The sting, which included the US Federal Bureau of Investigation (FBI), the Dutch National Police, and the Swedish Police Authority, created Anom, an encrypted messaging service that criminals could use.
What is ANOM?
In a statement put out by Europol, the European Union’s law enforcement agency, Anom was described as an “encrypted device company” that was developed “strategically” and operated “covertly”. According to the statement, the company grew to service over 12,000 encrypted devices to over 300 crime syndicates operating, including outlaw motorcycle gangs, Italian organised crime, and international drug trafficking organisations.
“The goal of the new platform was to target global organised crime, drug trafficking, and money laundering organisations, regardless of where they operated, and offer an encrypted device with features sought by the organised crime networks, such as remote wipe and duress passwords, to persuade criminal networks to pivot to the device,” the statement said.
According to a warrant application by the FBI, encrypted devices like these are “in high demand” among Transnational Criminal Organizations (TCOs). The agency took down two companies — Phantom Secure and Sky Global –in 2018, creating room in the criminal market for a new encrypted device service. Enter Anom.
The FBI used a confidential informant with ties to these TCOs to distribute Anom devices to criminal organizations around the world. “Because encrypted communications devices exist to eschew law enforcement, the distribution of these devices is predicated on trust. This shadowy distribution system is designed, in part, to impede law enforcement’s ability to obtain the content from these devices,” the organization wrote in the warrant application cited above.
The Anom devices would claim to be encrypted but had a “master key” built-in, which would allow the involved law enforcement agencies to read every message that the user sent through them. “Before the device could be put to use, however, the FBI, AFP (Australian Federal Police), and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability,” the FBI wrote in its warrant application. The warrant application also includes photographs of drug shipments, etc. that criminals sent to each other.
As described by Motherboard, the Anom smartphones ran on an operating system called “ArcaneOS”, and as this thread from XDA suggests, these phones may have made their way into the hands of regular users too.
Little is known about ArcaneOS, which is obviously not a mainstream operating system. In fact, this Google Code Archive page describes the operating system as one described for x86 platforms, which means it may have originally been designed for Intel and AMD chips used on laptops. X86 is a processor architecture originally designed for Intel’s PCs, while smartphone platforms like Android and iOS run on processors built around the ARM architecture.
The law enforcement agencies obviously offered these devices at throwaway prices. “I recently purchased a used Pixel 4a, and I now understand why the seller was offering such good price for it and why he refused to respond to me now I have it. This phone has ArcaneOS 10 installed, which has only 3 apps installed… Setting, Clock and Calculator. There is no Play Store app, no Phone app, nothing,” the XDA user wrote in his post.
The phones did not allow the user to turn their location history on or off, offered PIN scrambling where the phone would jumble the lock code PIN so others couldn’t decipher the code, and it even has a shortcut to wipe the phone’s data when required, even without unlocking it if needed. Users could set up a wipe code that would allow data to be wiped from the lock screen itself. The phones would also wipe themselves if left offline for prolonged periods.
All this doesn’t bother the law enforcement agencies though. “Each Anom user is assigned to a particular Jabber Identification (“JID”) by the CHS or an Anom Administrator. A JID is akin to a “PIN” in Blackberry Messenger,” the warrant application explained. “The JID is either a fixed, unique alphanumeric identification, or for more recent devices, a combination of two English words. Anom users can select their own usernames and can change their list of usernames over time. As part of the Trojan Shield investigation, the FBI maintains a list of a JIDs and corresponding screen names of Anom users,” it added.
Never miss a story! Stay connected and informed with Mint.
our App Now!!