The FBI covertly ran an encrypted communications platform for years that allowed it to intercept 20 million messages from international criminal organizations. Hundreds of arrests have been made across 18 countries as part of the investigation known as Operation Trojan Shield. Suspects, including members of the Italian Mafia and outlaw motorcycle gangs, are among those that have been charged. Australian Police, who helped conceive the sting, have arrested 224 offenders and seized 3.7 tonnes of drugs and $44.9 million in cash and assets.

The crackdown was essentially borne out of the demise of a popular encrypted phone service, known as Phantom Secure, according to newly unsealed court documents. After that enterprise was shut down and its CEO arrested in 2018, the FBI used a “source” to peddle a new app, dubbed “Anom,” to criminal networks. Unknown to those who used the devices featuring the platform, the FBI had built a master key into its encryption system. This allowed agents to surreptitiously monitor each message and enabled them to decrypt and store messages as they were transmitted.

Over the following months, the app organically grew on the back of a “beta test” in Australia and the dismantling of two additional encryption phone enterprises, Encrochat and Sky Global. The FBI’s supply-side “source” used this window to distribute Anom devices to criminals who had used those now-defunct messaging channels. The phones grew in popularity within the underworld after high-profile criminals vouched for the app’s integrity, Australian Police noted.

“These criminal influencers put [law enforcement] in the back pocket of hundreds of alleged offenders,” Australian Federal Police commissioner Reece Kershaw said in a statement. “Essentially, they have handcuffed each other by endorsing and trusting AN0M and openly communicating on it – not knowing we were watching the entire time.”

Overall, law enforcement have catalogued the aforementioned 20 million messages from a total of 11,800 devices located in over 90 countries. Breaking down the surveillance process, the FBI said that phones outside of the US routed an encrypted BCC of the message to an “iBot” server. From there, it was decrypted from the encryption code and then immediately re-encrypted with FBI encryption code. The message was then routed to a second FBI-owned iBot server, where it was decrypted and its content made available for viewing.

Each Anom user was also assigned to a particular Jabber Identification (JID) by the FBI’s supply-side source or an Anom administrator. A JID is akin to a PIN in Blackberry Messenger, according to the documents, which describe it “as either a fixed, unique alphanumeric identification or, in the case of more recent devices, a combination of two English words.” Anom users were also able to select their own usernames and could change their list of usernames over time. As part of the operation, the FBI maintained a list of JIDs and corresponding screen names of Anom users.

In all, roughly 9,000 Anom devices are currently active in the wild. According to the FBI, it has identified over 300 transnational criminal organizations using the chat platform. The Australian Police, which helped intercept local messages, said the communications included alleged plots to kill, mass drug trafficking and gun distribution. Additional offenders include those linked to an Asian crime syndicate and Albanian organised crime. Meanwhile, New Zealand Police have made 35 arrests and seized $3.7 million in assets as part of their interlinked operation.