https://www.abc.net.au/news/2021-06-08/fbi-afp-underworld-cr...
Apparently it revolved around duping Hakan Ayik, one of Australia's most wanted drug dealers now operating as an international kingpin from Turkey, to trust the app and recommend it to his associates. It's a double whammy, in that the network has been blown wide open and the AFP is now telling Ayik to hand himself in to avoid recriminations from his associates. No doubt there will be a movie about this one.
We often read (1) and (2) all the time with various scams from call centres, now the law has used that approach against a criminal and taken it too another level.
I have a lot of respect for this approach against such criminals on many levels.
But one take away from all this - IT security is often limited by humans and this highlights that perfectly. Just nice too read about criminals falling foul to the law who have taken one of their play-books and used it against them. Sure makes a change from reading about some old person loosing all their savings as somebody convinced them to install some random app just because they said they was from the bank/Microsoft etc.
I just heard on the radio (I’m an Aussie) that it’s not a phone app, it’s some kind if dedicated device that doesn’t do sms, mail or voice, only encrypted messages (that the law enforcement had the keys to).
https://www.vice.com/en/article/akgkwj/operation-trojan-shie...
https://www.nytimes.com/2021/06/08/world/australia/operation...
The Australian Federal Police premise that he would be safer from reprisals in prison is an extremely shaky one [1]
Although if they can cut him off from all funds, it might become true.
[1] edit: https://www.aic.gov.au/sites/default/files/2020-05/tandi103.... - "homicide rate ... is up to 7 times higher [than outside]"
I imagine the homicide rate is a wee bit higher than average for drug kingpins, particularly those seen to have ratted out 100+ people, even unintentionally.
This is based on assumption that a regular "free" person has not made thousands of criminals at the same time.
[1] https://www.vice.com/en/article/akgkwj/operation-trojan-shie...
Not saying that having a VPN service from Russia or China is a better solution...
https://www.computerweekly.com/news/252466203/Top-VPNs-secre...
I wonder how this all ties together. As someone mentioned here, there surely be some movie about it.
I expect this to be bigger than Panama Papers. Way bigger. I expect a few prominent politicians to be soon either arrested or "convinced" to step down. I expect the US to have gained a lot of intel and leverage over those from the countries who did not participate in this. We will absolutely not learn about everything they discovered. CIA will and the respective intelligence agencies will.
EDIT: Europol will hold their conference live on YouTube at 10 AM CST: https://twitter.com/janoorth/status/1402164252266409987
EDIT 2: given how Serbia was in the top 4 of messages sent, I really hope that the info gathered will help Interpol fight child trafficking and exploitation in the EU.
From the VICE article (https://www.vice.com/en/article/akgkwj/operation-trojan-shie...) quoted elsewhere here:
"Additionally, the review of Anom messages has initiated numerous high-level public corruption cases in several countries. The most prominent distributors are currently being investigated by the FBI for participating in an enterprise which promotes international drug trafficking, money laundering, and obstruction of justice."
"Late Monday, the FBI said that it would be holding "a news conference announcing a massive worldwide takedown based on the San Diego FBI’s unprecedented investigation involving the interception of encrypted communications" on Tuesday."
"To determine if your account is associated with an ongoing investigation, please enter any device details below:"
and then it asks for your username, country and IMEI....
* 70 yesterday in Sweden
* 5 yesterday in Spain (related to Swedish investigations)
* 80 earlier, candidly
I believe 70 is the figure that should be compared with the 800 total [1].
> A series of large-scale law enforcement actions were executed over the past days across 16 countries resulting in more than 700 house searches, more than 800 arrests [...]
1: https://www.europol.europa.eu/newsroom/news/800-criminals-ar...
There is another press conference at 09:00 PDT too (FBI I believe).
Side note: Scotland is recognised separately from the UK in the list of participating countries. ;)
There isn’t much of a stretch of the imagination required to see that there is a deep rabbit hole that just got filled with cement.
The difference has long irritated 'the English Establishment' so much that an informal verse was sung at one point as an adjunct to what is now the UK National Anthem (but was not officially added contrary to some popular belief[1]).
It also gave rise to the deeply racist phrase "Scot Free" in relation to people being acquitted in trials - during 'show trials' to crush anti-establishment figures, Scots juries would regularly return 'not proven' verdicts as it was necessary for all parts of an indictment to be 'proved' and juries used the verdict to rebel against unjust trials of English opponents. The phrase was used to denigrate those thus freed by juries and persists throughout the English speaking world today and is in common usage despite it's origin as a racist epithet towards Scots and the Scottish legal system.
[1] http://www.sath.org.uk/edscot/www.educationscotland.gov.uk/s...
Right now $31,916/BTC, down over 11% from ~$36,100 24 hours ago... and falling.
[1] https://www.cnbc.com/2021/06/08/bitcoin-btc-price-slides-as-...
Won't happen because the media and FANG runs cover for politicians in the west as opposed to reporting on them.
They keep burring anything that can be slightly damaging to politicians while they dox private individuals with impunity.
I highly doubt it. The main drug operations run with state approval. If anything this was just an attempt to either clean the country from competition or just keep law enforcement busy. If you read the reports, what they have collected, this is nothing if you compare what kind of volumes are being moved every day.
For example, in the UK alone it is estimated that yearly volume of illegal cannabis sales is in the region of 6 billion of pounds and the haul of entire operation was like how much, a 100 million?
What it is going to achieve is a slight vacuum, new youth "get rich quick type" will take place and resume operations.
If this wasn't announced in the media, I doubt drug consumers would have ever noticed something happened. If someone is using illegal market, they have plenty of alternative contacts if their main dealer goes bust.
Also these things are already included in the pricing, so this will be just written off as cost of doing business.
I saw this. Watched the whole Europol conference. Those numbers are indeed low: 9 tons of cocain, 5 tons of cannabis/hashish. Some guns and 15m USD, if I remember correctly.
I still don't think I exaggerated. There's no way that's all they got from it after 3 years of eavesdropping. There's just no way that those tens of thousands of messages only incriminated some drug lords. What they did with these press conferences was a pure PR, they just wanted something for the press, but I still believe that the actual aftermath of this will much larger.
If they did, they’d get defunded. We’d get more off the streets by just buying it.
Tradeoffs. Traditional tradecraft would inhibit such discovery methods. But it's slow and expensive. Your competitors would outmaneuver you in the short term.
To enable the "kid who knows computers," you also need to train your people in opsec and digital sanitation. That might similarly be expensive and growth inhibiting enough to invite more daring competition.
Of course after a bust, you could go back and say “well obviously they should have done this differently and doubled their security here” but they can’t double their security everywhere and they can’t know every single possible way that every single aspect of everything could become compromised.
There's a reason that classified processing and data storage employs layered physical security too. There's that old saying about what happens when you give someone physical access to the machine.
There's more unemployed tech people out there than many here realize though. People that don't present well in interviews, people that didn't stay employ-ably current in tech, hardware guys replaced by the cloud, people in less hot locations for tech, etc. Criminal organizations are much less picky and judgmental than your average tech startup and in some cases may be the only one's willing to give them a chance.
I'd bet good money that the truth is usually quite banal: these individuals make a series of small and highly contingent decisions over time that gradually push them in the direction of criminality or culpability, reinforced over time by social & financial reward for doing so.
Shipping coordinators got busted? How sad.
Over my life Ive met people who while they seem competent and can tie their shoe laces appear to make bad decisions because they have trouble with judging likely outcomes. Those are the people getting hired to do this sort of work.
These people are organised in that they make deals with each other in friend networks. But the people involved are not the sharpest knives in the draw. They get their positions via violence and intimidation more than cunning and planning.
There are cleaver crooks, but we do not often hear from them. A lot of them work at Wall Street, which contains the biggest and most profitable criminal gangs
These ones, who were busted, are greedy violent thugs. They do not know who to trust because they are untrustworthy.
Good riddance to bad rubbish.
Most if not all markets until now have been run by geeks with limited knowledge and skills, wading in to the criminal underworld and inevitably making rookie mistakes.
Both Ross and the guy in Bangkok had their personal emails tied to the markets. Some kids running a big market from Germany connected to the server on their mom's wifi. The list goes on.
Imagine being responsible for facilitating murder-for-hire, sex trafficking and so on...
The PR barrage and faux posturing by the FBI to weaken encryption has always seemed like just lazy policing to me.
If anything, the hacking attacks on industrial centers has better illustrated than anything why encryption is necessary, and this new triumph has demonstrated that police can continue to function, even thrive in a world that permits encryption.
By adding a backdoor to E2E encryption? That is pretty much what they have been asking for :)
Amazing that criminals still pick some unknown device over an existing solution with a proven track record.
This is not the first time something like this has happened:
Not really. At least in Australia's case they asked for the ability to access data on the end point while it is unencrypted, which it must be when a human consumes it. They didn't want to backdoor encryption, just bypass it. And they didn't just ask for it - they got it.
Specifically, the Assistance and Access bill (2018) [0]. The "Assistance" in the title allows them to demand assistance from a software company (eg, Google / Microsoft / Apple) in developing an app (or a modified version of an existing app) that that won't trigger the OS's warnings while it provides access to data while it is unencrypted. The "Access" in the bills title refers to the fact they can they demand the software developer force the app to be "upgraded" to the "spy" version on targeted devices via their normal security patch mechanisms.
As you can probably gather from the date of the bill, this law has been in place or about 2 years now. But it probably wasn't in place when this started, as the law was passed New Years Eve, 2018, which explains all this social engineering cloak and dagger stuff.
When I first saw the story I thought it was odd they publicising a hack that only works when nobody knows about it. But now I think about it, my guess is they publicised it because they won't need to use it again. They've legislated far easier ways to spy on a phone.
[0] https://www.homeaffairs.gov.au/about-us/our-portfolios/natio...
I don't think it's really the same as "what they were asking for" at all.
a.) they didn't compel a company to secretly do it for them
b.) the back door is targeted, I.e. not mass surveillance
As far as I understand, they did the work themselves (modified android OS), and their methods were targeted. A "bad guy" could only get this special, hacked phone, from other "bad guys". This wasn't the same thing as, sending a mole to get work at Cisco and install an undetectable zero-day in all communication infrastructure switches world-wide. And it's definitely a far cry from forcing apple to make a modified iOS on their behalf.
No, they pretty much did what hackers do, and as far as I'm concerned, that's fair game.
You're only anonymous as long as you're not actively targetted, despite using "secure" apps and stuff like Tor, which media makes it seem are unbreakable.
[0]https://webcache.googleusercontent.com/search?q=cache:PwQXt6...
[0] https://en.wikipedia.org/wiki/Parallel_construction?wprov=sf...
That is because the usability of PGP is so bad, they wouldn't have any time to actually operate their criminal enterprise.
Also - email, PGP or not, leaks metadata, and the police will happily end your whole criminal career based on metadata.
None of these were exploited to retrieve this data, and the third party app that was installed was not intended to encrypt conversations given that it was a honeypot.
> popular apps
This was a small app unknown by anyone outside of criminal orgs. It had no "legitimate" non-criminal users.
> especially in the US
The app was deployed in Australia.
> can always be commandeered
Why distribute a random app when they could have gotten the criminals to use Signal or Telegram and bust them there?
> as long as you're not actively targeted
How long did it take to find Bin Laden?
> despite using "secure" apps
This was not a secure app and any audit would have revealed this (audits such as the ones that Signal and friends have undergone).
> and stuff like Tor,
Tor was not involved.
> media makes it seem are unbreakable.
None of the apps hyped as "unbreakable" were broken here, so...point still stands, I guess?
Honestly, if anything, the recommended approach from this incident would be to use the walled garden - an FBI-backed honeypot would have a lot harder time getting from the App/Play Store onto a user's phone if it was obviously a scam to collect user conversations, asked for a bunch of permissions, had no reviews, and no apparent update history. Who would download some random chat app that nobody uses?
Bin Laden used couriers in place of digital communications. And the trail that led to him began with his most trusted courier.
Allegedly, al-Kuwayti was uncovered, some of his communications were intercepted, and then he was followed up to Bin Laden's refuge.
> Who would download some random chat app that nobody uses?
The only thing that slowed the capture was using a courier network. Are you a criminal? Do not use a phone.
Seriously, criminals should know better, whether they are petty drug dealers or major terrorists.
Misplaced faith in cryptography is the gift that keeps on giving.
> > especially in the US
> The app was deployed in Australia.
Australia has an even worse equivalent of US National Security Letters, allowing individual workers to be compelled to plant backdoors etc..
For me the lesson here is the same old lesson - Your security is only as good as the humans that interact with it.
- Sky ECC (Shutdown, owner is facing criminal charges)
- Phantom Secure (Shutdown and owner got 9 years in prison)
- Encrochat ("Hacked" by french police)
So it seems like those "Encrypted phones" were very effective for Law Enforcement to put such an effort to go after them.
I think that criminal organizations will now rely on a do it yourself technique. Not buying phones online which is a very bad idea as law enforcement could just trap the phones at the postal facility, something they already do.
Going to an old fashion phone retailer, then removing the camera and GPS module yourself and installing some encrypted open source software.
Probably they are also going to fake messages. For 2 purposes:
- Talk about a fake huge drug deliveries or an imminent mass shooting to verify if the network has been compromised, I am pretty sure police has no choice other than to act in such a situation.
- This could be used as a strategy defense, if some messages turn out to be fake, then they can use plausible deniability on the others. And perhaps even claim police has faked them.
Surprised this wasn't done more. It's the classic tactic you see in the movies: give false intel to the suspected mole and see if they snitch on you.
Ya, acknowledging the role of compromised encryption feels like burning their source.
Speculation: Churchhill chose to let Coventry get bombed rather than disclose that German encryption had been cracked.
Wouldn't the long game be to allow criminals to believe their communications remain secure, for law enforcement to do parallel construction for their cases?
I can't imagine the calculus that goes into these decisions.
Whatsapp or Telegram which your grandma uses would be very low reward compared to amount of conversations to parse.
if the crying wolf method worked, terrorists would have a much easier time executing their plots.
Pulse night club comes to mind as a counterpoint. A lot of people died to keep an informant happy. I think a more cynical outlook on law enforcement is appropriate.
Selling a bugged phone to a known criminal is likely fine (cite: The Wire).
But is it acceptable to sell a bugged phone to unknown/unidentified/random people and then use the phone's communications to determine if the owner is a crook and the owner's identity? The sole basis of suspicions seems to be "bought phone", or maybe "bought phone using bitcoin", or even "bought phone on TOR using bitcoin".
It will be interesting to see how many of these cases hold up in court.
>Step 1: Confirm known bad guy has phone through some other means.
>Step 2: Decrypt phone messages of known bad guy. Confirm they are criminal activities.
>Step 3: Note all previously unknown phones that exchanged criminal messages with known criminal.
>Step 4: Those phones are now considered belonging to known criminals. Return to Step 2.
Now, its totally possible they were just saying “someone bought a phone through TOR, they are probably bad so we can decrypt their messages” but that doesn’t have to be true for them to have worked their way through this criminal network.
I mean, if it’s well encrypted, it should be strong enough to not worry about any random being on the network too, no?
I guess that’s too counterintuitive for those sweating right now.
You start with the head honchos phone, someone texts him about a drug shipment, so you get a warrant to access the backdoor on that phone as well, and so on.
As long as there aren't isolated cells, you get every cell phone. Since you're relying on the head honcho to push the phones, there probably aren't isolated cells.
I'd also assume they don't just take orders from anyone, I'd imagine you'd need a referral.
amazing really. and pretty funny if you asked me :-P
Imagine Signal, Telegram, or any other app that touts themselves as a secure app is really just the creation of the FBI, NSA, CIA, and NRO.
Remember, yesterday’s conspiracy theory is today’s reality.
Amazing that these "world class" criminals fall for this stuff.
Drug cartels over here are terrible.
There's some pretty convincing speculation Dream market was setup as a similar operation to this. [0]
If this proves anything it's that the fear mongering by LE about encryption was overblown and they're just lazy lol.
Let's say police claims you did something with only the chat log as an evidence and they run the chat software. Then they could very well have just faked it, because they have a high incentive to do so.
If the messages were on a third party platform you would at least have a neutral third party involved.
Also drug use is often not down to that user having a fair happy reality and oh so often the product of bigger issues that go untackled and addressing those social injustices would do far more to address crime overall than just legalising drugs.
Now if they legalised drugs and used that tax income to address those social issues, then we would see progress and more so, some fairness restored.
So you don’t just have a big shift out of the black market, but what’s left of the black market has also been decimated, and spends more on marketing/quality/experience.
It's not common, and not very profitable.
Overall, a very clean website source. No trackers in the source at all.
Countries list is interesting. Lists Puerto Rico, American Samoa and Virgin Islands (US). Didn't know PR seceded, thank you FBI for confirming. Lists various French territories. Missing South Sudan. Missing Kosovo. Includes Taiwan. Includes Palestine.
Seems like they're flexing.
If it’s their system, why would they need to seize its domain?
Updated Date: 2020-07-07T06:01:35.21Z
"This data comprises the encrypted messages of all of the users of Anoms with a few exceptions (e.g., the messages of approximately 15 Anom users in the U.S. sent to any other Anom device are not reviewed by the FBI),"
Any ideas as to why?
An informant (confidential human source, or "CHS") helped the FBI and AFP (Australian Federal Police) develop and distribute Anom to criminal gangs (transnational criminal organizations, or "TCOs"):
> The CHS offered this next generation device, named “Anom,” to the FBI to use in ongoing and new investigations. The CHS also agreed to offer to distribute Anom devices to some of the CHS’s existing network of distributors of encrypted communications devices, all of whom have direct links to TCOs.
Anom was specifically designed from the ground up with an encryption backdoor:
> Before the device could be put to use, however, the FBI, AFP, and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability. By design, as part of the Trojan Shield investigation, for devices located outside of the United States, an encrypted “BCC” of the message is routed to an “iBot” server located outside of the United States, where it is decrypted from the CHS’s encryption code and then immediately re-encrypted with FBI encryption code. The newly encrypted message then passes to a second FBI-owned iBot server, where it is decrypted and its content available for viewing in the first instance.
Naturally, the FBI can't spy on domestic communications without a warrant, so they got the AFP to do it for them:
> FBI geo-fenced the U.S., meaning that any outgoing messages from a device with a U.S. MCC would not have any communications on the FBI iBot server. But if any devices landed in the United States, the AFP agreed to monitor these devices for any threats to life based on their normal policies and procedures.
Closing Sky Global and Encrochat drove criminals to Anom:
> Since March 12, 2021, as a direct result of the Sky Global charges, there are now close to 9000 active Anom users. The criminals who use hardened encrypted devices are constantly searching for the next secure device, and the distributors of these devices have enabled criminals’ impenetrable communications on these devices for years.
Finally, the FBI quite directly admits their goal is to shake confidence in encrypted messaging:
> A goal of the Trojan Shield investigation is to shake the confidence in this entire industry because the FBI is willing and able to enter this space and monitor messages.
There's also a number of sample conversations in the warrant application showing criminals openly talking about moving drugs and other illegal activities with absolutely no code. Definitely worth a read.
I'm sure they would benefit from those just the same way legitimate enterprises do. The only difference is that they do more illegal stuff and use more violence, but the fundamental business dynamics should be the same.
The only aspect that would stand out to use a "criminal specific" CRM would be hosting & security.
https://webcache.googleusercontent.com/search?q=cache%3APwQX...
> "This data comprises the encrypted messages of all of the users of Anoms with a few exceptions (e.g., the messages of approximately 15 Anom users in the U.S. sent to any other Anom device are not reviewed by the FBI)," the document reads.
From From https://www.vice.com/en/article/akgkwj/operation-trojan-shie...
Probably the next season of the "StartUp" TV series
It might be my Hollywood education speaking, but criminal networks are supposed to lean strongly on status and respect (how could they not, given the absence of law enforcement which makes trust the only option) and this makes them vulnerable to fashion as a malware vector.
I can see how strong was the temptation to continue and see how far it could go.
If they dug their claws into wikr, they'd have to worry about leaks from every single person involved with wikr on top of all potential leaks from law enforcement personnel.
Also, I suspect it's easier to get the warrants needed to create a sting from the ground up than it is for several different law enforcement agencies around the world to each get separate warrants to access wikr/slack/discord/whatever's data.
Once the data legally exists in a law enforcement database, it is relatively simple bureaucracy to share it with allied organizations.
Never trust an app that neither charges for its use (like Threema), nor takes donations (like Signal Foundation).
Wickr's funding is a huge mystery. Approach with caution.
The following thread looks at some of the opened court documents today:
https://twitter.com/ericgarland/status/1402100449013125123
(and points out that the Trump organisation might be in trouble ....)
Arbitrage isn’t just for bankers.
But, I don't see how he the tweeter could be sure or know that Trumps used this app?
Thanks for that line, I was starting to worry that there were things going on in the world that weren't about Trump.
Excuse me, but I can't stop laughing. Three years effort to catch a small fish and they sell it as if they got bust of the century.
Why don't they investigate politicians that facilitate prohibition and enable these gangs to work in the first place?
Police can't see they run fool's errands.
I bet a bunch of them will go back to in-person communication only for a long while after this, slowing things down considerably.
The argument, it is used by criminals is flawed. Because everything is - water pipelines, cash, facebook, and so on.
