volatile. In July 2020, the encrypted platform EncroChat was broken by the Operational Taskforce EMMA (France, Netherlands). This international operation sent shockwaves throughout the criminal underworld across Europe and was followed by another takedown of a similar nature in 2021: An international group of judicial and law enforcement agencies (Belgium, France, Netherlands) successfully blocked further use of encrypted communications by organized crime networks via the Sky ECC (Operational Task Force Limit) communications service tool.

Both operations provided invaluable insight into an unprecedented amount of information exchanged between criminals. Following the shutdown of Sky ECC in March 2021, many organized crime networks sought a rapid encrypted replacement for a communications platform that would allow them to evade detection by law enforcement.

The underworld thus needed a substitute solution, which was supposedly offered in the ANOM platform. However, ANOM was a deliberate and strategic aspect of OTF Greenlight / Operation Trojan Shield that resulted in a portion of the Sky ECC criminal customer base migrating to the FBI-managed Anom platform.


Plattform ANOM

ANOM is a platform for encrypted communications using an app that runs on modified Android phones. The goal of the new platform was to target organized crime, drug trafficking, and money laundering organizations worldwide, regardless of where they operated. Ostensibly, criminals were offered an encrypted Android device with features sought by organized crime networks. These include remote wipe (wiping a device remotely) and forced passwords. The idea was to get the criminal networks to switch to this solution. As mentioned above, the FBI controlled the ANOM company and was able to place many devices with the target group to monitor their communications.

This operation, known as OTF Greenlight/Trojan Shield, is one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activity. Europol established an Operational Task Force (OTF) for Operation Trojan Shield/Greenlight and provided operational support to participating countries by acting as a criminal intelligence hub, facilitating information sharing, and coordinating with other Europol-supported investigations. A total of 16 countries participated in this OTF and sent representatives to Europol in The Hague, Netherlands, to coordinate their activities at the national and international levels. The large system of international liaison officers at Europol ensures that the interests of law enforcement agencies from EU member states and non-EU partners are represented at Europol headquarters. Europol supported the OTF Greenlight / Operation Trojan Shield, which was led by the U.S. FBI, Sweden, the Netherlands, and Australia.

The following countries participated in the international coalition: Australia, Austria, Canada, Denmark, Estonia, Finland, Germany, Hungary, Lithuania, New Zealand, the Netherlands, Norway, Sweden, the United Kingdom including Scotland, and the United States.

18 months of communications intercepted and slammed

The FBI and the 16 other countries in the international coalition, with the assistance of Europol and in coordination with the U.S. Drug Enforcement Administration, then used intelligence from the 27 million messages received and reviewed them over 18 months as the criminal users of ANOM discussed their criminal activities.

In recent days, a series of large-scale law enforcement operations were conducted in 16 countries, resulting in more than 700 home searches, more than 800 arrests, and the seizure of over 8 tons of cocaine, 22 tons of cannabis and cannabis resin, 2 tons of synthetic drugs (amphetamine and methamphetamine), 6 tons of synthetic drug precursors, 250 firearms, 55 luxury vehicles, and over $48 million in various global currencies and cryptocurrencies.

Countless secondary operations will be conducted in the coming weeks.  Operation Trojan Shield/Greenlight will enable Europol to further improve the information picture on organized crime in the EU due to the quality of information collected. This improved information picture will support continued efforts to identify operational, high-value criminal targets at the global level.

The fact that law enforcement now struck and made the operation public is probably also related to the fact that the whole thing was eventually half blown. German blog reader Bolko pointed out in this comment that there was this article from March 2021. The article must have been deleted very quickly, but is still stuck in the Internet archive. The short version: Someone took a closer look at the Android smartphones sent by ANOM and expressed doubts that the company's claims regarding the devices enabling private and anonymous communication were really true. He was probably not that far off the mark after all.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *