‘Every message was copied to the police’: the inside story of the most daring surveillance sting in history
The rain pattered lightly on the harbour of the Belgian port city of Ghent when, on 21 June 2021, a team of professional divers slipped below the surface into the emerald murk. The Brazilian tanker, heavy with fruit juice bound for Australia, had already crossed the Atlantic Ocean, but its journey wasn’t halfway done as the divers felt their way along the barnacled serration of its hull. They were looking for the sea chest, a metallic inlet below the water line, through which the ship draws seawater to cool its engines. Tucked inside, they found what they were looking for: three long sacks, each wrapped in a thick black plastic bag and trussed with black and white striped nautical rope.
The sacks were heavy. Each one weighed as much as a sheep and, shaped like a body bag, could feasibly have contained one. As the Belgian police opened the first bag, a stack of crimson bricks slid out. Had this cargo reached Australia, where high demand and meagre supply has pushed the price of a kilo of cocaine to eight times its equivalent cost in North America, the haul would have been worth more than A$64m (£34m).
Smuggling tens of millions of dollars of class A drugs across the ocean requires total secrecy and a significant amount of international logistical coordination. But the police knew about the alleged plot thanks to intelligence gleaned from a device that had, since its launch in 2018, become something of a viral sensation in the global underworld.
An0m, as it was called, looked like any off-the-shelf smartphone, a polished pebble of black glass and aluminium. The device had been modified to remove many of its core functions. An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet.
Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone’s calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled.
Users’ confidence in An0m was, it seemed, bolstered by some novel functionality included on every device. In the past, phones marketed to hyper security-conscious users were sold with the option to remotely wipe the device’s data. This would enable, say, a smuggler to destroy evidence even after it had been collected. To counter the ploy, police investigators had started to use Faraday bags – containers lined with metal that would prevent a phone from sending and receiving a kill signal. The An0m phone came with an ingenious workaround: users could set an option to wipe the phone’s data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker’s voice.
An0m was marketed and sold not so much to the security conscious as the security paranoid; its embedded suite of anonymising digital tools went far beyond the requirements of the average user. According to Australian police, it was the ideal telecommunications channel to arrange the safe passage of A$64m of cocaine across the world. An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 – 19.37m of them – had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.
On 7 June 2021, more than 800 arrests were made around the world, all of people who had in some way fallen under suspicion thanks to a treacherous device that sent information into the hands of the AFP. In Belgium, two weeks later, the divers did not have to hunt for the sacks of cocaine for long; they already knew precisely where to look.
Operation Ironside (or Operation Trojan Shield, as it was known in North America and elsewhere) was the largest coordinated law enforcement effort in Australian history. Commander Richard Chin, head of transnational operations in the AFP, had taken to calling 7 June, the day when their work would be realised in a series of searches and arrests involving 4,000 Australian officers, “Big Bang”. If all went to plan, it would be a moment with the potential to reshape the criminal world.
Local police forces began to make arrests at 2pm. Chin, the son of immigrants from Brunei, whose mother had pleaded with him not to pursue such a dangerous vocation, is quietly spoken and assiduously private, a born watcher. During Big Bang, he paced his operations room in the AFP’s national headquarters in Canberra, feeling a complex blend of relief and apprehension. Relief because it had required enormous effort to keep Operation Ironside a secret from his wider colleagues. And apprehension because, after 18 months of planning, this was the moment of reckoning, the climax of an unprecedented scheme of imagination, daring and legal complexity, involving law-enforcement agencies from 16 countries. “Every intervention had required a careful assessment of tactical risk,” Chin recalls. Success would, he believed, not only remove violent criminals from the streets, but also help establish precedents for police working at the frontiers of modern technology. If the convoluted legal underpinnings of this mass surveillance operation were to collapse, criminals could gain an advantage that would take years to win back.
During the months leading up to Big Bang, Chin and his team had been able to watch this torrent of information flow toward them, like a thousand wiretaps chirruping simultaneously. The AFP claims it tracked only criminals on the platform (an assertion that, until every collected message has been read and assessed, cannot be confirmed with absolute certainty). Big Bang’s targets constituted a diverse array of underworld figures: Italian mobsters, stud-jacketed bikers, neighbourhood drug barons. Their alleged crimes ranged from drug trafficking to money laundering to attempted murder. What they had in common was their choice of texting app.
The scheme was seeded 10 years earlier, in Vancouver. There, in 2008, Vincent Ramos, a young entrepreneur who started out as a bathtub salesman before progressing to smartphones, founded Phantom Secure, a telecoms company that promised users absolute privacy. It was a prescient selling point. After years in which data has been endlessly mined, the idea that users of technology now want to avoid online surveillance is widespread in Silicon Valley; Mark Zuckerberg, founder of Facebook, recently pronounced: “The future is private.” In 2008, however, both the sentiment and the technology that enabled secure communication were niche concerns.
In contrast to An0m’s bespoke technology, Phantom Secure’s phones were off-the-shelf BlackBerries modified to remove the camera, microphone and GPS tracking software, and installed with a remote-wipe feature. Every message sent from one device to another was encrypted and routed through servers in Panama and Hong Kong. To build word-of-mouth interest in his new product, Ramos offered free devices to high-profile “influencers” – rappers and athletes for whom privacy was a primary concern. For paying customers, the seemingly basic functionality came at an exorbitant cost: according to court documents, a Phantom Secure phone and subscription could set you back as much as $2,000 for a six-month contract. It was a fair price to pay, Ramos assured prospective clients, for total discretion.
On the company’s website, Phantom Secure phones were marketed to the “sophisticated executive”. While it was company policy not to collect the names of clients, Ramos soon became aware that his customers were not, in fact, legitimate businessmen, but criminals drawn by the promise of a means to communicate with one another beyond the reach of law enforcement. Ramos made no checks on his clientele. He did not believe it was his responsibility to moderate how his phones were being used. He was a mere humble salesman of aftermarket BlackBerries – albeit one who drove a Lamborghini, owned properties in Las Vegas and Canada, and had a net worth of $10m.
In 2015, the San Diego office of the FBI began investigating Owen Hanson, a musclebound former University of Southern California American football player who, after his real estate business collapsed during the 2007 economic crisis, had turned to drug-trafficking. Hanson was a Phantom Secure customer. An undercover FBI agent gained Hanson’s trust and, eventually, was given his own Phantom Secure device. Hanson idolised Hollywood gangsters (his username on the Phantom Secure app was “Don Corleone”), had a silver-plated AK-47 in his office stamped with the Louis Vuitton logo, and owned a restaurant with a backroom he referred to as the “wise-guy room”. He was not overly cautious about concealing his criminal undertakings in public, let alone on a device that promised ultimate privacy. In acquiring its first Phantom Secure phone, the FBI had gained access to the criminal equivalent of WhatsApp: a messaging service filled with accumulating piles of digital evidence.
Much of Hanson’s business was conducted in Australia, a country that had become popular with international organised crime gangs due to the high mark-up on illegal drugs. (“Australians are known to pay extremely high prices,” a spokesperson for the AFP says. Despite the Covid pandemic, in 2020 the AFP identified a 22% increase in the total weight seized of methamphetamine, cocaine, heroin and MDMA.) By the time of Hanson’s arrest, which took place in the car park of a Park Hyatt Golf Club in Carlsbad, California, in September 2015, he regularly shipped cocaine to Australia for $175,000 a kilogram. Two years later Hanson was imprisoned for 21 years and three months on charges of drug trafficking and racketeering. The logistics were planned on Phantom Secure phones, devices that had come to dominate the Australian criminal market, where high-level traffickers like Hanson demanded anyone with whom they did business also use a device.
The FBI now began a two-and-a-half-year joint venture with the AFP, known as Operation Safe Cracking, to infiltrate the wider Phantom Secure network, which was embedded in countries across the world. With the help of one of Phantom Secure’s distributors – an individual who had agreed to become a confidential human source, passing information to law enforcement – the FBI arrested Ramos in early March 2018. They offered him a deal: the possibility of leniency in sentencing if he agreed to place a backdoor in the Phantom Secure network to allow law enforcement to monitor criminal communications. Either because of a lack of technical knowhow, or fear for his safety, Ramos refused, and pleaded guilty to running a criminal enterprise, a charge for which he was sentenced to nine years in prison. Without an “in”, the FBI was left with no choice but to shut down the Phantom Secure servers, raiding dozens of offices and assuming control of more than 180 associated web domains.
The disappearance of such a well-embedded encrypted platform left a major gap in the market, a gap that presented law enforcement with an unprecedented opportunity. Agents reasoned: what if, rather than attempting to infiltrate an existing encrypted phone network, we built our own?
To launch a desirable encrypted phone product, the AFP and FBI not only needed to think like a tech startup, they effectively had to become a tech startup (it remains unclear which of the international agencies took the leading role in masterminding and developing the operation). The aim was to create word-of-mouth, albeit within a single, highly specific demographic. This required the marketing of exclusivity: a downplaying of public presence to create an aura of discretion and selectness. “We positioned ourselves as a small, bespoke brand coming into the organised crime marketplace,” says Chin. The aim was to assure prospective clients of the product’s “security, privacy and anonymity”.
The An0m application and the bespoke operating system on which it was run, called ArcaneOS, according to a Vice report (the AFP would not confirm this detail and the FBI declined to comment), was provided by a former distributor of the Phantom Secure phones, whom the FBI recruited in 2018 in exchange for the possibility of a reduced sentence. The confidential source was paid $180,000 by the FBI in salary and expenses, and built “a master key” that, the FBI explained in court documents, “surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted”. Every message sent via An0m was effectively BCC’d to the police.
To gain the trust of criminal networks, the AFP introduced a pilot scheme: in October 2018, agents passed 50 An0m devices to three trusted distributors in Australia. The plan was that these distributors, believing An0m to be the next generation of Phantom Secure, would vouch for the device’s security and begin selling them to organised criminal gangs. “An0m needed to be used and tested, shown to have useful functionality, then very slowly, like any other brand, it could take market share by building a network of people who like using it,” says Chin.
The AFP began a grassroots marketing campaign, identifying so-called influencers – “well-known crime figures who wield significant power and influence over other criminal associates”, according to a US indictment – within criminal subcultures. They could raise the profile of the An0m devices, in much the same way that brands collaborate with popular figures on social networks to increase awareness of their products.
In Australia the AFP targeted two key individuals: “Mafia Man”, an individual with alleged links to Italian organised crime in Australia, whose endorsement of An0m, Chin says, “brought a lot of credibility”, and Hakan Ayik – now known as Hakan Reis – a 42-year-old member of the so-called Aussie Cartel, a gang responsible for smuggling an estimated $1.5bn of drugs into Australia every year.
Reis, cartoonishly musclebound and often photographed topless and flexing, had fled Australia in 2010 to avoid arrest, and became An0m’s first official user and influencer. His unwitting support of the AFP’s efforts directly resulted in the arrest and charge of many criminal associates, Chin says. AFP Supt Jared Taggart told the Australian Daily Telegraph: “It’s like a family tree – you could probably trace almost all devices back to him.” (Reis is currently a fugitive believed to be hiding in Turkey; the AFP has expressed “significant concerns for the safety and welfare of [his] wife and two children”.)
As soon as An0m devices were in the wild, the AFP began to receive and decipher messages sent via the app. “On a daily basis, we were receiving messages about drug distribution, drug importation into Australia and elsewhere,” says Chin. Some users felt so confident in its security that, in many cases, they dispensed with all euphemisms, naming specific drugs and weight measurements. “If they were talking about money, they’d describe the exact amounts. These were not coded conversations, they were black and white,” says the AFP’s assistant commissioner, Nigel Ryan.
(Not all communications on the platform were, seemingly, as explicit as Ryan suggests; lawyers for one defendant who is accused of conspiring to commit murder, assert that the case is “actually built on a very shaky foundation” and that “not a single message… or conversation” supports the case.)
An0m’s success in Australia was soon replicated overseas, with distributors in Spain, Turkey, the Netherlands, Finland, Mexico and Thailand, as well as, allegedly, at least one British citizen, James Flood, believed to be living in Spain. Soon there were as many An0m phone users in Germany, Spain and the Netherlands as there were in Australia. As An0m’s reach expanded to 12,000 devices in more than 90 countries, the operation’s net was forced to expand accordingly.
While Chin and his staff had unprecedented access to millions of messages, the operation quickly revealed the care and sophistication with which major criminal organisations run their communication policies. Gangs would compartmentalise activities using assorted brands of encrypted devices. Members involved in smuggling drugs into a port might use An0m devices, while those involved in the distribution of those drugs employed a rival service, such as Sky Global, EncroChat, or MPC. The idea was to protect separate parts of the operation if one group or set of devices became compromised.
The decoded messages presented the AFP with a pressing ethical dilemma: when to interfere to prevent a single planned crime and risk compromising the wider operation, and when to allow crimes to take place, preserving the integrity of the wider operation. Eventually, the AFP decided to intervene primarily in instances where there was a “serious chance someone might get killed”, Chin says. During the 18 months leading up to 7 June, the agency acted on 21 such threats to life – in one, the police intervened directly to prevent an imminent alleged murder plot from taking place.
Such actions were used sparingly. Whenever authorities instigated raids or arrests based solely on intelligence harvested from An0m, there was a risk that the pattern of interventions would give away the fact that the phones were compromised.
In March 2021, An0m’s popularity exploded after the dismantling by Belgian police of Sky Global, a rival service. An0m’s active user base tripled. The surge in activity caused a drastic increase in the amount of information Chin and his team had to parse, increasing the potential threats to life to unmanageable proportions for the AFP. The An0m scheme had become untenably successful. Moreover, the FBI’s wiretap authorities related to the case were due to expire in June. The date for Big Bang was set.
To minimise the risk of exposure, few individuals at the agency had been told about Operation Ironside (during the takedown of Sky Global, several police officers were charged with working with organised criminal gangs on the service). “The vast majority of the AFP wouldn’t have known the operation was occurring,” says Chin. When, a week before Big Bang, wider personnel at the AFP were informed of what the team had been working on, there was widespread shock. “I was amazed at the scale,” one police officer involved in raids in Sydney tells me.
While the majority of raids took place on 7 June, police activity leading up to that day led some users to suspect their phones might be compromised. Some listed their devices in local classified pages. Most, however, continued to send messages unwittingly. As a result of Operation Ironside, as of 25 July, 693 search warrants have been issued, 289 alleged offenders charged, and A$49m in cash, 4,788kg of drugs and 138 firearms and weapons seized in Australia alone. Six illegal drug labs have been dismantled.
As mainstream phone providers and app makers from the Facebook-owned WhatsApp to Signal have increasingly touted end-to-end encryption as a key selling point, police everywhere have pushed for the implementation of backdoors that allow them to access messages to investigate alleged crimes. A legal case between the FBI and Apple, whereby the former demanded the company create a tool that would allow it to access messages on an iPhone 5C to use in its case against the San Bernardino shooters, became a touchpoint in a debate over civil liberties in a digital world. The An0m network represented a creative sidestep: why debate tech companies on privacy issues through costly legal battles if you can simply trick criminals into using your own monitored network?
Still, the organisational difficulties of such an ambitious and far-reaching surveillance operation were matched by the legal complexities involved in bringing together forces from different countries, each subject to different laws. It was not by chance that the FBI chose to partner with the AFP and trial An0m in Australia. There, since 2018, the Telecommunications and Other Legislation Amendment (Tola) has allowed government agencies to compel telecommunications providers to allow authorities to intercept criminal messages – powers that are not yet available to police elsewhere in the world.
Tola did not allow the AFP to share the millions of decrypted messages it was gathering with overseas agencies. The FBI had the necessary keys to decrypt the messages, but not the messages themselves. Working with San Diego lawyers, the FBI devised an ingenious, if arguably questionable, scheme. A third, currently unidentified, country apparently governed by laws that provided authority to accept the data, agreed to take the AFP’s massive cache of messages.
Without the encryption keys, this was no more than a digital mass of unreadable noise. But the third country then agreed to share the cache with the FBI under a mutual legal assistance treaty, in exchange for the encryption keys. Once the exchange took place, both parties could read the messages. (The FBI was careful to avoid the surveillance of US citizens via the ruse: these messages were automatically excluded from the cache sent to the FBI. The AFP read these messages and, if they contained a credible threat to life on US soil, informed the FBI accordingly.)
Critics may argue that the FBI used the AFP and the “third” country to circumvent the rules – a contravention of the spirit of the law, if not the letter. “That’s a fair objection,” says Stewart Baker, an expert in US privacy law, former general counsel of the National Security Agency and assistant secretary for the United States Department of Homeland Security, “though it cuts both ways. The fact that US law wasn’t suitable for such an operation may be more a criticism of US law than of the operation.”
In the wake of the recent Pegasus scandal, where spyware software designed to catch criminals and terrorists was allegedly used by governments to monitor journalists and dissidents, could the operation raise concerns for those who might want to use An0m-like secure communications networks for legitimate users? “I doubt it,” says Baker, “though I recognise that journalists always think the story should be about them.” He believes the governments involved deployed a careful vetting procedure that made it unlikely that journalists and other non-criminals would be able to use An0m. But there is nothing to prevent an authoritarian, oppressive regime from conning critics and dissidents into using a similar bogus service with the promise of privacy.
Now that the workings have been revealed, An0m is a trick that could surely never be repeated in the world of organised crime. The revelations will push criminals away from technology, even if it makes their work more laborious and slow-moving. Besides, the AFP estimates that messages harvested via An0m represent only a fraction of criminal communications sent in Australia during the 18 months An0m was on the market.
“It is true that the groups will adapt accordingly,” says Chin. “I guess all I can say is that we have skills and capabilities to adapt, too.”