Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Australia

FBI and Australian Police Ran an Encrypted Chat Platform To Catch Criminal Gangs (therecord.media) 86

The FBI and Australian Federal Police ran an encrypted chat platform and intercepted secret messages between criminal gang members from all over the world for more than three years. From a report: Named Operation Ironside (AFP) / Trojan Shield (FBI, Interpol) on Monday, law enforcement agencies from Australia, Europe, and the US conducted house searches and arrested thousands of suspects across a wide spectrum of criminal groups, from biker gangs in Australia to drug cartels across Asia and South America, and weapons and human traffickers in Europe.

In a press conference on Monday, Australian police said the sting operation got underway in 2018 after the FBI successfully seized encrypted chat platform Phantom Secure. Knowing that the criminal underworld would move to a new platform, US and Australian officials decided to run their own service on top of Anom (also stylized as AN0M), an encrypted chat platform that the FBI had secretly gained access to through an insider. Just like Phantom Secure, the new service consisted of secure smartphones that were configured to run only the An0m app and nothing else.

This discussion has been archived. No new comments can be posted.

FBI and Australian Police Ran an Encrypted Chat Platform To Catch Criminal Gangs

Comments Filter:
  • Why do they tell how they did it? Now it won't work in the future.

    • Maybe the criminals already figured it out?

      • Um, when their messages were used as evidence against them, the criminals figured it out. Or they just read the Amazon reviews on the phones.
        • by ytene ( 4376651 )
          Depending on the jurisdiction, that may not be the case. For example, I’m pretty sure that in the UK it is possible for the prosecution to give evidence to a court that even the accused is not permitted to hear. The inference is that this might be evidence gathered using intelligence, or where parallel construction hasn’t been possible.
        • by vivian ( 156520 )

          it would have been better if the evidence was presented as being from a compromised device or encryption without going into the details of how it was compromised, and at least leave some doubt that the whole device and messaging app was a trojan from the very beginning.

          Having it publicly known that the software and phones themselves were all FBI trojans means that any future attempt at an operation like this will be much harder, if not impossible.

          The public doesn't need to know that this was how the operat

      • by Tablizer ( 95088 )

        Yes, but many criminals are dumb or careless. That's why they don't have a real job.

        • Re:STFU! (Score:5, Insightful)

          by arglebargle_xiv ( 2212710 ) on Wednesday June 09, 2021 @05:32AM (#61468592)

          It's also an endless cat-and-mouse game that's about as old as history. It'll happen again. And again. Also, by creating doubt about things that criminals care about, law enforcement are making things harder for them in general.

          As an aside:

          Dear FBI,

          You keep telling us that strong encryption will make catching criminals impossible, and yet here you have an unprecedented haul of caught criminals done via strong encryption. Please explain this discrepancy.

          Love,
          The general public.

      • Re:STFU! (Score:4, Informative)

        by Kernel Kurtz ( 182424 ) on Tuesday June 08, 2021 @03:56PM (#61467056)

        Maybe the criminals already figured it out?

        According to a commenter at SANS "Part of the decision to stop monitoring and making arrests was a blog posting (since deleted) detailing the behavior of the ANoM app, this March, which didn’t correctly attribute the backdoor to the FBI."

        https://www.sans.org/newslette... [sans.org]

        So maybe the criminals were indeed starting to figure it out, albeit slowly.

        • Re:STFU! (Score:4, Interesting)

          by ytene ( 4376651 ) on Tuesday June 08, 2021 @05:27PM (#61467288)
          Following the link and then reading the cached posting itself [available via a Google cache service] there are comments that criticize the An0m platform, for example it discusses the fact that the An0m handset doesn’t run a firewall by default.

          That’s bad enough, but the bit that caught my eye was the observation from the person testing the handset that it continued to chat to *Google* servers in the 5-eyes countries.

          I’ve no evidence to support this, but when I read that, I looked again between the lines and thought, ”Meh, the authorities have persuaded Google to host data collection services for compromised Android handsets using Google IP addresses. So if the criminals do investigate the phones, it’s going to look like telemetry or similar You know, a bit like all the “telemetry” that Windows 10 sends home”

          So difficult to know these days, given the lengths people are willing to go to.
          • Entirely plausible. Don't think they would even have to persuade Google of anything. I'm sure the FBI could use Google's cloud services posing as a regular business customer without needing to explain what they are doing at all.
          • > Iâ(TM)ve no evidence to support this, but when I read that, I looked again between the lines and thought, âMeh, the authorities have persuaded Google to host data collection services

            You can convince them to host your web service too.
            For free. It's called the F1 micro on Google cloud.

            https://www.opsdash.com/blog/g... [opsdash.com]

    • It will always be relatively simple to catch stoopid criminals. By definition, they do stoopid things.

      If it isn't using "encryption" without actually understanding encryption, it will likely be something else.

    • Re:STFU! (Score:5, Insightful)

      by Z00L00K ( 682162 ) on Tuesday June 08, 2021 @02:03PM (#61466708) Homepage Journal

      Well, now the criminals can't trust any encryption. That means that it can slow them down quite a bit for a while.

      Meanwhile most of the ransom for the pipeline ransomware is also recovered, which likely means that it's possible to track Bitcoin.

      Governments may be slow, but they can be relentless in pursuing their targets if they really want.

      • Well, now the criminals can't trust any encryption. That means that it can slow them down quite a bit for a while.

        Perhaps. Perhaps not.

        Meanwhile most of the ransom for the pipeline ransomware is also recovered, which likely means that it's possible to track Bitcoin.

        Meanwhile...the FBI, had the private key.

        Governments may be slow, but they can be relentless in pursuing their targets if they really want.

        Yes. Exactly. So perhaps don't be so quick to dismiss BTC integrity just yet. I'm certain the FBI can get a hell of a lot out of someone with a $5 pipe wrench too. You know, like a private key that was used to (not) crack BTC...

        • Yes, I agree. This is my statement to people talking about encryption: A human skull is much cheaper and easier to crack, than encryption.
        • Re:STFU! (Score:4, Insightful)

          by Anonymous Coward on Tuesday June 08, 2021 @02:40PM (#61466816)

          Anyone can track Bitcoin transactions from wallet to wallet. The paydirt is that the LEOs know which wallets to watch and can follow the trail. Tainted Bitcoins are a big thing, and even tumbled coins just mean more tainted coins that currency exchanges will not accept. You might be able to find an individual to trade, and maybe an escrow service so you can do a multisig transaction so the other party doesn't rob you blind when trading to something like XMR to the ill-gotten gains. However, all it takes is one bit of info to tie the wallet to a person, and the blockchain will do the conviction for the prosecutor from there.

      • which likely means that it's possible to track Bitcoin.

        Of course it's possible to track bitcoin. Bitcoin is predicated on the fact that currency can be tracked. If you're talking about recovering bitcoin however you should note that the FBI got access to the ransome gang's bitcoin wallet's private key. This likely through either a hack on their computers or by paying someone off.

      • If it's encrypted but not open source, the FBI has compromised it.

      • You're right, in the short term. But criminals have a very short memory. I'll wager they quickly latch on to some new encryption system that purports to "fix" the problems they had with Anom.

        Criminals by definition have trouble with logic. They think that they are somehow so superior to other criminals, that they will escape getting caught. Even the lucky ones that do "beat the system" still have damaged and dysfunctional relationships that are a natural consequence of living a lie. In one form or another,

    • Re:STFU! (Score:5, Insightful)

      by DRJlaw ( 946416 ) on Tuesday June 08, 2021 @02:12PM (#61466730)

      Why do they tell how they did it? Now it won't work in the future.

      One of the pesky problems with U.S. law is that you have to authenticate your evidence (demonstrate that it is what it purports to be, including how you obtained it) and there's a constitutional right to confront and question your accuser, meaning the people who obtained the evidence against you in the first place.

      You could make these disclosures piecemeal per defendant, but it's not a good look, word gets out anyway, and it's a lot of extra effort. Also, the disruption that comes with "your next top secret criminal communications provider could be a front" is bonus that you might as well exploit.

      • There are definitely different goals and requirements for a law enforcement operation versus a spying operation. Ultimately, this was law enforcement, rather than spying.

        To Tablizer's point, if this had been spying, then they would not have revealed the methods. At least, not on purpose.
    • Oh, it will work in the future. The criminal gangs aren't going to risk insecure communications because it leaves a trail. I'm surprised the FBI and CIA haven't been doing this for a much longer time.
      • by shanen ( 462549 )

        Current end of the FP branch. Not too impressive as discussions go, but I'm always hoping for more depth.

        Regarding your [DaveV1.0's] specific reply, you're looking at it sideways. The planting of insecure communicates apps has to take place in the past and the results will be harvested in the future. Except for the results that have already been harvested, per the story. That's why the FP itself misses the point so badly. The FBI has to make the arrests at some point, and when they make the arrests they hav

    • They arrested and charged people. In civilized nations, the government has to show all evidence it uses and where they got it in a court case.

      They had to reveal it or they could not get convictions.

    • The only surprise is that anyone trusted it to begin with.

    • Why do they tell how they did it? Now it won't work in the future.

      They have to in order to use it for evidence. So once they start going to court with it it will all come out.

      Apparently (if I got it right through the popularization filter of another article on it I read a couple hours ago):
      - Some legal time limits on how long some of the participating law enforcement operations were allowed to tap communications were about to expire, and
      - They needed to do a bust now to head off some big cr

    • There is an article in VICE with more detail, including a court document that was unsealed on June 7th. During their investigation they made an agreement with a so far undisclosed country in which they established a server that would receive a copy of all messages sent through the network, and those messages were in turn replicated to the FBI servers. That agreement also ended on June 7th, so by now the servers must be in the process of being shot down. The existence of the unsealed court order, and the e
    • 90 countries worth of arrests.

      Most of them with juristictions that allow discovery from defence. It wasn't going to be secret for very long.

      Regardless, the FBI needed to disclose due to its prosecution briefings since the US is *absolutely* one of those countries where your entitled to know what the evidence before you is.

    • https://www.zdnet.com/article/... [zdnet.com]

      The FBI's fuckup in keeping the evidence clean and legal resulted in very lenient sentences for having, hosting, and distributing CP involving bestiality and sadism, which is considered the "worst" form of it. If they didn't, then all these criminals would walk free.

  • This is the kind of law enforcement technique that should be used when faced with end-to-end encryption. It proves that there is no need for backdoor and how even "unbreakable" encryption systems can be compromised
    • by Junta ( 36770 )

      This wouldn't really work with a good E2E system.

      It works if the 'encryption' is just TLS to the chat server, meaning that it's only encrypted on the wire, and thus whoever owns the servers has the data.

      It can work on E2E only if the platform in question 'helps' the users distribute keys and substitutes their own key to be man in the middle, and the platform skips any sort of key validation. For example, an E2E crypto client will generally show both parties some derived set of emojis or whatever, and a key

      • This wouldn't really work with a good E2E system.

        They said that the end-to-end encryption was perfectly fine and secure. Except that besides sending the end-to-end encrypted message, the app sent a second message straight to the FBI, encrypted with the FBI's private keys. So other than the intended recipient and the FBI, absolutely nobody could read the messages.

        • by Junta ( 36770 )

          The title of the previous post said they've proven they don't need backdoors.

          However, here they explicitly had a backdoor. The application was made to backdoor your message to the FBI.

  • Everything works once.

    • Re: (Score:3, Interesting)

      by Tablizer ( 95088 )

      Reminds of a high school basketball team who filled their team with track stars. As soon as they got the ball they'd race to the other end of the court before the other team could catch up. They were not very good at defense but great on offense because they outran the opponent. They kept winning high in the playoffs until other teams did better conditioning in order to keep up with them specifically.

      • That sounds like one of those 1950s black and white Disney sports movies.

        • by Tablizer ( 95088 )

          The flicks like that I remember is where either an invisible player tipped the ball back in, or they had super-rubber shoes that allowed them to jump high.

    • Honey pots work over and over and over again. Just modern applicable versions of honey pots. Its not like criminals have a documented lessons learned network or look into how government agencies captured previous criminals. LOL.
      • That's why you got to watch out for those old people. They've seen all this before so it's not nearly as surprising to see it come around again. Heck, by 40 you can spot repeating trends that have occurred during your own life.

        This is why politics can be so infuriating. We have had some "problems" for decades. Why the heck can't we "fix" these terrible "problems"? You eventually realize no one actually wants to change anything because in some way it benefits them. It's sickening after a point. The corruptio

    • No. It will work a million times. Because people don't read the source, and surely don't even bother reading the changelogs. The FBI could have literally put in the changelog notes "Ok, in this version we started sending traffic to the FBI servers" and the average idiot would have been clueless. Read all of the source, and whenever you update, read the diffs and read the changelogs. Maybe this is a high bar to jump, but it's the only way to know what you're running.
  • The biggest criminals run the governments' cloud services.

  • Sow enough doubts so that criminals start distrusting all encrypted channels. Does not matter what the true tracking method is. Just keep saying the most secure platforms were the ones responsible for the leak. Criminals would abandon the tough platforms and migrate to easier to crack platforms. Well done.
  • Maybe they could have hacked the servers that download Signal to send out a backdoored version. Of course, this would leave all sorts of innocent bystanders vulnerable. What is the legal status of this?

    • Why would you run an app with closed source and assume it does what it says it does? LOL. Read the source.
    • by freax ( 80371 )

      Signal has reproducible builds:

      https://signal.org/blog/reprod... [signal.org]

      This means you could verify the binaries against the source code cryptographically.

      A criminal using something like Signal could of course do that for every binary he/she installs.

      Unlikely they will do that. But they could.

  • by Ungrounded Lightning ( 62228 ) on Tuesday June 08, 2021 @03:42PM (#61467002) Journal

    It was a closed-source black-box proprietary encryption system.

    As we've pointed out time and again: You can't trust it if you can't check it. Your security is totally at the mercy of the system's authors and operators.

    But crooks are apparently no smarter than Pointy Haired Bosses. (Thank goodness.)

    • Mod up. Part B would be Australian Police had a public key, and the FBI did NOT. That way FBI could testify they knew nothing about any interceptions, and not have to disclose anything, a bit like Five eyes, but dumbed down so the cops could feast on ill-gotten intercepts that bypassed judicial oversight. There are plenty of CVE's for mobiles, and plenty of people who have bootloader unlockers. This means old fashioned standalone encryption is the gold standard, although Jimmy Carter said put it in a envelo
    • I'm not sure open source code would have thwarted the FBI's sting. Unless you build the binaries from source yourself, how can you be sure that the thing you just installed on your phone, matches the source code you examined? Of the thousands of these devices that were used, how many would have had the expertise to examine the source code for flaws or back doors?

      Remember Heartbleed? https://en.wikipedia.org/wiki/... [wikipedia.org] That was open source software, yet it was used for years before people knew of its fatal sec

  • Did they get individual warrants for each of the accused and then only intercepted their comms?

    In theory they could map the social graph and then seek additional warrants from there?

    That many of us would assume they skipped the warrant process altogether is probably a bigger problem in the long term than whatever these people are convicted of.

    If so and the Courts give them a pass then they've achieved more than any convictions, even if all the charges are dismissed.

    • Re:Warrant? (Score:4, Interesting)

      by istartedi ( 132515 ) on Tuesday June 08, 2021 @05:06PM (#61467244) Journal

      It seems like there's a good chance the defense will make that argument. It might be a bit like Stingray [wikipedia.org], only more aggressive since it's actually collecting data. OTOH, they knew they were using the service--just not that it was a government service. It doesn't look like entrapment, since people weren't actually induced to carry out illegal activities--unless it was pitched as such and the agents actively encouraged people to carry out crimes using the service; then it'd be entrapment too, right?

      I couldn't find any SCOTUS rulings on Stingray, and that's been out for a long time already.

      Mark the post and remind me in... 10 years.

      • Almost correct. All they needed was a 'reasonable grounds' for a warrant and one item 'Money, Drugs, Gun,'Overseas Intelligence tip off of class x illegal activity' etc' . They do the raid, and say find all three. The defense lawyer can bicker over one item - maybe later, after their seized phones are forensically examined and cross linked - so getting more contacts that can be expect to be snared real soon now. However the other charges / conviction will stand up on the other two items and the police can u
    • What was there to intercept? What they did was equivalent to organizing drug deals in a PD's interrogation room.

  • This is an example of how a targeted operation against a group of miscreants should work. Criminals are in general not the smartest souls and this operation takes advantage of the fact that they want to use technologies they don't understand and can't make themselves, if you look at the pictures of the raids most are just muscled up thugs and gym junkies not savants.
    By the same token, when policing agencies ask for the right to decrypt all communications, what they're really saying is that "I don't understa

  • Out with the Chinese, in with the Ciscos.

  • I'd lay good money that they already have V2.0 already in place, remember there is no mitigation for stupid and lazy. Cream off the the most lazy, most stupid and get good headlines every couple of years. The less lazy, less stupid will be wise to this approach.

  • If the governments are compromising communication and they (as they often have in history) go corrupt, it means ordinary/decent people are at a disadvantage.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...