You are here: 小蓝视频 School of International Service Centers Security, Innovation, and New Technology FBI Infiltrates Phones of Criminal Groups in Operation Trojan Shield

Government & Politics

The FBI鈥檚 Operation Trojan Shield: Infiltrating Criminal Groups through their Phones

By |

On 8 June 2021, the the conclusion of Operation Trojan Shield, in which for the past three years the Bureau had been . In its announcement, the FBI declassified significant operational details. This announcement was the culmination of a between the FBI and international police partners (such as the Australian Federal Police and EUROPOL) to use a confidential informant (CI) to distribute encrypted phones within criminal groups. The plan succeeded. While over 300 criminal syndicates around the world thought their phones were safe from surveillance, authorities were secretly monitoring all their communications.

Operation Trojan Shield had its roots in , an encrypted services company that provided phones to organizations such as the Sinaloa Cartel in the late 2010s. The phones enabled the Cartel to avoid law enforcement wiretaps and decryption efforts by using to coordinate their operations. In 2017, the But that gave federal officers an idea. During the investigation and prosecution of Phantom Secure, the FBI persuaded one of its employees to become a CI. Using this CI as the front person, the FBI set up a new company, called ANOM, using Phantom Secure-type technology to provide encrypted Google Pixel phones to criminal groups.听

Before the FBI could get the phones into the hands of criminals, however, the Bureau faced a major challenge to make ANOM look like a credible company so that criminals would choose its services over other companies. To do this, they to popularize the devices. Andrew Young, a former lead U.S. Department of Justice (DOJ) prosecutor on Operation Trojan Shield, outinely hack and disrupt each other to gain an advantage and discredit competitors. The FBI also had to ensure that ANOM looked like a credible criminal enterprise and market itself as such, while by other companies.听

The FBI also had to protect the general public. In order to keep them from purchasing the devices, the FBI placed constraints on who could buy them. It was important to make sure that ANOM did not accidentally become popular amongst journalists, businesspeople, or human-rights defenders, as the point of ANOM was for the government to secretly read and listen to communications. So the FBI that would only enable someone to purchase a phone if they had either a prior or current criminal relationship with the provider, or a strong enough reputation in the criminal world. As mentioned above, phone providers were influential well-known crime figures, whose positions were described in an as 鈥渋nfluencers.鈥 These criminal figures had reputations and experience in promoting mass adoption of specific encrypted devices. If they promoted the ANOM phones, or invited someone to purchase the device, it was seen as . The criminal invitations-only strategy also gave the phones an extra appeal of security, as it would be difficult for federal police to obtain invitations. The operational strategy in the surveillance net. But first the phones had to be made useful to law enforcement.

Before the phones could be circulated amongst criminal groups, the FBI in coordination with the Australian Federal police that hosted ANOM. This backdoor allowed law enforcement to see every text, photo, and video, and to hear every call that phone users made, all without their knowledge. Through a Mutual Assistance Legal Treaty, the FBI negotiated with a (still unidentified) third country to host the ANOM servers and reroute the messages back to the US. This was to , as the US has stricter legal requirements to intercept domestic communications than other countries do. It was preferable for the FBI to intercept the ANOM messages in a third country.听

In the end, the FBI decrypted and read more than . At the time of the joint operation鈥檚 public unveiling for prosecution and to the media, more than 800 arrests and thousands of seizures had been made in over 16 countries, disrupting Albanian organized crime, the Italian mafia, outlaw biker gangs, drug syndicates, and arms smugglers. In a press release, the DOJ , ranging from 8 tons of cocaine, 250 firearms, and more than $48 million in currency. The operation also dismantled more than 50 hidden drug labs. From 2018 to 2021, ANOM sold more than 12,000 phones to .

In addition to details provided by the FBI, more information has come to light as a result of ANOM Google phones being sold secondhand in Lithuania and Australia. News organizations such as Motherboard at Vice News have . An analysis of the encrypted phones revealed that there are two passcodes for each device--one that operates the regular phone functions and standard apps, and a second passcode accessed through a covert app, such as settings, clock, and calculator apps. By tapping on the secondary password portal, say, the calculator app, the user accesses a login screen, gaining entry to the secret encrypted communication service.

With so many specifics about how Operation Trojan Shield works made public, why ruin what seemed to be an opportunity for continued success? The FBI has said that among its was its sheer success, as well as wiretap authorizations coming up for renewal. But there may also be other reasons the FBI and its allies closed the operation. The first is pressure from international policing partners. Political pressures for a quick 鈥渨in鈥 may have led to the unveiling of operations and indictments. The FBI may also have feared exposing a vulnerable CI. Another possibility is that the FBI is sending a covert signal to criminal organizations, intended to influence their cost-benefit calculations of criminal activity. If criminals are aware that their encrypted devices can be easily breached and that law enforcement may be watching, they might decrease their schemes and violence or even abandon parts of their business altogether. This only works if the criminal organizations deem the costs of using compromised phones to be higher than the benefits of using them to conduct business.听

A key reason why this operation was possible and successful is that criminal organizations are . As a result, national police and intelligence services can easily exploit devices to gather intelligence and disrupt criminal activity. However, once an operation becomes public, what keeps criminal organizations from becoming wise to these tactics and selecting better encrypted, commonly available devices and services such as Signal or Telegram? No major shift in criminal behavior has emerged, but . By moving their communications into more widely used encrypted services, the operations of criminal groups would become of law-abiding users. To stay ahead of the criminals, the FBI must seek new innovative ways for future monitoring.

Operation Trojan Shield illustrates that the FBI and partnering organizations have found effective and creative methods to disrupt criminal activity and prevent groups from 鈥済oing dark鈥濃攊.e., shifting or ceasing communication to avoid surveillance. These solutions demonstrate that it is possible to disrupt criminal activity without having to build privacy-jeopardizing backdoors into platforms used by the public, such as iPhones. Whether this kind of operation can be replicated or not remains to be seen, but with evolving technologies the surveillance opportunities are also evolving. The FBI鈥檚 ANOM operation demonstrates the fine line between privacy rights and disrupting criminal activity. It need not be a false choice between law enforcement and privacy.听


About the Author:听

Nicholas is a听graduate student in the Global Governance, Politics, and Security Program, concentrating in global security. A graduate of Oregon State University, his main research areas of interest revolve around issues of misinformation and active measures operations, irregular warfare, and strategic power competition and the evolution of grand strategy in the 21st century.


*THE VIEWS EXPRESSED HERE ARE STRICTLY THOSE OF THE 小蓝视频THOR AND DO NOT NECESSARILY REPRESENT THOSE OF THE CENTER OR ANY OTHER PERSON OR ENTITY AT AMERICAN UNIVERSITY.

more_csint_articles