Trojan Shield, the biggest ever police operation against encrypted communications

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

The US Federal Bureau of Investigation (FBI), the Dutch National Police (Politie), and the Swedish Police Authority (Polisen), along with the US Drug Enforcement Administration (DEA) and police from 16 other countries have carried out with the support of Europol a joint operation against criminal activities worldwide.

The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.  Authorities gained access to 27 million messages exchanged via ANOM by criminals that were discussing about their illegal activities. 

“Since 2019, the US Federal Bureau of Investigation, in close coordination with the Australian Federal Police, strategically developed and covertly operated an encrypted device company, called ANOM, which grew to service more than 12 000 encrypted devices to over 300 criminal syndicates operating in more than 100 countries, including Italian organised crime, outlaw motorcycle gangs, and international drug trafficking organisations.” reads the press release published by the EUROPOL. 

The goal of the new platform was to target global organised crime, drug trafficking, and money laundering organisations, regardless of where they operated, and offer an encrypted device with features sought by the organised crime networks, such as remote wipe and duress passwords, to persuade criminal networks to pivot to the device. 

According to Europol, this is one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities.  

The authorities intercepted secret messages between criminal gang members for more than three years.

As part of the operation code-named Operation Ironside (AFP) / Trojan Shield (FBI, Interpol), the law enforcement agencies conducted house searches and arrested thousands of people suspected to be members of different criminal groups.

Arrested individuals were members of biker gangs in Australia, drug trafficking organizations across Asia and South America, money laundering organisations, and some of them took part in human trafficking and the sale of weapons.

“A series of large-scale law enforcement actions were executed over the past days across 16 countries resulting in more than 700 house searches, more than 800 arrests and the seizure of over 8 tons of cocaine, 22 tons of cannabis and cannabis resin, 2 tons of synthetic drugs (amphetamine and methamphetamine), 6 tons of synthetic drugs precursors, 250 firearms, 55 luxury vehicles and over $48 million in various worldwide currencies and cryptocurrencies. Countless spin-off operations will be carried out in the weeks to come.” continues EUROPOL.

In a press conference today, Australian police confirmed that the Trojan Shield began in 2018 after the FBI seized the encrypted chat platform Phantom Secure, an event that shook the crime ecosystem and forced many gangs to move to another encrypted communication system.

Then, US and Australian authorities joint the efforts and launched their own encrypted communication service based on Anøm (aka AN0M), which is an encrypted chat platform secretly compromised by agents under cover from the FBI. The secure devices don’t use phone number to communicate because the encrypted traffic it relayed via An0m’s central platform.

Criminals were using secure smartphones configured to run only the An0m app that was able to communicate only with peers with the same configuration.

Then the app was advertised in the criminal underground, in many cybercrime forums on the dark web and via the anom.io website.

“The FBI opened a new covert investigation, Operation Trojan Shield, which centered on exploiting Anom by inserting it into criminal networks and working with international partners, including the Australian Federal Police (“AFP”), to monitor the communications. Before the device could be put to use, however, the FBI, AFP, and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability.” reads court documents describing the process implemented by the police to tamper into the communications.. “By design, as part of the Trojan Shield investigation, for devices located outside of the United States,5 an encrypted “BCC” of the message is routed to an “iBot” server located outside of the United States, where it is decrypted from the CHS’s encryption code and then immediately re-encrypted with FBI encryption code. The newly encrypted message then passes to a second FBI-owned iBot server, where it is decrypted and its content available for viewing in the first instance”

Most of the messages collected as part of the Trojan Shield operation were analyzed by the Australian police and the gathered intelligence was shared between law enforcement agencies worldwide to take coordinate the operations.

In the past, law enforcement agencies also infiltrated communities behind other encrypted communication platforms, such as EncroChat and Sky ECC.

“This operation is an exceptional success by the authorities in the United States, Sweden, the Netherlands, Australia, New Zealand and the other European members of the Operational Task Force. Europol coordinated the international law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target organised crime and drug trafficking organisations, wherever they are and however they choose to communicate. I am very satisfied to see Europol supporting this operation and strengthen law enforcement partnerships by emphasizing the multi-agency aspect of the case.” said Europol’s Deputy Executive Director Jean-Philippe Lecouffe.

“Encrypted criminal communications platforms have traditionally been a tool to evade law enforcement and facilitate transnational organized crime. The FBI and our international partners continue to push the envelope and develop innovative ways to overcome these challenges and bring criminals to justice,” said the FBI’s Criminal Investigative Division Assistant Director Calvin A. Shivers. “We are grateful to Europol for their commitment to fighting transnational organized crime and their partnership with the FBI.” said Calvin Shivers, Assistant Director, Criminal Investigative Division, US Federal Bureau of Investigation.

Below my interview on the topic made with TRT World:

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Trojan Shield)

[adrotate banner=”5″]

[adrotate banner=”13″]