Hundreds Arrested in Global Sting Using App Run by F.B.I.


MELBOURNE, Australia — The devices, procured on the black market, performed only a single function hidden behind a calculator app: sending encrypted messages and photos.

For years, organized crime figures around the globe relied on the devices to orchestrate international drug shipments, coordinate arms and explosives trafficking, and discuss contract killings, law enforcement officials said. Users trusted the devices’ security so much that they often laid out their plans not in code, but in plain language.

Unbeknown to them, the entire network was run by the F.B.I.

On Tuesday, global law enforcement officials revealed the three-year operation, in which they said they had intercepted over 20 million messages, and arrested at least 800 people in more than a dozen countries.

In Australia, the effort ensnared domestic and international organized crime groups and outlaw motorcycle gangs, with more than 200 people arrested, officials said. Hundreds more were arrested in Europe, the authorities said, and American law enforcement officials were expected to announce further arrests later on Tuesday.

The operation, as described by the Australian authorities and court documents in the United States, represents a breakthrough for law enforcement. Although the authorities have cracked or shut down encrypted platforms in the past — such as one called EncroChat that the police in Europe successfully hacked — this is the first known instance in which officials have controlled an entire encrypted network from its inception.

“We have been in the back pockets of organized crime,” Reece Kershaw, the commissioner of the Australian Federal Police, said on Tuesday.

The F.B.I.’s operation, according to the court documents, which were unsealed by the Justice Department on Monday, had its origins in early 2018, after the bureau dismantled a Canadian-based encryption service called Phantom Secure. That company, officials said, supplied encrypted cellphones to drug cartels and other criminal groups.

Seeing a void in the underground market, the F.B.I. recruited a former Phantom Secure distributor who had been developing a new encrypted communications system, called Anom. The informant agreed to work for the F.B.I. and let the bureau control the network for the possibility of a reduced prison sentence, according to the court documents. The F.B.I. paid the informant $120,000, the documents said.

Anom devices were cellphones that had been stripped of all normal functions. Their only working app was disguised as the calculator function: After entering a code, users could send messages and photos with end-to-end encryption.

Working with the Australian authorities, the F.B.I. and the informant developed a “master key” that allowed them to reroute the messages to a third country and decrypt them.

The authorities also relied on the informant to get the devices into the highly insular criminal networks. The informant started in October 2018 by offering the devices to three other distributors with connections to organized crime in Australia.

A big break, law enforcement officials said, came when they were able to get one of the devices into the hands of Hakan Ayik, an Australian who fled the country a decade ago and whom the police believe has been directing drug imports from Turkey.

The user base grew quickly, and as of last month, there were about 9,000 active devices and users in more than 90 countries, according to the F.B.I. In all, over 300 criminal syndicates used the devices, officials said, including in Germany, the Netherlands and Spain.

Jean-Philippe Lecouffe, deputy executive director of Europol, said the operation gave law enforcement “exceptional insight into the criminal landscape and will provide spinoff investigations.”

The Australian authorities acknowledged that Anom had carried only a small percentage of the total volume of encrypted communications sent by criminal networks. But they said that Anom had an advantage: Those running it were able to listen — directly — to the target audience and give users what they wanted.

After users spoke of desiring smaller, newer phones, the authorities began to provide them.

Australian officials said they had revealed the operation on Tuesday because of the need to disrupt dangerous plots currently in motion and because of limited time frames for legal authorities invoked to intercept the communications.

The Anom website previously displayed sleek graphics and glossy videos reminiscent of Apple ads. On Tuesday, it bore a new message: Users who wanted to “discuss how your account has been linked to an ongoing investigation” could enter their account details.

Source : Nytimes