How the FBI Tricked Criminals into Using its Messaging App

The days of coordinating criminal activity by beeper and pay phone are long gone. In the twenty-first century, many crime syndicates rely on hardened encrypted devices to discuss their illicit activities. These devices can only be bought from a black-market dealer and can’t make calls or surf the web. Their only job is to send encrypted messages with other users on the same network while staying, crucially, out of sight of law enforcement.

Unbeknownst to such actors, however, the FBI has been distributing thousands of its own hardened encrypted devices around the world for the past few years. By collecting and unencrypting messages, the feds were able to catalogue millions of illicit chats in a massive global sting operation.

On Tuesday, global law enforcement officials revealed details of Operation Trojan Shield, which involved the FBI partnering with the Australian Federal Police, Europol, and other agencies across 17 countries to monitor the devices. Since late 2019, users had been discussing everything from how to conceal cocaine in pineapples to fees for collecting contraband dropped overboard from a ship, not realizing all their messages were being unencrypted and stored by the feds. The operation culminated in the arrests of more than 500 people in a two-day span, before the FBI ended it on Monday. Here’s how it went down.

How did Operation Trojan Shield get started?

The origins of the operation date back to 2018, when the FBI shut down a messaging service for crooks, Phantom Secure. The Canada-based enterprise had taken smartphones, removed all the typical functions of calls, emails, texts, internet browsing, and GPS, and installed an encrypted email system that could only communicate with other devices they’d doctored. After the Phantom Secure takedown, users began migrating to other networks, and rather than continue chasing them, law enforcement filled the gap they’d created in the underworld messaging market with their own honeypot device and messaging app.

How did they pull this off?

The mission hinged on one informant who’d been a distributor of Phantom Secure before the bust. According to a recently unsealed FBI search-warrant application, the informant had also been involved in the development of a new generation of encrypted devices. The informant gave the device, called Anom, to the FBI and agreed to offer it to distributors who would get it to organized crime groups. In exchange, the FBI gave the informant $120,000 plus living and travel expenses and the opportunity for reduced prison time. (This person, referred to as a confidential human source or CHS in court documents, has not been identified.)

How did the FBI get the messages?

Anom devices had just one working app — an encrypted messenger, disguised as a calculator. Partnering with the Australian Federal Police, the FBI and their informant built a master key into the encryption system that attached to each message without the user’s knowledge. Messages sent by users also sent a copy, like a “bcc” on a email, to a server in a third-party country that unencrypted the message from the Anom encryption code; the message would then be reencrypted with FBI encryption code, and sent to the bureau.

And it worked?

Really well. After an initial 50-phone “beta test,” the devices took off, eventually numbering around 12,000 across 100 countries and 300 criminal syndicates. Users trusted the service so much they didn’t even always speak in code, but talked openly about drop-off points and which vessels were smuggling contraband, according to the New York Times. Law enforcement, like a bunch of modern-day McNulties listening to the wire, were able to de-encrypt messages practically in real time. Overall, authorities read 27 million messages.

What are the results?

Arrests were ongoing throughout the operation, and there have been a total more than 800 so far with the majority coming down earlier this week; more are expected. Among the recent arrests was a federal racketeering indictment in the Southern District of California that charged 17 foreign nationals with distributing thousands of encrypted communication devices to criminal groups. In addition to arrests, authorities have seized more than 32 tons of illegal drugs, 250 guns, 55 luxury vehicles and over $48 million in cash and cryptocurrencies.

Why did they reveal the sting now?

Australian officials said they needed to expose the operation to stop dangerous plots that were already in motion, according to the New York Times. Also, the investigators’ wiretap authorization was coming up for renewal, and they felt like they’d already gathered a good amount of evidence.