Feds used fake encrypted ANØM app to bust organized crime rings
Some 9,000 law enforcement officers in 18 countries around the world were involved in the operation
By Kristina Davis
The San Diego Union-Tribune
SAN DIEGO — Criminal organizations around the world thought they were using the latest, most exclusive encrypted cellphone technology available to conduct business away from the prying eyes of law enforcement.
Instead, they were unwitting customers of a communications service that was secretly created by FBI agents and federal prosecutors in San Diego.
Whether it was coordinating drug trafficking, money laundering or murders, every message tapped out on the phones was sent not only to the intended criminal underworld recipients, but delivered right into the hands of investigators.
As Tuesday began on the other side of the world, first in New Zealand, Australia and later in Europe, hundreds of people were arrested as a result. Raids were ongoing into the night, and it was unclear if there were any arrests or charges in the United States.
The three-year operation was announced in a round of news conferences overseas and expected to culminate with a final one in San Diego Tuesday morning. The U.S. Attorney's Office declined to provide additional details until then.
The FBI led the effort while Australia provided crucial technical ability to decrypt the messages, according to Australian authorities.
"We worked hand-in-glove with the U.S. FBI to bring down some of the most significant criminals, not just here in Australia but around the world," Karen Andrews, Australia's Minister for Home Affairs, said in a news conference.
Some 9,000 law enforcement officers in 18 countries around the world were involved in the operation, which Australian Prime Minister Scott Morrison called "a watershed moment in Australian law enforcement history" that will echo around the world.
In Australia, more than 525 search warrants were executed, and 224 people charged, including suspected members of outlaw motorcycle gangs and mafia organizations.
Twenty-one threats to kill were disrupted — including a potential machine-gun attack at a cafe — six clandestine labs dismantled and more than $45 million in cash seized in Australia.
"Essentially we've been in the back pockets of organized crime," said Australian Federal Police Commissioner Reece Kershaw. "It's given law enforcement a window into a level of criminality we've never seen before on this scale."
The fake company, called ANØM, marketed itself on a slick public-facing website, featuring a black cellphone equipped with a Qualcomm Snapdragon processor. The site was taken offline Monday afternoon as word of the arrests began to spread.
But not just anyone could become a customer. Undercover investigators solicited certain underworld "influencers" to get the custom phones into the hands of fellow criminals, and new users had to be vetted by known existing customers, according to a source close to the investigation.
The ploy matched tactics used by other end-to-end encryption communications businesses that had catered to criminal organizations, adding to the air of exclusivity and security. But there was also a practical reason: It kept the operation focused on criminal groups and ensured the conversations of legitimate users wouldn't be collected.
There were about 9,000 users of ANØM, including about 1,600 in Australia, said Kershaw.
The unprecedented worldwide effort, dubbed Operation Trojan Shield, is the final showpiece in a string of investigations that originated in San Diego, starting with the case of unlikely drug kingpin Owen Hanson.
Hanson was a one-time walk-on to the University of Southern California football team who had quietly parlayed high-profile relationships, charisma and business savvy into an international sports betting and drug-trafficking organization.
An undercover agent eventually infiltrated his inner circle and gained Hanson's trust enough to be provided an encrypted cellphone on which to talk business.
The phone was a product of Phantom Secure, an encryption service provider that turned Blackberries into ultra-secure messaging platforms on closed servers. Investigators in Canada, where Phantom Secure was based, and Australia had known it was a preferred communications device for criminal organizations but had struggled to crack the case.
The phone falling into the hands of a U.S. agent changed everything.
Once Hanson was arrested in 2015, the San Diego FBI — with help from Canada, Australia and others — targeted Phantom Secure's CEO Vincent Ramos.
When Ramos declined an offer to cooperate with investigators by building a back door into his devices for law enforcement access in 2018, the genesis of building an undercover network from scratch began to emerge.
(Ramos was ultimately sentenced in the U.S. to nine years in prison, and the case later spawned an espionage investigation into one of Canada's top security officials.)
With the seed of an idea, U.S. law enforcement and Australian Federal Police hammered out logistical, technical and bureaucratic challenges over meals and beer, according to a source close to the investigation.
Meanwhile, the FBI in San Diego was also trying to crack another encrypted service, Sky Global, which court documents say was designed to aid in the trafficking of heroin, cocaine and methamphetamine by transnational organizations moving the drugs into Australia, Asia, Europe and North America.
Many of its users had migrated over to Sky Global, also known as SKY ECC, after European authorities decrypted a similar platform last year, Encrochat.
In March, Europe's law enforcement agency Europol announced that authorities in Belgium, the Netherlands and France had been secretly collecting messages on some 70,000 Sky Global phones for about a month. The massive wiretap operation revealed a litany of criminal schemes, authorities said, and resulted in numerous coordinated raids in Europe.
But the main indictment against Sky Global's CEO, along with an alleged former high-level distributor of the phones, landed in San Diego federal court. The CEO, Jean-Francois Eap, has denied that the platform is aimed at criminal users and said the phones at the center of the investigation were counterfeit.
The growth in demand for ANØM phones spiked after Sky Global went down, according to the source.
With ANØM, the goal of creating a shadow company was two-fold: dismantle organized crime by using communications as evidence, but also shake up trust in the proliferation of encryption services that cater to such users.
The blind trust that ANØM's users had in the system's security was clear by the nature of the messages, said Kershaw.
"All they talk about is drugs, violence, hits on each other, innocent people going to be murdered, running 1,000 kilos at this price," he said. "There was no attempt to hide behind any kind of codified conversation."
©2021 The San Diego Union-Tribune. Visit sandiegouniontribune.com. Distributed by Tribune Content Agency, LLC.