Law enforcement agencies in 17 different countries hailed a multinational effort to disrupt multiple criminal networks thanks to AN0M, a platform controlled by the FBI and loaded onto custom smartphones.
The smartphones were marketed in the criminal underworld and used widely among drug traffickers, weapons sellers, contract killers and more for about 18 months. Messages sent from the exclusive devices were fed back to an FBI database, the Justice Department explained during a press conference.
More than 12,000 devices were eventually disseminated to 300 criminal syndicates operating in more than 100 countries, according to Europol.
Those who used the devices thought they were encrypted and the FBI kickstarted the effort in late 2018 when Phantom Secure CEO Vincent Ramos was arrested for creating and selling encrypted phones to criminal organizations.
The FBI used one of the brokers associated with Phantom Secure to market the new smartphones that were bugged and to give them an air of legitimacy. Other notable figures in the criminal underworld began to endorse the app because of its security features, according to court filings.
Law enforcement officials said more than 800 people have been arrested as a result of the operation and officials across multiple countries reported impounding 250 firearms, $48 million in cash and cryptocurrencies, eight tons of cocaine, two tons of methamphetamine and amphetamine, and 55 luxury vehicles.
“We were actually able to see photographs of hundreds of tons of cocaine that were concealed in shipments of fruit,” said Calvin Shivers, part of the FBI’s Criminal Investigative Division.
Justice Department officials said the operation, called Trojan Shield in the US, disrupted South American cartels and gangs across Asia, Europe and the Middle East. But the majority of the 27 million messages sent on the app came from Spain, Australia, Germany, the Netherlands, and Serbia.
In court filings the FBI explained that they were able to funnel more criminals onto the app because they shut down other competitors like Sky Global and EncroChat. The app also was touted by well-known people like Hakan Ayik, one of the most wanted men in Australia.
Cybersecurity experts said this was not the first time US law enforcement agencies ran an operation like this.
Rick Holland, CISO for Digital Shadows, said that in July 2017, Europol and the US Department of Justice ran Operation Bayonet, which involved the seizure of the most popular English language dark web market AlphaBay.
Cybercriminal buyers and sellers then flocked to an alternative market called Hansa, Holland explained, noting that the new users didn’t know that the Dutch police had taken over the market.
“For the next month, they collected intelligence and evidence on the criminal activities. International law enforcement was able to disrupt cybercrime,” Holland said. “As is always the case after law enforcement actions, cybercrime finds a way. Other criminals and services rise from the ashes.”
Tyler Shields, CMO at JupiterOne, said that it was the first time he had seen hardware devices being distributed and used to facilitate a man in the middle attack against more than 300 criminal organizations.
“Typically, software-based attacks targeting a specific person or group of people are used. The fact that this targeted literally the entire underworld is of huge importance,” Shields said.
Other experts said that while this was a positive development, criminal organizations managed to find new tools despite repeated disruptions. Lookout director of security intelligence research Christoph Hebeisen explained that EncroChat and Phantom Secure are just two examples of encrypted chat services popular with criminals that were eventually disrupted by law enforcement.
“However, as we have seen in the past, the end of one encrypted chat service popular with criminals usually leads to a shift to a new one,” Hebeisen added.
“Since there has now been a string of such takedowns, each leading to a large number of arrests, criminals might become more careful. This could lead them to use legitimate end-to-end encrypted chat services where they can hide among innocent users.”
