How did the FBI hack a global crime ring by selling hacked phones?


Australian and US law enforcement officials announced that they had set up a trap under construction for three years, where they hunted down major international crime figures using an encrypted application designed by the FBI.

More than 200 figures from Australias underworld have been charged in what the Australian Federal Police described as the largest ever organized crime seizure, according to TheNextWeb.

The operation, led by the US Federal Bureau of Investigation (FBI), extended to Australia and 17 other countries, and in Australia alone, more than 4,000 police officers participated.

Dubbed Operation Ironside, there was a type of Trojan horse malware called AN0M, which was secretly integrated into a messaging app. After criminals used the encrypted app, the police decrypted their messages, which included murder plots, mass drug trafficking and distribution weapons.

Millions of unordered messages

AFP Commissioner Reese Kershaw said the idea for AN0M grew out of informal discussions between AFP and the FBI in 2018.

The developers of the platform worked on the AN0M app, along with modified mobile devices, before law enforcement authorities legally acquired it and adapted it for their use, and AFP says the developers were unaware of its intended use.

Once seized by law enforcement, AN0M was reportedly programmed with a secret “backdoor”, enabling them to access and decrypt messages in real time.

A “backdoor” is a software agent that circumvents normal access authentication. Allows remote access to private information in the application, without the knowledge of the “owner” of the information.

So users – in this case, the crime figures – believed that communication via the app and smartphones was secure, and at the same time, law enforcement could decode up to 25 million encrypted messages simultaneously.

Without this backdoor, however, it would be nearly impossible to decrypt encrypted messages, because decryption generally requires a computer to run through trillions of possibilities before pressing the correct code to decode the message. Only the most powerful computers can do this in a reasonable time frame.

And service providers resist the pressure to get to the ‘back door’.

And in the mainstream encrypted communications world, the installation of “backdoor” access by law enforcement has been fiercely resisted by app providers, including Facebook which owns WhatsApp.

In January 2020, Apple denied law enforcement’s request to unlock the iPhone suspect in the Pensacola shooting, after the deadly 2019 Florida attack that killed three people.

Apple, like Facebook, has long refused to allow backdoor access, claiming it would undermine customer trust. Incidents like this highlight the struggle to balance competing demands for user privacy and the imperative to prevent crime for the greater good.

Once AN0M was developed and ready for use, and secret agents reportedly persuaded a fugitive Australian drug smuggler, Hakan Ayk, to inadvertently support the app for his partners, those partners were then sold mobile devices pre-loaded with AN0M on the black market.

The purchase was only possible if indicated by an existing user of the application, or by a distributor who could assure a potential customer that it was not working for law enforcement.

Mobile phones loaded with AN0M – possibly Android smartphones – come with low functionality, they can only do three things: send and receive messages, make scrambled voice calls, record videos – all of which are supposed to be encrypted by users.

Over time, the AN0M has increasingly become the device of choice for a large number of criminal networks.

Since 2018, law enforcement agencies in 18 countries, including Australia, have been patiently listening to millions of conversations by controlling the backdoor of the AN0M app.

Information on all kinds of illegal activities was retrieved. This has gradually enabled the police to paint a detailed picture of the various crime networks. Some of the footage and photos retrieved have been erased for public publication.

One of the police’s main challenges was matching overheard conversations to identities – the AN0M phone could be bought anonymously and paid for with Bitcoin (allowing for secure, untraceable transactions). This may help explain why it took three years before police publicly identified the alleged perpetrators.

It is possible that the evidence obtained will be used in the prosecutions now that many arrests have been made.

Encryption technology is improving rapidly amid growing computing power as well, which means that hackers are increasingly able to crack encryption. Moreover, when quantum computers become available, this problem will be exacerbated, as they are significantly more powerful than today’s classical computers.

These developments are likely to weaken the security of encrypted messaging apps used by law-abiding people, including popular apps like WhatsApp, LINE, and Signal.

Strong encryption is an essential weapon in the cybersecurity arsenal and there are thousands of legitimate situations that require it. Ironically, then, the technology intended by some to maintain public security can also be taken advantage of by those with criminal intent.

Organized crime networks have used these “legitimate” tools to conduct their business, securing them knowing that law enforcement cannot access their communications until AN0M.

And while Operation Ironside has shivered criminal subcultures operating around the world, it is likely that these syndicates will develop their own countermeasures.


Please enter your comment!
Please enter your name here