How the FBI and AFP accessed encrypted messages in TrojanShield investigation

How the FBI and AFP accessed encrypted messages in TrojanShield investigation

Posted June 8, 2021

How the FBI and AFP accessed encrypted messages in TrojanShield investigation

  • The Federal Bureau of Investigation (FBI) in 2018 commenced the investigation after it recruited a confidential human source to provide access to Anom, an encrypted communications product used by transnational criminal organisations (TCOs).
  • The FBI said it recruited the source shortly after arresting Vincent Ramos, the CEO of Phantom Secure, who had sold the company’s encrypted devices exclusively to members of criminal organisations.
  • Operation Trojan Shield was centred on exploiting Anom by inserting it into criminal networks and working with international partners, including the Australian Federal Police (AFP), to monitor the communications. In order for an Anom device to be useful for monitoring, the FBI, AFP, and the confidential human source built a master key into the existing encryption system, which surreptitiously attached to each message and enabled law enforcement to decrypt and store messages as they were transmitted.
  • Each Anom user was assigned to a particular Jabber Identification (JID) by the source or an Anom administrator.
  • After the testing in Australia, the FBI engaged a third country — which has been left unidentified — that agreed to join the TrojanShield investigation and set up its own iBot servers.
  • The law enforcement agencies translated and catalogued more than 20 million messages from a total of 11,800 devices located in over 90 countries as part of Operation TrojanShield. The top five countries where Anom devices were used, before the encrypted product’s services were shut down on Tuesday, included Australia, Germany, the Netherlands, Spain, and Serbia.
  • The law enforcement agencies decided to bring the online sting operation to light as the third country’s warrant expired on June 7 along with the operation itself.
  • The TrojanShield operation led to 525 search warrants, 224 individuals being charged, 525 charges in total, six clandestine labs being taken down, and 21 threats to kill being averted. 3.7 tonnes of drugs, 104 firearms and weapons, and over AU$45 million in assets were also seized as part of the operation.

– Campbell Kwan | June 8, 2021