• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Law Enforcement Agencies Went the Extra Mile with An0m

June 15, 2021 By Josh Stuifbergen

In an operation headed by the US Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP), international law enforcement agencies managed to gather 27 million encrypted messages used for criminal communications, through an elaborate operation that involved development and distribution of a custom communications application for  modified phones.

Unsurprisingly, organized crime groups take extraordinary measures to avoid detection. For example, criminals will purchase customized phones that are solely modified for secure communication. The law enforcement agencies took advantage of this by creating an underground business selling communications software for these modified phones. These phones intentionally disabled normal functionality, such as making calls or texts, and instead installed the encrypted chat platform An0m which was secretly under the control of these agencies. Along with purchasing the phone, criminals had to pay a $1,500-2,000 6-month subscription to use the service.

While the app did provide encrypted communications as-advertised, as the criminals were going about their business a copy of their messages was being delivered to the security agencies “iBot” server. The system involved attaching a master key to each message so it could then be unencrypted and stored. Afterwards, it was re-encrypted and delivered to the intended contact.

The agencies began distributing the customized phones to buyers in 2018. The operations ultimately reached more than 100+ countries, over 300 criminal groups, and involved 12,000 encrypted phones.

The success of this operation was initiated through word-of-mouth and trusted relationships. An individual had previously built encrypted criminal chat platforms. They were recruited by the security agencies (in return for a reduced sentence) to create the An0m platform. The individual used their trusted distributor connections to get the phones onto the market.

Are there lessons to be learned from all of this (besides ‘don’t be a criminal’)? Distributor relationships and supply chain integrity are fraught with potential security lapses. While the distributor believed they had a good product based on experience with the seller, they fell into a reasonable trap of trusting the individual based on prior exchanges. Trust and good reputation are invaluable when navigating the black market. It is important to ensure that a trusted connection is checked on a reoccurring basis. The problem is, it is hard to have your pulse on every single update and change that comes into your security environment.  Just look at the SolarWinds hack for a prime example.

Share This:

Related

Filed Under: Editorial Articles Tagged With: AFP, An0m, FBI

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use