Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Operation Trojan Shield
Operation Trojan Shield (stylized TRØJAN SHIELD), part of Operation Ironside, was a collaboration by law enforcement agencies from several countries, running between 2018 and 2021. It was a sting operation that intercepted millions of messages sent through the supposedly secure smartphone-based proprietary messaging app ANOM (also stylized as AN0M or ΛNØM). The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle clubs, drug syndicates and other organised crime groups.
An investigation into a Canadian secure messaging company called Phantom Secure was initiated in 2017. The FBI alleges that the investigation revealed that Phantom Secure sold its encrypted devices exclusively to members of transnational criminal organizations (TCO). Hardened encrypted devices provide an "impenetrable shield against law enforcement surveillance” and are in high demand by TCOs, thus the shutdown of Phantom Secure in March 2018 left a vacuum for TCOs in need of an alternative system for secure communication.
Around the same time, the San Diego FBI branch had been working with a person, known by the pseudonym "Afgoo", who had been developing a "next-generation" encrypted device for use by criminal networks. The person was facing charges and cooperated with the FBI in exchange for a reduced sentence. The person offered to develop ANOM and then use his contacts to distribute it to TCOs through existing networks. Before the devices were put to use, however, the FBI, and the AFP had a backdoor built into the communication platform which allowed law enforcement agencies to decrypt and store the messages as the messages were transmitted. The first communication devices with ANOM were offered by this informant to three former distributors of Phantom Secure in October 2018.
The FBI named the operation "Trojan Shield", and the AFP named it "Ironside". Europol set up the Operational Task Force Greenlight.
The ANOM devices consisted of a messaging app running on Android smartphones with a custom ROM called ArcaneOS that had been specially modified to disable normal functions such as voice telephony, email, or location services, and with the addition of PIN entry screen scrambling to randomise the layout of the numbers, the deletion of all information on the phone if a specific PIN is entered, and the option for the automatic deletion of all information if unused for a specific period of time.
The app was opened by entering a specific calculation within the calculator app, described by the developer of GrapheneOS as "quite amusing security theater", where the messaging app then communicated with other devices via supposedly secure proxy servers, which also – unbeknownst to the app's users – copied all sent messages to servers controlled by the FBI. The FBI could then decrypt the messages with a private key associated with the message, without ever needing physical access to the devices. The devices also had a fixed identification number assigned to each user, allowing messages from the same user to be connected to each other.
About 50 devices were distributed in Australia for beta testing from October 2018. The intercepted communications showed that every device was used for criminal activities, primarily being used by organised criminal gangs. About 125 devices were shipped to different drop-off points to the United States in 2020.
Use of the app spread through word of mouth, and was also encouraged by undercover agents; drug trafficker Hakan Ayik was identified "as someone who was trusted and was going to be able to successfully distribute this platform", and without his knowledge was encouraged by undercover agents to use and sell the devices on the black market, further expanding its use. After users of the devices requested smaller and newer phones, new devices were designed and sold; customer service and technical assistance was also provided by the company. The most commonly used languages on the app were Dutch, German and Swedish.
Hub AI
Operation Trojan Shield AI simulator
(@Operation Trojan Shield_simulator)
Operation Trojan Shield
Operation Trojan Shield (stylized TRØJAN SHIELD), part of Operation Ironside, was a collaboration by law enforcement agencies from several countries, running between 2018 and 2021. It was a sting operation that intercepted millions of messages sent through the supposedly secure smartphone-based proprietary messaging app ANOM (also stylized as AN0M or ΛNØM). The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle clubs, drug syndicates and other organised crime groups.
An investigation into a Canadian secure messaging company called Phantom Secure was initiated in 2017. The FBI alleges that the investigation revealed that Phantom Secure sold its encrypted devices exclusively to members of transnational criminal organizations (TCO). Hardened encrypted devices provide an "impenetrable shield against law enforcement surveillance” and are in high demand by TCOs, thus the shutdown of Phantom Secure in March 2018 left a vacuum for TCOs in need of an alternative system for secure communication.
Around the same time, the San Diego FBI branch had been working with a person, known by the pseudonym "Afgoo", who had been developing a "next-generation" encrypted device for use by criminal networks. The person was facing charges and cooperated with the FBI in exchange for a reduced sentence. The person offered to develop ANOM and then use his contacts to distribute it to TCOs through existing networks. Before the devices were put to use, however, the FBI, and the AFP had a backdoor built into the communication platform which allowed law enforcement agencies to decrypt and store the messages as the messages were transmitted. The first communication devices with ANOM were offered by this informant to three former distributors of Phantom Secure in October 2018.
The FBI named the operation "Trojan Shield", and the AFP named it "Ironside". Europol set up the Operational Task Force Greenlight.
The ANOM devices consisted of a messaging app running on Android smartphones with a custom ROM called ArcaneOS that had been specially modified to disable normal functions such as voice telephony, email, or location services, and with the addition of PIN entry screen scrambling to randomise the layout of the numbers, the deletion of all information on the phone if a specific PIN is entered, and the option for the automatic deletion of all information if unused for a specific period of time.
The app was opened by entering a specific calculation within the calculator app, described by the developer of GrapheneOS as "quite amusing security theater", where the messaging app then communicated with other devices via supposedly secure proxy servers, which also – unbeknownst to the app's users – copied all sent messages to servers controlled by the FBI. The FBI could then decrypt the messages with a private key associated with the message, without ever needing physical access to the devices. The devices also had a fixed identification number assigned to each user, allowing messages from the same user to be connected to each other.
About 50 devices were distributed in Australia for beta testing from October 2018. The intercepted communications showed that every device was used for criminal activities, primarily being used by organised criminal gangs. About 125 devices were shipped to different drop-off points to the United States in 2020.
Use of the app spread through word of mouth, and was also encouraged by undercover agents; drug trafficker Hakan Ayik was identified "as someone who was trusted and was going to be able to successfully distribute this platform", and without his knowledge was encouraged by undercover agents to use and sell the devices on the black market, further expanding its use. After users of the devices requested smaller and newer phones, new devices were designed and sold; customer service and technical assistance was also provided by the company. The most commonly used languages on the app were Dutch, German and Swedish.