How Law Enforcement Uses ANOM and Other Encrypted Devices
Anom, which was advertised as “designed by criminals for criminals,” was supposed to be the newest encrypted device service of the criminal underworld. What it turned out of be, however, was a device the FBI used to monitor, investigate, and understand criminal enterprises around the globe at a level never seen before.
In an investigation and takedown unlike any other, the FBI set a honeytrap for alleged criminals looking to maintain anonymity while online conducting or discussing illegal business such as drug distribution, money laundering, and other illegal activity. The concept behind Anom was not new. In the past 5-6 years, transnational criminal organizations (“TCOs”)—those involved in larger-scale drug trafficking, drug distribution, money laundering, and other criminal activity—have turned to hardened encrypted devices as a means to communicate with one another. These devices allow a user to send highly encrypted messages to other devices and store encrypted data on the device, all of which is impenetrable to law enforcement surveillance and detection.
After the FBI and Canadian authorities took down another well-known encrypted device company called Phantom Secure in 2018, the FBI saw an opportunity to fill a void in the market. They recruited an informant who was already in the process of creating the “next generation” of encrypted devices (which he named Anom) and who previously distributed Phantom and other devices, meaning he was already trusted by some TCOs. In exchange for a possible reduced sentence, the informant agreed to give the FBI access to Anom and to distribute Anom to some in his existing network of distributors of encrypted devices, which directly distributed them to TCOs. With this, a new covert investigation named Operation Trojan Shield commenced. Prior to distributing any of the devices, a master encryption key was designed to secretly attach to each message sent using Anom devices which enabled law enforcement to decrypt and store the message as it was being transmitted. It essentially worked like the “Bcc” function of the everyday outgoing email.
The FBI joined forces with Australian Federal Police (“AFP”) to test Anom on TCOs in Australia in a special operation known as Ironside. However, the FBI was not allowed to see the intercepted communications firsthand and was only receiving basic summaries of communications from AFP. Eventually by fall of 2019, distribution of Anom devices had picked up considerably around the world and the FBI made arrangements with an unknown third country to intercept Anom communications firsthand. Believing that their communications were protected from the government using Anom’s impenetrable encryption, users openly discussed narcotics concealment methods, shipping methods, drug deals, money laundering and much more. What users didn’t know was that every text message, photo, audio message, and other electronic communications was being collected and stored on a server in another country that the FBI had access to. The messages would first be sent to an iBot server in another country in real time. There, it was decrypted with the informant’s help, re-encrypted using FBI encryption code, and sent to another FBI controlled iBot server where it was decrypted and analyzed by the FBI.
During this time period, agencies from around the world continued to investigate and take down other encrypted device companies. European authorities announced the dismantlement of EncroChat in July 2020. Another encrypted device company known as Sky Global was taken down by the FBI in March 2021. As these other platforms were taken down, the demand for Anom devices skyrocketed in a short period of time. From October 2019 to June 7, 2021, over 27 million messages were reviewed, recorded, and translated by FBI agents. Over 12,000 Anom encrypted devices were sold and used by more than 300 criminal syndicates operating in over 100 countries, including Italian organized crime, Outlaw Motorcycle Gangs, and multiple international drug trafficking organizations. This unprecedented type of investigation involved the assistance and cooperation of nearly two dozen countries, Europol and other law enforcement agencies worldwide. In the 48 hours prior to the announcement of the indictment of 17 foreign nationals on June 8th, over 500 arrests were made, 700+ locations were searched, and over 36 tons (72,000 pounds) of methamphetamine, cocaine, marijuana, and precursor chemicals were seized around the world with the assistance of nearly 10,000 law enforcement officers. This included planned shipments of cocaine in banana boxes, cans of tuna, refrigerated fish, pineapples, and much more. The 17 foreign nationals were indicted in California on RICO Conspiracy charges for their role in helping distribute Anom devices and administrate Anom’s services.
While there were no United States residents or citizens included in the indictment, the tools used in this investigation could give rise to a number of constitutional and legal challenges in the future. Likely anticipating this, according to a search warrant affidavit related to the case, the FBI sought to prevent violating the rights of U.S. residents by geo-fencing the U.S., meaning that any outgoing messages from the U.S. would not “have any communications” with the second FBI controlled iBot server in another country. However, the affidavit explicitly states AFP was monitoring all communications, including those that came from devices in the U.S. when they were initially intercepted “for threats to life based on [AFP’s] normal policies and procedures.” According to the warrant, there were about 15 ANOM users in the U.S. whose outgoing communications the FBI did not review. Even so, the concern remains that the information collected from these devices may be used to arrest and prosecute U.S. residents and citizens. Based on information known to date, U.S. law enforcement did not seek or obtain a warrant to intercept any communications related to Anom. Even if the FBI was not directly monitoring those in the U.S. using these devices, if information relayed via Anom is indirectly used to form the basis of an investigation and arrest of someone in the U.S., there is likely to be legal challenges for violating U.S. residents/citizen’s rights to privacy.
Criminal investigations and charges related to RICO Conspiracy, the dark web, cyber communications, international drug trafficking, and money laundering are extremely complex. The way the government goes about investigating and charging people with these crimes is increasingly complex as well.
Our firm has many years of experience in cases involving these types of charges and the growing types of electronic evidence the government obtains to try to prove those charges. If you or someone you know has been accused of RICO Conspiracy, drug trafficking, money laundering, or similar crimes, contact us to learn more about these cases and how we may be able to help.
Chelsea Thomas is a criminal defense attorney with significant experience in federal cases involving internet crimes, complex conspiracies, and emerging technologies. She is based in Atlanta.