How the FBI hoodwinked global crime networks into using its own messaging app (2024)

SAN DIEGO—

When the FBI dismantled an encrypted messaging service based in Canada in 2018, agents noticed users moving to other networks. Instead of following their tracks to rivals, investigators decided on a new tactic: creating their own service.

ANOM, a secure-messaging app built by the FBI and other law-enforcement agencies, launched in October 2019 and solidified its following after authorities took down another rival service. Popularity spread by word of mouth.

When ANOM was taken down Monday, authorities had collected more than 27 million messages from about 12,000 devices in 45 languages — a vast body of evidence that fueled a global sting operation resulting in hundreds of arrests. Authorities on Tuesday revealed the operation known as Trojan Shield and said it had dealt an “unprecedented blow” to organized crime around the world.

“Each and every device in this case was used to further criminal activity,” said Suzanne Turner, the agent in charge of the FBI in San Diego, where the investigation began in 2016. Users were “upper-echelon, command-and-control” figures in more than 300 criminal organizations.

Unbeknownst to the criminals, authorities were copied on every message sent on the FBI devices, much like blind recipients of an email.

“The very devices that criminals use to hide their crimes were actually a beacon for law enforcement,” Randy Grossman, the acting U.S. attorney in San Diego, said at a news conference.

More than 800 suspects were arrested and more than 32 tons of drugs seized, including cocaine, cannabis, amphetamines and methamphetamines. Police also seized 250 guns, 55 luxury cars and more than $148 million in cash and cryptocurrencies. An indictment unsealed Tuesday in San Diego named 17 foreign distributors charged with racketeering conspiracy.

The seeds of the sting were sown when law enforcement agencies took down a company called Phantom Secure that provided customized end-to-end encrypted devices to criminals, according to court papers.

Unlike typical cellphones, the devices do not make phone calls or browse the internet — but allow for secure messaging. As an outgrowth of the operation, the FBI recruited a collaborator who was developing a next-generation secure-messaging platform for the criminal underworld called ANOM. The collaborator engineered the system to give the agency access to any messages being sent.

ANOM didn’t take off immediately. But then other secure platforms used by criminals to organize drug-trafficking hits and money-laundering were taken down by police, chiefly EncroChat and Sky ECC. That put gangs in the market for a new app, and the FBI’s platform was ready. Over the last 18 months, the agency provided phones via unsuspecting middlemen to gangs in more than 100 countries.

The flow of intelligence “enabled us to prevent murders. It led to the seizure of drugs that led to the seizure of weapons. And it helped prevent a number of crimes,” Calvin Shivers, assistant director of the FBI’s criminal investigative division, told a news conference in The Hague.

The operation was led by the FBI with the involvement of the U.S. Drug Enforcement Administration, the European Union police agency Europol and law-enforcement agencies in several countries, said Dutch National Police Chief Constable Jannine van den Berg.

Australian Federal Police Commander Jennifer Hearst called it “a watershed moment in global law enforcement history.”

The ANOM app became popular in criminal circles as users told one another it was safe. All the time, police were looking over their shoulders as they discussed hits, drug shipments and other crimes.

Since October 2019, the FBI catalogued more than 20 million messages from a total of 11,800 devices — with about 9,000 currently active, according to documents, which cited Germany, the Netherlands, Spain, Australia and Serbia as the most active countries.

They say the number of active ANOM users was only 3,000 until Sky, one of the platforms previously used by criminal gangs, was dismantled in March.

While primarily focused on drug trafficking and money laundering, the investigation also resulted in “high-level public corruption cases,” an FBI agent quoted in the documents said. A goal of Trojan Shield was to “shake the confidence in this entire industry because the FBI is willing and able to enter this space and monitor messages,” the agent said.

Nick Merrill, a cybersecurity researcher at the UC Berkeley, said the investigation offers “a pretty good recipe” for law-enforcement agencies to compromise an existing service or build one and wait “for the right time to strike.”

“Either way, these centralized services provide a central point of weakness,” Merrill said.

Swedish police prevented a dozen planned killings and believe that they arrested several “leading actors in criminal networks,” according to a statement from Linda Staaf, the head of Sweden’s national criminal intelligence unit.

Finnish police said Tuesday that nearly 100 people have been detained and more than half a ton of drugs confiscated, along with dozens of guns and cash worth hundreds of thousands of dollars. In Germany, the general prosecutor’s office in Frankfurt said that more than 70 people were arrested Monday; drugs, cash and weapons were also seized.

In Australia, authorities said they arrested 224 people and seized more than four tons of drugs and $35 million. New Zealand police said they arrested 35 people and seized drugs and assets worth millions of dollars.

The operation will likely lead criminals to wonder whether services they use are run by a government, and it has shown that authorities have abundant technical knowledge and international cooperation, said Turner, the San Diego FBI agent.