An Inside Look at Operation Trojan Shield How the FBI Crafted an International Encrypted Messaging Sting
by Jayson Hawkins
Ever since smartphones became indispensable to everyone, including criminals, police have been working to snoop into the wave of electronic communication these devices facilitate. From searching phones to hacking emails, agents of governments everywhere have done their best to leave no stone unturned. Despite these efforts, criminals have continued to adapt and elude police snooping.
One of the chief methods used to escape prying eyes is the creation of “hardened devices” bought from black market dealers. These devices have been stripped of all functions except the capacity to send and receive encrypted messages to other phones on the same network. To overcome this method, the FBI along with police from Australia and the European Union decided to pursue an unexpected course—they altered and distributed the phones themselves.
The audacious plan was actually rather straight-forward in its conception and execution. In 2018, the FBI shut down a criminal messaging network called Phantom Secure. The informant who was critical to that operation was also involved in the development of a new generation of encrypted devices, and he subsequently gave the prototype of the new device, called Anom, to the FBI. It is unclear if the idea to distribute these devices to replace Phantom Secure began with the informant or the FBI, but after an initial testing phase, the police distributed over 12,000 devices across 100 countries and 800 criminal organizations in what they dubbed Operation Trojan Shield.
The Anom devices possessed only one working app—the encrypted messenger, which was disguised as a calculator. The police attached a hidden routine within the app to send a copy of every message to a third-party server, which then forwarded the communications to the FBI.
For his efforts, the informant was paid $120,000 a year, plus expenses, and is eligible for a reduced sentence for his role in Phantom Secure. This informant has not been identified.
Over the three years Trojan Shield was up and running, police gathered an enormous intelligence haul totaling over 27 million individual messages. According to Jennine van den Berg, chief commissioner of the Dutch national police, Anom had “a good reputation among criminals. They mutually promote it as the platform you should use for absolute reliability.” The confidence criminals had in Anom led them to message openly about smuggling operations and money transfers.
In May 2021, the Australian police needed to move decisively to disrupt several dangerous criminal operations, and despite multiple arrests having already been made as a result of Trojan Shield, police knew this operation would expose what had been going on. As a result, the FBI, Europol, and Australian Federal Police moved in the first week of June in a sweep to arrest all the suspects Trojan Shield had provided evidence against. More than 800 arrests were made in a single week, and police confiscated 32 tons of illegal drugs, 250 guns, 55 luxury cars, and over $48 million in cash and cryptocurrency. Significantly, among those arrested were 17 individuals charged with distributing Anom devices to criminal groups.
Operation Trojan Shield not only highlights the extraordinary lengths police will go to in order to breach the encrypted communications of people they are investigating, it also shows that police, especially the FBI, are not nearly as behind technologically as their public posture often suggests. Anom was seen in the criminal world as cutting-edge technology, and because law enforcement was critical to developing the Anom key, it is difficult to imagine police as perpetually one step behind their adversaries.
A second revelation of this operation was the integrated global nature of the networks that distributed and used these devices. The Anom devices were spread to every corner of the world and offer compelling proof that borders are of little matter to criminals.
One issue of concern with respect to Trojan Shield is the possibility of similar tactics being used to monitor protest groups who regularly encrypt communications. The whole operation opens a new area of surveillance, and it is unclear how police and courts will define probable cause in this emerging field.
Sources: nymag.com, rollingstone.com
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login