An elusive Australian fugitive is a dead man walking and over 200 organised crime figures are behind bars after a three-year FBI-Australian Federal Police (AFP) sting came to a dramatic end this month – and it all started with a secure mobile messaging app and, in the time-honoured Australian tradition, “a couple of beers”.
The app in question, called AN0M, was designed to provide encrypted communications between modified smartphones that had been stripped of GPS, microphones and cameras to make their users completely untraceable.
It was straight out of the playbook of the cybercriminals targeted in the FBI’s 2018 Phantom Secure takedown, which dismantled a Canadian venture that was making around $10m ($US8) per year selling similar phones to what became a network of 20,000 criminals worldwide.
Rebranded as Operation Ironside – a nod to the World War II misinformation campaign in which false invasion plans were fed to Germany by double agents – the plan was said to have been hatched over friendly drinks as investigators spitballed ways to fill the hole left by Phantom Secure’s closure.
The FBI had been developing the AN0M app with an eye to embedding its agents within criminal networks – but it took the involvement of the AFP to kick off a series of events that led to the first phones being pushed into the market in late 2018.
Seeded by police informants fed to criminals like Turkey-based Australian criminal Hakan Ayik, the devices were soon being distributed throughout the global criminal underworld – with 1,650 Australians and 11,000 global users ultimately using the phones for everyday communications.
Investigators watched as their messages – which were encrypted but included a hidden decryption key that allowed authorities to see every message, photo, video, and voicemail sent across the network – permeated worldwide crime syndicates, where underworld figures openly talked about arms sales, planned executions, drug deals, and more.
When the hammer finally came down this month, the AFP executed around 500 search warrants, arrested 224 people including bikie gang members, and seized $44.9m in cash, 104 guns, and 3.7 tonnes of drugs.
The AFP also interrupted 20 murder plots, it said, “potentially saving the lives of a significant number of innocent bystanders”.
AN0M was publicly being lauded as “the most significant operation in policing history here in Australia” – but it was only one part of a global operation, called Trojan Shield, that saw even larger seizures and the arrests of over 800 people in 16 countries.
“Australia is a much safer country because of the extraordinary outcome under Operation Ironside,” AFP commissioner Reece Kershaw said, adding that the campaign “highlights how devastatingly effective the AFP is when it works with local and global partners, and takes its fight against transnational organised crime offshore.”
Criminal takedown or TOLA marketing campaign?
Yet as the dust settles and authorities anticipate the fallout from the sting, questions have quickly emerged about the speed with which the AFP and government have used its success as justification for Australia’s controversial Encryption Act (formally, the Telecommunications and Other Legislation Amendment (Assistance and Access) Act, or TOLA).
The announcement of the operation came just days after an Internet Australia analysis suggested that TOLA “has the potential to result in significant economic harm for the Australian economy”.
The AFP’s confirmation that Operation Ironside had relied on the interventionist powers provided by TOLA – “the encrypted communications... were decrypted from a platform covertly run by the FBI,” the agency said in announcing the project – was quickly seized upon as the beginning of even bigger things.
“We did use the TOLA passed in 2018 for the first time,” Kershaw said during the press conference announcing the operation. “The FBI had the lead on this [and] we provided a technical capability to be able to decrypt those messages.”
That revelation would seem to explain the controversial passage of TOLA on the last sitting day of 2018, after then-Home Affairs Minister Peter Dutton’s insistence that an “urgent” situation required the legislation to be pushed through as soon as possible.
That was just weeks after the FBI and AFP had started drip-feeding AN0M phones into criminal networks worldwide.
Yet authorities’ explanation for the use of TOLA didn’t sit well with some of the law’s opponents, who question why the authorities would develop an encrypted-messaging honeypot to collect evidence they weren’t able to read.
“There would be no reason for the FBO or the AFP to ask the manufacturer of the app to create a back door, because it seems like the entire device and the app was a back door,” Swinburne University senior lecturer in media and communications Belinda Barnet told The New Daily.
“We make no apologies for ensuring that our law enforcement authorities have the powers and authorities they need to stop criminal thugs and gangs,” Morrison said when asked whether the AFP “was able to do things that other countries were not legally able to do”.
Authorities “need these powers to be able to do their job,” he said, “and our government won’t shirk from that.”
The AFP will continue to push for stronger TOLA powers to help it crack down on illegal darkweb activity, Kershaw said, warning criminals that the agency would be “relentless” in its efforts to disrupt their activities – and suggesting that AN0M was essentially a proof-of-concept for future efforts to disrupt mainstream encryption apps.
“AN0M has given law enforcement a window into the level of criminality that we have never seen before on this scale,” he said.
“This was a small platform and we know that other bigger encrypted communication platforms are being used by offenders to carry out their crimes.”
“Encrypted comms and going dark on the dark web... is an absolute disgrace. For us, that’s a criminal marketplace that we can’t actually penetrate without that legislation.”
“We need to be a step ahead.”