from Hacker News

Australian Federal Police and FBI nab underworld figures using encrypted app

by ferros on 6/8/21, 3:56 AM with 348 comments

  • by femto on 6/8/21, 6:18 AM

    The Australian Broadcasting Corporation is covering it in more detail than the Reuters article, including some of the mechanics of how it was pulled off:

    https://www.abc.net.au/news/2021-06-08/fbi-afp-underworld-cr...

    Apparently it revolved around duping Hakan Ayik, one of Australia's most wanted drug dealers now operating as an international kingpin from Turkey, to trust the app and recommend it to his associates. It's a double whammy, in that the network has been blown wide open and the AFP is now telling Ayik to hand himself in to avoid recriminations from his associates. No doubt there will be a movie about this one.

  • by flashman on 6/8/21, 6:03 AM

    As to how the FBI got access to the messages, Vice says[1] after Vincent Ramos of Phantom Secure was arrested in 2018, a confidential human source offered Anom, which the source was developing, to the FBI (probably in exchange for immunity or a reduced sentence, in my opinion). The source then seeded Anom phones to his existing distributors as a replacement for Phantom Secure phones, and from their they made their way into criminal organisations.

    [1] https://www.vice.com/en/article/akgkwj/operation-trojan-shie...

  • by cromka on 6/8/21, 7:12 AM

    What we've learned is only what was in Austrlia's piece of the cake, given they started their day already. New Zeland had theirs already, too. I imagine thousands of arrests are still happening worldwide and several press conferences are going to be held today. Looking at the seal of the operation (https://www.anom.io/trojan_shield_seal.jpg), following countries participated in the operation: Canada, Australia, US, Sweden, The Netherlands, Lithuania, Finland, Hungary, Norway, Austria, UK, New Zeland, Estonia, Scotland, Germany, Denmark.

    I expect this to be bigger than Panama Papers. Way bigger. I expect a few prominent politicians to be soon either arrested or "convinced" to step down. I expect the US to have gained a lot of intel and leverage over those from the countries who did not participate in this. We will absolutely not learn about everything they discovered. CIA will and the respective intelligence agencies will.

    EDIT: Europol will hold their conference live on YouTube at 10 AM CST: https://twitter.com/janoorth/status/1402164252266409987

    EDIT 2: given how Serbia was in the top 4 of messages sent, I really hope that the info gathered will help Interpol fight child trafficking and exploitation in the EU.

    From the VICE article (https://www.vice.com/en/article/akgkwj/operation-trojan-shie...) quoted elsewhere here:

    "Additionally, the review of Anom messages has initiated numerous high-level public corruption cases in several countries. The most prominent distributors are currently being investigated by the FBI for participating in an enterprise which promotes international drug trafficking, money laundering, and obstruction of justice."

    "Late Monday, the FBI said that it would be holding "a news conference announcing a massive worldwide takedown based on the San Diego FBI’s unprecedented investigation involving the interception of encrypted communications" on Tuesday."

  • by michaelmrose on 6/8/21, 5:25 AM

    Does anyone find it funny that each criminal group could have been better off relying on a "kid who knows computers" level of expertise and bog standard devices running open source software which at least wouldn't be trivially systematically turned against them all at once quite so easily.

  • by asimpletune on 6/8/21, 5:40 PM

    This is how police should get around the problems presented with encryption. This is real policing.

    The PR barrage and faux posturing by the FBI to weaken encryption has always seemed like just lazy policing to me.

    If anything, the hacking attacks on industrial centers has better illustrated than anything why encryption is necessary, and this new triumph has demonstrated that police can continue to function, even thrive in a world that permits encryption.

  • by Santosh83 on 6/8/21, 5:24 AM

    The lesson here is complete trust in modern computing platforms is misplaced and impossible. Your hardware has backdoors, so does your OS, and encryption clients. In addition, popular apps, especially in the US, can always be commandeered by 3-letter agencies.

    You're only anonymous as long as you're not actively targetted, despite using "secure" apps and stuff like Tor, which media makes it seem are unbreakable.

  • by janmo on 6/8/21, 11:11 AM

    I've been reading a lot about these "encrypted phones recently". What really shocks me is how in the last years police has been going after operators of such services under the premise that they would help criminals.

    - Sky ECC (Shutdown, owner is facing criminal charges)

    - Phantom Secure (Shutdown and owner got 9 years in prison)

    - Encrochat ("Hacked" by french police)

    So it seems like those "Encrypted phones" were very effective for Law Enforcement to put such an effort to go after them.

    I think that criminal organizations will now rely on a do it yourself technique. Not buying phones online which is a very bad idea as law enforcement could just trap the phones at the postal facility, something they already do.

    Going to an old fashion phone retailer, then removing the camera and GPS module yourself and installing some encrypted open source software.

    Probably they are also going to fake messages. For 2 purposes:

    - Talk about a fake huge drug deliveries or an imminent mass shooting to verify if the network has been compromised, I am pretty sure police has no choice other than to act in such a situation.

    - This could be used as a strategy defense, if some messages turn out to be fake, then they can use plausible deniability on the others. And perhaps even claim police has faked them.

  • by rbobby on 6/8/21, 10:19 AM

    I find this a bit concerning. Catching bad guys is all well and good but I wonder whether the various governments are overreaching.

    Selling a bugged phone to a known criminal is likely fine (cite: The Wire).

    But is it acceptable to sell a bugged phone to unknown/unidentified/random people and then use the phone's communications to determine if the owner is a crook and the owner's identity? The sole basis of suspicions seems to be "bought phone", or maybe "bought phone using bitcoin", or even "bought phone on TOR using bitcoin".

    It will be interesting to see how many of these cases hold up in court.

  • by turbinerneiter on 6/8/21, 9:26 AM

    I'm happy they are catching criminals, but now I wonder how many of my encryption and privacy software is actually an FBI front.

  • by na85 on 6/8/21, 5:03 AM

    Text of TFA uses the term "infiltrating" in lieu of "cracking". Not that I necessarily expect Reuters to keep their infosec terminology straight but I wonder if this was a novel hack or if was a simple matter of a judicial gag order, seizing the developer's account and then pushing out a malicious update that enabled MITM or something.

  • by spicyramen on 6/8/21, 6:59 AM

    Can't find the article but Mexican drug cartels hired Cisco certified experts to setup their encrypted communications. Not just your average CCNA guy from test king, but industry experts working for Service Providers and Government.

  • by hemloc_io on 6/8/21, 1:34 PM

    Seems like duplication and infiltration is becoming a more common tactic amoung LE.

    There's some pretty convincing speculation Dream market was setup as a similar operation to this. [0]

    If this proves anything it's that the fear mongering by LE about encryption was overblown and they're just lazy lol.

    0: https://youtu.be/1VZkiQUzITU

  • by 31tor on 6/8/21, 5:26 AM

    So the big question is if would have been better to strike fast, silently gain more intel och strike in some kind of statistical analysis maner to not blow their cover á la Alan Turing and the enigma

  • by janmo on 6/8/21, 11:19 AM

    I think this is very problematic.

    Let's say police claims you did something with only the chat log as an evidence and they run the chat software. Then they could very well have just faked it, because they have a high incentive to do so.

    If the messages were on a third party platform you would at least have a neutral third party involved.

  • by yawaworht1978 on 6/8/21, 8:54 AM

    It seems like there is a bust of these "safe" devices every other month. And the groups trust them again, when will they learn, do not use a phone or computer. One of the last Italian capos would pass on messages on pieces of paper or verbally. And still got busted, but after a life time.

  • by jliptzin on 6/8/21, 10:03 AM

    I wonder how much crime would be left if the drug trade were legalized

  • by ferros on 6/8/21, 5:06 AM

    Looks like the app’s domain was also seized.

    https://www.anom.io/

  • by cylde_frog on 6/8/21, 5:24 AM

    From what I understand they targeted a high ranking member of the gang and he promoted the app, which was developed by the police to others. Since a high level member endorsed it, it become widely used.

  • by bloqs on 6/8/21, 8:05 AM

    From the Vice Motherboard article: https://www.vice.com/amp/en/article/akgkwj/operation-trojan-...

    "This data comprises the encrypted messages of all of the users of Anoms with a few exceptions (e.g., the messages of approximately 15 Anom users in the U.S. sent to any other Anom device are not reviewed by the FBI),"

    Any ideas as to why?

  • by nneonneo on 6/8/21, 6:52 AM

    There are more details in a recently unsealed search warrant against a GMail user: https://storage.courtlistener.com/recap/gov.uscourts.casd.70...

    An informant (confidential human source, or "CHS") helped the FBI and AFP (Australian Federal Police) develop and distribute Anom to criminal gangs (transnational criminal organizations, or "TCOs"):

    > The CHS offered this next generation device, named “Anom,” to the FBI to use in ongoing and new investigations. The CHS also agreed to offer to distribute Anom devices to some of the CHS’s existing network of distributors of encrypted communications devices, all of whom have direct links to TCOs.

    Anom was specifically designed from the ground up with an encryption backdoor:

    > Before the device could be put to use, however, the FBI, AFP, and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability. By design, as part of the Trojan Shield investigation, for devices located outside of the United States, an encrypted “BCC” of the message is routed to an “iBot” server located outside of the United States, where it is decrypted from the CHS’s encryption code and then immediately re-encrypted with FBI encryption code. The newly encrypted message then passes to a second FBI-owned iBot server, where it is decrypted and its content available for viewing in the first instance.

    Naturally, the FBI can't spy on domestic communications without a warrant, so they got the AFP to do it for them:

    > FBI geo-fenced the U.S., meaning that any outgoing messages from a device with a U.S. MCC would not have any communications on the FBI iBot server. But if any devices landed in the United States, the AFP agreed to monitor these devices for any threats to life based on their normal policies and procedures.

    Closing Sky Global and Encrochat drove criminals to Anom:

    > Since March 12, 2021, as a direct result of the Sky Global charges, there are now close to 9000 active Anom users. The criminals who use hardened encrypted devices are constantly searching for the next secure device, and the distributors of these devices have enabled criminals’ impenetrable communications on these devices for years.

    Finally, the FBI quite directly admits their goal is to shake confidence in encrypted messaging:

    > A goal of the Trojan Shield investigation is to shake the confidence in this entire industry because the FBI is willing and able to enter this space and monitor messages.

    There's also a number of sample conversations in the warrant application showing criminals openly talking about moving drugs and other illegal activities with absolutely no code. Definitely worth a read.

  • by Tabular-Iceberg on 6/8/21, 11:08 AM

    This seems to be just a messaging app, but is there a market for more full-featured ERP, CRM and project management software for criminal enterprises?

    I'm sure they would benefit from those just the same way legitimate enterprises do. The only difference is that they do more illegal stuff and use more violence, but the fundamental business dynamics should be the same.

  • by chriselles on 6/8/21, 11:39 PM

    ANOM seems like a shorter/sharper law enforcement version of the CIA's Cold War era intelligence operation when they purchased Swiss encrypted communication company Crypto AG.

    https://en.wikipedia.org/wiki/Crypto_AG

  • by yawaworht1978 on 6/8/21, 12:18 PM

    So they seized 130 million, arrested 1800 people. Assuming even wealth distribution, that is 72k Eur. The distribution is of course not even, as some of the confiscation images show cars worth way more than that, also watched and many bags filled to the brink with money. Some of the arrest images show the bedrooms and they do not look better than a prison cell. This means many of the involved do this for very bad ROI ratio, considering that most will face 20plus years sentences.

  • by reedjosh on 6/8/21, 4:34 PM

    Why is the burner on high heat in like the fourth photo?

  • by woeirua on 6/8/21, 1:28 PM

    Odds that this is how the US nabbed the key to the Bitcoin from the Colonial Pipeline ransom? That’d be pretty wild, but makes sense...

  • by emsign on 6/8/21, 7:15 PM

    People were onto Anom already figuring out it wasn't what it pretended to be. Site got deleted shortly after the raid.

    https://webcache.googleusercontent.com/search?q=cache%3APwQX...

  • by mdeck_ on 6/8/21, 12:07 PM

    Further details on the background/history of the operation here: https://www.nytimes.com/2021/06/08/world/australia/operation...

  • by AlexCoventry on 6/8/21, 2:39 PM

    I'm curious how this works constitutionally, in the US. Presumably the FBI did not have warrants for all the conversations they were listening in on, so it at least superficially seems like a fourth amendment violation.

  • by pelasaco on 6/8/21, 7:33 AM

    Nice one, but i guess if this whole operation was still a secret, we could pull this trick over and over again? Now will be hard to disguise an app like that.

    Probably the next season of the "StartUp" TV series

  • by ComodoHacker on 6/8/21, 1:25 PM

    > legal authorities prevented the app from being covertly used for a longer time frame.

    I can see how strong was the temptation to continue and see how far it could go.

  • by graderjs on 6/8/21, 11:15 AM

    The takings are just insane. In EU they seized 8 tonnes (!) of cocaine and 22 tonnes of marijuana.

  • by Synaesthesia on 6/8/21, 10:35 AM

    One day we will realise the war on drugs was mostly destructive to ordinary people. It's important to realise the US has historically played a huge role in the global drug trade, and that really stopping the drug trade means going after banking executives, politicians and chemical corporations. However that is never done.

  • by hsbauauvhabzb on 6/8/21, 7:46 AM

    How would this be any different to creating a global back door in signal, wikr or slack?

  • by motorocool on 6/8/21, 6:23 PM

    Never never use a mobile phone if you're a dirty criminal

  • by dboreham on 6/8/21, 12:21 PM

    They forgot to review the app's source code.

  • by raldi on 6/8/21, 1:30 PM

    Next: "We've secretly been torturing people for the last three years — look at all the cases it helped us crack!”

  • by mickotron on 6/9/21, 2:08 AM

    Should've used signal

  • by premium-komodo on 6/8/21, 5:09 AM

    As is often the case with the FBI, they were apparently facilitating the crimes. It's easy to argue that the crimes might not have taken place without the FBI's help. Somehow this is never entrapment when the FBI is doing it.

  • by Taniwha on 6/8/21, 5:12 AM

    not just Australia, it's world wide and likely led by the FBI (but possibly data being collected outside the US to avoid the need of having actual warrants)

    The following thread looks at some of the opened court documents today:

    https://twitter.com/ericgarland/status/1402100449013125123

    (and points out that the Trump organisation might be in trouble ....)

  • by intricatedetail on 6/8/21, 8:19 AM

    > and seized more than 3,000 kilograms of drugs and $45 million in cash and assets.

    Excuse me, but I can't stop laughing. Three years effort to catch a small fish and they sell it as if they got bust of the century.

    Why don't they investigate politicians that facilitate prohibition and enable these gangs to work in the first place?

    Police can't see they run fool's errands.

  • by rohanstake on 6/8/21, 6:50 AM

    Good that they arrested the culprits. But infiltrating the encrypted messaging app isn't the best thing I guess.

    The argument, it is used by criminals is flawed. Because everything is - water pipelines, cash, facebook, and so on.