FBI Arrests Hundreds in Encrypted Chat App Sting

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
38,743
So,

There was this app specially marketed towards criminals, named ANoM.

Fully encrypted end to end, and only made available on special phones with a custom security image pre-installed.

You could only get one of those phones if you "knew someone".

Also, as it turns out, the developer of this app was the FBI and the Australian Intelligence Service. 🤣

The FBI and Australian Federal Police have as a result arrested hundreds of criminals who thought they were communicated securely on a trusted platform.

"It allowed the agencies to look through millions of encrypted messages between criminal enterprises, and has directly led to the arrest of suspects in Australia, Asia, South America, and the Middle East. Morrison said the cover plot had “struck a heavy blow against organized crime—not just in this country, but one that will echo… around the world.” Australian officials said they had arrested 224 people. The FBI is expected to hold its own press conference about the operation later Tuesday."

Be careful who you trust as your criminal safe space encrypted app, I guess? :p
 
I don't care if it is encrypted or what ever. No one should expect privacy at this point once it goes through the network.
 
Why make it public? they should have kept the operation going.

Well, they kept it going for 3 years, so my best guess is, it was blown already or the criminals were starting to put two and two together, and it was no longer viable.

Nothing stays secret forever, especially when organized criminals start going to jail :p
 
dam lol...are there any real encrypted apps out there? Not that it matters most people refuse to believe that their text logs are of any consequence. God knows what people say in FB, WhatApp or regular Text messages :)
 
Yes, there are. And they're also open source. And they use unbreakable encryption and collect no personal metadata.

Why someone would use this random "super secret phone club" is beyond me, and clearly their problem. Even the drug runners from The Wire were smarter and had no education.

Lazy morons got caught because being lazy. Good for us though.
 
dam lol...are there any real encrypted apps out there? Not that it matters most people refuse to believe that their text logs are of any consequence. God knows what people say in FB, WhatApp or regular Text messages :)

Who knows.

WhatsApp was previously entirely end to end encrypted, but they recently changed their privacy policies (probably because they wanted some of that sweet sweet ad revenue) so it is no longer truly private.

Apple's iMessage claims to be encrypted and not used for any purpose either, and they at least on the surface of things put up a legal fight with law enforcement, but I am not sure I trust that this is for anything more than publicity purposes.

Signal seems like a good alternative. It's a little less polished than the others, but at least purports to be truly privacy oriented, but then again, who really knows? They still seem to manage the encryption keys for you, which means there is always a chance someone else could get their hands on them. The only truly sure way to manage keys is to input them manually yourself on each device (and not share them via cloud services)

Not really sure what other options there are out there.

I'm not criminal, but I'm also not a fan of the surveillance society.
 
I’m assuming they got in with Encrochat which was busted last year. There was a really good article about that recently.
 
I'm curious how this relates to entrapment. Perhaps it runs afoul of US laws about that, which would explain why the article doesn't mention any US-based arrests.
 
I'm curious how this relates to entrapment. Perhaps it runs afoul of US laws about that, which would explain why the article doesn't mention any US-based arrests.
It would only be entrapment if they somehow had strongarmed each of them into using the app then created a situation where they on the app were trying to convince them to do something illegal so they could later arrest them for it. But the FBI and a number of different agencies put out hundreds of "Secure" chat apps, VPN's, and in some cases create popup telephone vendors to sell services to criminals to get an in on their data communications. There was a while and still may be ongoing really where intelligence agencies had supposed control of like 70% of all the TOR exit nodes so they could snoop on all traffic passing through those which also lead to a large number of arrests.
 
I'm curious how this relates to entrapment. Perhaps it runs afoul of US laws about that, which would explain why the article doesn't mention any US-based arrests.

I think that would be a stretch.

(Major disclaimer, I'm not even remotely close to a lawyer, I don't even play one on TV, and I have never stayed at a Holiday Inn Express)

You'd have to demonstrate somehow, that the fact that FBI made the super secret chat phones available, somehow twisted the arms of the criminals into committing the crimes they were caught talking about using the app.

I could be wrong, but this doesn't seem like a winning legal strategy to me.
 
Who knows.

WhatsApp was previously entirely end to end encrypted, but they recently changed their privacy policies (probably because they wanted some of that sweet sweet ad revenue) so it is no longer truly private.

Apple's iMessage claims to be encrypted and not used for any purpose either, and they at least on the surface of things put up a legal fight with law enforcement, but I am not sure I trust that this is for anything more than publicity purposes.

Signal seems like a good alternative. It's a little less polished than the others, but at least purports to be truly privacy oriented, but then again, who really knows? They still seem to manage the encryption keys for you, which means there is always a chance someone else could get their hands on them. The only truly sure way to manage keys is to input them manually yourself on each device (and not share them via cloud services)

Not really sure what other options there are out there.

I'm not criminal, but I'm also not a fan of the surveillance society.
I won’t touch Signal, gives me bad vibes. My friend talked me into using Threema as he’s been IRC buddies with one of the devs forever, and I will recommend it, but it costs $3. You don’t need to put in any kind of identifying information (though there’s definitely the option, and of course there’s the fact you’re getting it through an App Store as on iOS) and they recently went open source.
 
Apps Shmapps the only way two people can keep something secret is if one of them is dead. The morale here is don't talk about your illegal doings with anyone, in any way, that you aren't willing/able to kill to prevent it from coming back on you. Better yet don't have illegal dealings or if you must keep them to yourself.
 
Apps Shmapps the only way two people can keep something secret is if one of them is dead. The morale here is don't talk about your illegal doings with anyone, in any way, that you aren't willing/able to kill to prevent it from coming back on you. Better yet don't have illegal dealings or if you must keep them to yourself.
Buying and reSelling illegal things imply not keeping it to yourself in some ways and in this current scenario willingness to kill anyone would obviously not help, it is the organized crime arrest.

Take an example of an arrest:
delivery of cocaine from Ecuador to Spain hidden inside containers of refrigerated tuna,

That not a possible single men operation, that would grow cocaine and do what it need to do with it to be sellable, but it in container himself, remove them from container and sell them on the street at those volume. It require coordination between people in some ways.

Why make it public? they should have kept the operation going.
Speculating here, but trial and most evidence tend to be made public (and to the defence team), they can and try to keep method secret if possible, but in this case if they need in their set of proof to use message sent by that app, that necessarily blow it up.
 
That not a possible single men operation, that would grow cocaine and do what it need to do with it to be sellable, but it in container himself, remove them from container and sell them on the street at those volume. It require coordination between people in some ways.

All very true. Does not change anything I said. Relaying messages about illegal things or even private things through an unknown third party is the height of stupidity.
 
All very true. Does not change anything I said.
Except if I did not understood the spirit of with, I feel like it does.

Do you mean, never engage in criminal activity that involve more than a person if you want to reduce your chance to get caught... well obviously, but that seem a strange trivial comment too obvious to make and with the kind of money for the type of operation we are talking about, someone will do it, I felt like you talk has is the people caught could have done what they did without ever talking to anyone in any ways, which sound impossible for that type of international, large scale criminal entreprise.
 
What were the crimes, offending people?
mostly drugs. I dunno, to me it feels underwhelming considering the scope of this.

More than 800 suspects were arrested and more than 32 tons of drugs — cocaine, cannabis, amphetamines and methamphetamines were seized along with 250 firearms, 55 luxury cars and more than $148 million in cash and cryptocurrencies.
 
Who knows.

WhatsApp was previously entirely end to end encrypted, but they recently changed their privacy policies (probably because they wanted some of that sweet sweet ad revenue) so it is no longer truly private.

Apple's iMessage claims to be encrypted and not used for any purpose either, and they at least on the surface of things put up a legal fight with law enforcement, but I am not sure I trust that this is for anything more than publicity purposes.

Signal seems like a good alternative. It's a little less polished than the others, but at least purports to be truly privacy oriented, but then again, who really knows? They still seem to manage the encryption keys for you, which means there is always a chance someone else could get their hands on them. The only truly sure way to manage keys is to input them manually yourself on each device (and not share them via cloud services)

Not really sure what other options there are out there.

I'm not criminal, but I'm also not a fan of the surveillance society.

I've worked at one of these, and personally know and trust a number of people who work at another one. But, there's nothing I can say that should lead you to trust any of the claims. If you want to trust these things, you need to audit the installed app (including decompiling them) to confirm the claims, as well as audit the installed OS to make sure it's not leaking stuff and you need to make sure that you don't update versions of anything without auditing the new one, and verify/audit security of any backups made, and any other apps you install (which could potentially exploit OS vulnerabilities to access your message databases and exfiltrate them), and the big one --- make sure you're not communicating with anyone who doesn't do the same. Also, you have to make sure nobody involved made inadvertent (or not) mistakes that leak your data.

The best way to make sure there's no way for law enforcement to access your communications about illegal activities is to not participate in illegal activities. The next best way is to not use electronic means to communicate and to avoid written correspondence in general. End to end encryption is a distant third choice, although maybe I missed an intermediary choice.
 
mostly drugs. I dunno, to me it feels underwhelming considering the scope of this.

More than 800 suspects were arrested and more than 32 tons of drugs — cocaine, cannabis, amphetamines and methamphetamines were seized along with 250 firearms, 55 luxury cars and more than $148 million in cash and cryptocurrencies.
It'd be nice to see the amount of money spent vs collected in that equation.
 
It'd be nice to see the amount of money spent vs collected in that equation.
Right?

Not saying this was a waste but i just feel like it was a really strong hand to play that you wont be able to play again and could have taken out some terrorist cells or break up a lot of human trafficking.

I mean im just armchair judging but just seems like so much more could have been done. I guess it could also just be you cant control what bites the bait after you cast it.
 
It would only be entrapment if they somehow had strongarmed each of them into using the app then created a situation where they on the app were trying to convince them to do something illegal so they could later arrest them for it. But the FBI and a number of different agencies put out hundreds of "Secure" chat apps, VPN's, and in some cases create popup telephone vendors to sell services to criminals to get an in on their data communications. There was a while and still may be ongoing really where intelligence agencies had supposed control of like 70% of all the TOR exit nodes so they could snoop on all traffic passing through those which also lead to a large number of arrests.
Entrapment doesn't require being strongarmed. Being strongarmed would fall under coercion.

Creating a fake tool and giving it to suspected criminals while telling them that its intended to be used specifically for criminal stuff sounds like entrapment to me (I am not a lawyer). The lack of arrests in the US that result from this tool which was created by a US agency is telling, IMO. They must have a good reason why they're afraid to use it in the US. Entrapment might be it.
 
Entrapment doesn't require being strongarmed. Being strongarmed would fall under coercion.

Creating a fake tool and giving it to suspected criminals while telling them that its intended to be used specifically for criminal stuff sounds like entrapment to me (I am not a lawyer). The lack of arrests in the US that result from this tool which was created by a US agency is telling, IMO. They must have a good reason why they're afraid to use it in the US. Entrapment might be it.
It’s more like they have a different tool in the US under a different name and that one is still ongoing. The Australian one went 3+ years and they moved on it now because it looks like they were found out and had to move with what they had.
Even with out strong arming them to use the tool it’s no different than any other sting operation. You can put an old lady with a unattended purse on a park bench and catch all the people who try to steal it, no problem.
But if you have an undercover cop around the corner pointing it out to people going, “hey that purse looks so easy to steal, you should go do that” then it’s entrapment.
 
I'm curious how this relates to entrapment. Perhaps it runs afoul of US laws about that, which would explain why the article doesn't mention any US-based arrests.
Entrapment requries a motivationation impact.
Putting tools available to send secret messages does not request the end user to commit something illegal

Conditionan a school student to go buy drugs for you because you are the only friend he has is entrapment.

https://en.wikipedia.org/wiki/Entrapment
 
Last edited:
could have taken out some terrorist cells
For those (depending on where and what the trial look like, if there is any and not just some drone attack) I am not sure the method would end up public how they achieve it (i.e. maybe they did), again i could be extremelly wrong here.
 
Last edited:
Right?

Not saying this was a waste but i just feel like it was a really strong hand to play that you wont be able to play again and could have taken out some terrorist cells or break up a lot of human trafficking.

I mean im just armchair judging but just seems like so much more could have been done. I guess it could also just be you cant control what bites the bait after you cast it.

maybe, a large chunk of society wants drugs, I'd wager the demand and potential easy money factored heavily into the success of this program. The market for trafficking and terrorism is significantly smaller (more intimate) and not driven by the want of the general public, I'd imagine it is a lot harder to infiltrate those networks with this kind of scheme.
 
Interesting that the FBI was involved but no Americans arrested. I would imagine that these devices were made and distributed in countries that don't have a 14th Amendment type protections.
 
Why make it public? they should have kept the operation going.
Probably they caught everyone they thought they could get: either they got everyone important, or they expected they story to break and that everyone else using the app would disappear.
 
Interesting that the FBI was involved but no Americans arrested. I would imagine that these devices were made and distributed in countries that don't have a 14th Amendment type protections.
Well, it is a more interesting story than not, it looks like the FBI caught the guy originally responsible for the App and the secure phone service, then he got the FBI access to the platform and continued to have it pimped out on his behalf in exchange for a lighter sentence. The operation run out of Australia mostly dealt with Asian organized crime operating in the area, so it is very likely that the service never actually made its way to the US. So the FBI gets a lot of credit for catching the mastermind but the App and the modified phones were in the wild for a long time before the FBI got involved with it.
 
Ouch. Being the Goober who recommended these things to all his larcenous chums has to suck.
Supposedly the app and the phones were secure for a long time until the guy running that program was caught by the FBI who gave them access to his network in exchange for a lighter sentence, that guy I have to assume is now employed by the FBI under a new name because his service looks to have mostly been used by the Asian crime syndicates operating in and around Australia and their branch locations. So I have to assume that its him that they are going to want to take this out on.
 
In addition to Signal, which is based on the open whisper protocol, which is OS, there's also Telegram.

If you want, you can deploy your own docker image, like
kayvan/signal-cli

Then you're not trusting anyone to manage your keys, and good luck ever having anyone spy on that.
 
It was the FBI.
No it was in use as a secure platform for a few years before the FBI got involved. The FBI caught the guy who developed the platform, then he got them access to it for a lighter sentence.
 
Back
Top