The afternoon of June 7, Operation Trojan Shield was unsealed and the world learned of the FBI‘s highly successful multi-year effort to operate a secure communications system, Anom, which were used by transnational criminal organizations. The service provided secure communications devices, which carried a price tag of $2000 and up.

Operation Trojan Shield

According to an available affidavit associated with Operation Trojan Shield, the FBI worked with international partners, including the Australian Federal Police (AFP) to exploit Anom by inserting it into criminal networks. The operational window of opportunity was presented by a confluence of two events.

And here’s the kicker: before the device would be put to use, the FBI, AFP and the CHS put a “master key” into the encryption system which “surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted” without the user of the Anom device being aware this was happening. Each user was assigned a unique Jabber Identification (JID) by the Anom administrator, who was the CHS.

The FBI and global law enforcement had a copy of every communication which used the Anom device.

Beginning in October 2018 through the public revelation, the FBI tells us that there have been more than 11,800 devices in play, with 9,000 currently active in over 90 countries. In addition, over 20 million messages from the criminals have been cataloged and stored. The devices are used by over 300 distinct criminal organizations.

Insider Threat Problem Revealed

The investigation showed that criminals used rudimentary opsec, by separating their communications across secure communications through the augmentation of their Anom service with those provided by Ciphr or Sky Global. The dismantling of EncroChat and Sky Global drove demand for the Anom devices.

AFP Commissioner Reece Kershaw said there was no effort to hide the content of their secure communication discussions, “You’ll see that all they talk about is drugs, violence, hits on each other, innocent people who are going to be murdered. A whole range of things.”

The investigation also showed law enforcement had an insider threat problem. While it was only mentioned tangentially in a footnote, the fact that “information reviewed on the platform has revealed law enforcement sensitive information passed to the transnational criminal organizations, such as reports and warrants. The TCO (organizations) have also been notified of anticipated enforcement actions against the TCO or other criminal associates.”

The FBI stated in the affidavit “A goal of the Trojan Shield investigation is to shake the confidence in this entire industry because the FBI is willing and able to enter this space and monitor messages.” A more sobering aspect is global law enforcement, like any organizations which protects confidential information must also address the insider threat, which this multiyear operations revealed is a reality.

 

 

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com