The afternoon of June 7, Operation Trojan Shield was unsealed and the world learned of the FBI‘s highly successful multi-year effort to operate a secure communications system, Anom, which were used by transnational criminal organizations. The service provided secure communications devices, which carried a price tag of $2000 and up.
Operation Trojan Shield
According to an available affidavit associated with Operation Trojan Shield, the FBI worked with international partners, including the Australian Federal Police (AFP) to exploit Anom by inserting it into criminal networks. The operational window of opportunity was presented by a confluence of two events.
- The first, the arrest of Vincent Ramos and the demise of his secure communications service, Phantom Secure (readers will recognize that name as associated with the case of espionage case involving Jay Ortis, director general of an intelligence unit within Canada’s RCMP headquarters) created space in the market.
- The second is the ability to turn a confidential human source (CHS) who worked with Ramos and was engaged in the development of next generation of hardened encrypted devices.”
And here’s the kicker: before the device would be put to use, the FBI, AFP and the CHS put a “master key” into the encryption system which “surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted” without the user of the Anom device being aware this was happening. Each user was assigned a unique Jabber Identification (JID) by the Anom administrator, who was the CHS.
The FBI and global law enforcement had a copy of every communication which used the Anom device.
Beginning in October 2018 through the public revelation, the FBI tells us that there have been more than 11,800 devices in play, with 9,000 currently active in over 90 countries. In addition, over 20 million messages from the criminals have been cataloged and stored. The devices are used by over 300 distinct criminal organizations.
Insider Threat Problem Revealed
The investigation showed that criminals used rudimentary opsec, by separating their communications across secure communications through the augmentation of their Anom service with those provided by Ciphr or Sky Global. The dismantling of EncroChat and Sky Global drove demand for the Anom devices.
AFP Commissioner Reece Kershaw said there was no effort to hide the content of their secure communication discussions, “You’ll see that all they talk about is drugs, violence, hits on each other, innocent people who are going to be murdered. A whole range of things.”
The investigation also showed law enforcement had an insider threat problem. While it was only mentioned tangentially in a footnote, the fact that “information reviewed on the platform has revealed law enforcement sensitive information passed to the transnational criminal organizations, such as reports and warrants. The TCO (organizations) have also been notified of anticipated enforcement actions against the TCO or other criminal associates.”
The FBI stated in the affidavit “A goal of the Trojan Shield investigation is to shake the confidence in this entire industry because the FBI is willing and able to enter this space and monitor messages.” A more sobering aspect is global law enforcement, like any organizations which protects confidential information must also address the insider threat, which this multiyear operations revealed is a reality.