An encrypted messaging app called ANOM was used by drug dealers across 100 countries. Problem was, the app had been created by the FBI.
This week thousands of arrests were made worldwide as part of an operation targeting international drug trafficking groups.
In New Zealand, 35 people were arrested and over 900 charges laid against senior members of the Head Hunters, Mongrel Mob and Comancheros gangs.
$3.7 million of assets were seized including guns, 8.6kg of meth, 12 cars, two boats and $1 million in cash. It’s expected NZ Police will be making more arrests.
In Australia, over 100 people have been arrested, with 21 murder plots intercepted.
It’s all because of an app called ANOM, which masqueraded as a securely-encrypted messaging service.
More than 12,000 devices with the ANOM app were circulated by the FBI to over 300 criminal syndicates across 100 countries. According to the FBI, over 27 million messages were sent using the platform.
That was, until this Monday, when the FBI took it down and revealed their ruse.
How ANOM worked
The app is an encrypted messaging service that was preloaded onto mobile phones.
It works similar to the BCC (blind carbon copy) function in an email, so basically the FBI was copied into every single message sent on the platform.
A copy of every text, photo and voice message sent through the service was saved to FBI servers.
“This was an unprecedented operation in terms of its massive scale, innovative strategy and technological and investigative achievement,” said Acting U.S. Attorney Randy Grossman in an FBI press release.
“Hardened encrypted devices usually provide an impenetrable shield against law enforcement surveillance and detection. The supreme irony here is that the very devices that these criminals were using to hide from law enforcement were actually beacons for law enforcement.”
In order to work, ANOM required a code given by another user, which generated a fake sense of trust.
How the app spread from the FBI to New Zealand
In 2018 the FBI had shut down the encrypted platform Phantom Secure. In July 2020 European authorities closed a similar platform, EncroChat. Sky Global was taken down by the FBI in March 2021.
There was now a gap in the market for a good encrypted app to use for drug deals.
“It’s an interesting back story,” tech commentator Paul Brislen tells Re:.
The FBI had targeted a person who was developing a new encrypted app. As part of their plea deal, this person agreed to hand over the app and all of their contacts.
“It was one of the Australian police who said, ‘Why don't you keep on using it and see what's going on?’,” says Paul.
“So they ran a test pilot with it, and they gave a shady guy 12 devices and said ‘Share this with your mates’, and they loved it, so the FBI kept producing it, thousands of devices.”
It was promoted through word of mouth as “designed by criminals for criminals”, said the FBI.
In Australia, a drugs kingpin unknowingly became an influencer for the app, the BBC reports, after being given a phone with ANOM on it by undercover agents. He then recommended it to his contacts, and its popularity spread.
The role New Zealand police played
New Zealand Police were told about the app by the FBI in January 2020.
New Zealand’s National Organised Crime group director Greg Williams said there were 57 devices loaded with the app in the country.
“The people before the courts are the users of those devices,” he told TVNZ’s Breakfast programme.
The app had been “a godsend”, he said, because New Zealand crime groups needed to communicate globally and so had turned to encrypted applications.
New Zealand’s drug trade had become increasingly international, he said, “almost like illicit globalisation going on here”.
“The sad thing about New Zealand is that our users are still paying some of the highest prices at a retail level [for methamphetamine]. The transnational crime groups know this, so they target New Zealand.”
He said while some profits from the drug trade were spent in local communities, “a significant amount is sent offshore”, estimating $2 to $3 million in cash is sent offshore weekly in Auckland alone.
What is encryption, and what does this mean for other encrypted platforms?
“We use encryption all the time every day,” tech commentator Paul Brislen tells Re:. “Whether you're watching Netflix, whether you're doing your online banking and shopping, surfing the net, they're all encrypted.”
Encryption is a way of scrambling content that’s being delivered. Every mobile phone call uses it - the phone on one end will encrypt what’s being said, and the phone on the other end will decrypt it and change it back to normal speech. “It’s all ones and zeroes when it goes down the pipe,” says Paul.
All messaging apps are encrypted to “varying degrees'' he says. “When texts go out over the cellphone network they are encrypted. Nobody at Vodafone can sit down and look at your text messages.”
“But if the police get a search warrant and go to Vodafone and say, ‘We’d like to look at all of Paul's messages from the last six months’, then Vodafone has to give them everything.”
The difference with apps that market themselves as securely encrypted, like Signal (or supposedly ANOM), is they keep information secret even from the people who run the network.
If Police went to the app owners with a search warrant, there would be nothing there to access.
That’s the appeal of an encrypted platform for criminal organisations.
But it’s highly likely criminal groups will be suspicious of all encrypted apps now, says Paul.
“That’s the downside of them [the FBI] coming public with all this. Anyone who's smart enough will say, that's not something we can ever trust again, if we want to conduct business we'll have to do it face to face, we'll have to use codewords.”
He says it’s “a bit of a shame” police had to reveal their technique, but it was going to be publicly released through the court trials.
As to whether a regular person would have any way of knowing if their phone was being monitored, Paul says “not really”.
“Unless you're a network geek who can look at the device and see it's doing things it shouldn't, like sending information when you're not using the phone. Some people can actually figure out for themselves, but for the average punter, if your phone is being intercepted, you're the last person to know.”
This story is part of Re:’s Drug Week. We’re talking nangs, comedowns, decriminalisation and more.
Where to get help:
- The Ministry of Health has a list of different addiction help services here
-
Free 24-hour drug and alcohol helpline: 0800 787 0797
More stories