MELBOURNE, Australia – The cell phones that were bought on the black market had one single function hidden behind a calculator app: sending encrypted messages and photos.
For years, organized crime officials around the world relied on the devices to orchestrate international drug shipments, coordinate arms and explosives trafficking, and discuss contract killings, law enforcement officials said. The users trusted the security of the devices so much that they often put their plans in plain language rather than code, mentioning specific smugglers and drop-off points.
Unbeknownst to her, however, the entire network was an elaborate spike operated by the FBI in coordination with the Australian police.
On Tuesday, global law enforcement officials revealed the unprecedented scope of the three-year operation, saying they intercepted over 20 million messages in 45 languages and arrested at least 800 people, most of them in the past two days, in more than a dozen countries. According to US court papers, with the news the authorities have launched a spate of international investigations into drug trafficking, money laundering and “high-level corruption”.
The operation, codenamed Trojan Shield, marked a breakthrough for law enforcement agencies who in recent years have struggled to break into increasingly high-tech covert communications used by criminals. Although authorities have cracked or disabled encrypted platforms in the past – such as one called EncroChat, which the police in Europe successfully hacked – this is the first known case in which officials have controlled an entire encrypted network from the start.
Europol, the European police authority, described the effort as “one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activity”.
“Countless spin-off operations will be carried out in the coming weeks,” said a Europol statement. American law enforcement agencies announced further arrests in a federal extortion charge unsealed on Tuesday.
In Australia, the effort has wooed domestic and international organized criminal groups and outlaw motorcycle gangs, with more than 200 people arrested, officials said. In Sweden, police arrested 155 people on suspicion of serious crimes and prevented the killing of 10, the authorities said in a statement. The operation also targeted Italian organized crime and international drug trafficking organizations, and hundreds more people were arrested in Europe.
“We were in the back pockets of organized crime,” said Reece Kershaw, the Australian federal police commissioner, on Tuesday.
The FBI’s operation began in early 2018 after the bureau dismantled a Canada-based encryption service called Phantom Secure, according to court documents the Justice Department unsealed on Monday. This company supplied encrypted cell phones to drug gangs such as the Mexican Sinaloa cartel and other criminal groups.
When the FBI saw a void in the underground market, it recruited a former Phantom Secure dealer who had developed a new encrypted communications system called Anom. The informant agreed to work for the FBI and let the bureau control the network for the possibility of reduced prison sentences, the court records said. The FBI paid the informant $ 120,000, the documents say.
Anom devices were cell phones that had been deprived of all normal functions. Their only working app was disguised as a calculator function: after entering a code, users could send messages and photos with end-to-end encryption.
According to Europol, over 12,000 Anom devices have been sold to over 300 criminal syndicates operating in more than 100 countries over the course of three years. The cost of the devices varied by location, but according to court records, they generally sold in six-month subscriptions that went for $ 1,700 in the US.
Working with the Australian authorities, the FBI and the informant developed a “master key” that would enable them to redirect messages to a third country and decrypt them, ultimately intercepting more than 27 million messages.
Authorities also relied on the informant to get the devices into the highly isolated criminal networks. The informant began selling the devices to three other traders with links to organized crime in Australia in October 2018.
A big breakthrough, law enforcement officials said, came when they managed to get one of the devices into the hands of Joseph Hakan Ayik, an Australian who fled the country a decade ago and whom police believe may have been importing drugs Turkey directs. Mr. Ayik, along with 16 other people from Australia, Finland, Sweden, Colombia, the United Kingdom and the Netherlands, were named as the main defendants in the unsealed indictment in San Diego.
Jean-Philippe Lecouffe, Deputy Executive Director of Europol, said the operation had given law enforcement agencies “exceptional insight into the criminal landscape”.
According to US court documents, criminals used the encrypted cell phones to organize the transport of cocaine from Ecuador to Belgium in a container hidden in tuna cans. Cocaine has also been smuggled in French diplomatic sealed envelopes from Bogotá, the Colombian capital.
The Australian authorities admitted that Anom had only transmitted a small percentage of the total volume of encrypted communications sent by criminal networks. But it wasn’t until this spring that the US federal agencies tried to increase their market share. In March, for example, prosecutors in San Diego charged the leaders of one of Anom’s main competitors, Sky Global, with “driving their customer base toward Anom,” an FBI official said Tuesday.
Anom also had a built-in benefit: operators could listen directly to the target audience and give users what they wanted.
After users talked about wanting smaller, newer phones, authorities started making them available.
Australian officials said they announced the operation Tuesday because of the need to disrupt dangerous plans that are currently in motion and the limited amount of time for judicial authorities to intercept communications.
Investigators also pulled the plug on the Anom network because their interception permits were pending renewal and the sting had already gathered so much evidence, said Suzanne Turner, the special agent in charge of the FBI’s San Diego office.
Trojan Shield was reminiscent of a much smaller FBI trick – Operation Server Jack – that the bureau began more than a decade ago against former Sinaloa drug cartel leader Joaquin Guzman Loera, better known as El Chapo. In that operation, agents recruited Mr. Guzman’s personal information technology officer to help them tap into the antitrust network of an early generation of encrypted telephones.
The Anom website previously featured sleek graphics and glossy videos reminiscent of Apple advertisements. There was a new message on Tuesday: Users who “wanted to discuss how your account is linked to an ongoing investigation” could enter their account details.
Europol said that in addition to the 800 arrests, including a handful of law enforcement officers, operations in 16 countries over the past few days resulted in 700 house searches, the seizure of tons of drugs, 250 firearms, 55 luxury vehicles and $ 48 million in multiple currencies and cryptocurrencies.
Yan Zhuang reported from Melbourne, Australia, and Elian Peltier from London. Christina Anderson contributed the coverage from Stockholm.