In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.
So I was looking through WikiLeaks the other day, as one does, right? And I came across something that I found rather fascinating. There's a thing that the CIA developed called Weeping Angel. So if you have a Samsung smart TV, there's a really odd feature in it. It's called fake off. And when the TV is on, you can push mute 182, then power, and the TV appears to turn off, but it doesn't.
Now, these smart TVs often have a microphone built in so you can give them voice commands. And when the TV is off, the mic isn't listening. But when the TV is in fake off, the mic is still active. So what the CIA did was they developed some kind of spyware for the Samsung smart TV where it would record the audio from the mic and store it on the TV.
So I imagine a scenario is that a CIA agent would want to plant a listening device in someone's bedroom and goes in, but then sees, oh, they've got a Samsung smart TV, which is already a listening device. No need to leave behind a bug that might get discovered. Let's just live off the land, as they say.
So the CIA agent uploads the spyware onto the TV and then puts the TV in fake off mode and leaves. And the TV sits there recording all the audio in the room, but appears to be off. And then the CIA agent can remotely connect back to the TV and get the audio files or come back into the room later and retrieve them off the TV.
It's wild what spy gear is developed by the federal authorities, isn't it? These are true stories from the dark side of the Internet. I'm Jack Recider. This is Darknet Diaries. Support for this episode comes from Delete Me. Feels like a war out there. Companies all over trying to scrape and store all kinds of personal data about me.
My phone number, address, family members, where I work, sexual orientation, club affiliations, income level, what kind of car I drive. It's just endless. And every now and then I Google myself and just get freaked out about the amount of data there is about me out there. This is why I use delete me. I registered there and told them what to look for about me.
They were able to discover what sites have data on me and took steps to get that information removed for me. That's my favorite part. It's like getting help in this war. Their scouts know exactly where to look and they'll tell me what they found about me. And if they can't remove it themselves, they'll give me recommendations on how to get it removed or mitigate it.
Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for Darknet Diaries listeners. Today, get 20% off your Delete Me plan when you go to joindeleteme.com slash darknetdiaries and use promo code DD20 at checkout. The only way to get 20% off is to go to joindeleteme.com slash darknetdiaries and enter code DD20 at checkout.
That's joindeleteme.com slash darknetdiaries, code DD20. This episode is sponsored by Mint Mobile. With big wireless providers, what you see is what you get. Somewhere between the store and your first month's bill, the price you thought you were paying magically skyrockets. With Mint Mobile, you'll never have to worry about gotchas ever again.
When Mint Mobile says $15 a month when you purchase a three-month plan, they mean it. All plans come with high-speed data, unlimited talk and text, and you can use your own phone with any Mint Mobile plan and bring your phone number along with your existing contacts. To get this new customer offer with your new three-month premium wireless plan for just $15 a month, go to mintmobile.com.
That's mintmobile.com. Cut your wireless bill to $15 a month at mintmobile.com. $45 upfront payment required, equivalent to $15 a month. New customers on first three-month plan only. Speed slower above 40 gigabytes on unlimited plan. Additional taxes, fees, and restrictions apply. See Mint Mobile for details. Why don't you start by telling us your name and what do you do?
My name is Joseph Cox. I'm the author of Dark Wire, and I'm also a co-founder and journalist at 404 Media. Yeah, what's 404 doing? So 404 is a group of four of us, myself, Jason Kepler, Emmanuel Mayberg, and Samantha Cole. And we are all former staff members at Vice's motherboard, the technology site.
Unfortunately, Vice made some very poor managerial decisions from the executives, and that company is now bankrupt. But we left to...
make our own company where well we we want to continue doing tech investigations we want to continue telling stories and how about we do it in a way where we own the company you know so we can not only make journalistic decisions and editorial ones but we can make business ones as well in the hope that we can just keep on doing what we love doing which is unearthing stories verifying information and publishing stuff that's in the public interest
Well, you've created quite a name for yourself over the years. I always see your name popping up in other books, like an article by Joseph Cox said this, or another story here is quoting you and different things. So just really well done on your journalism. What this latest project you're working on, Dark Wire. So I started reading this Dark Wire and I was just like, oh my God, this is amazing.
And I was hoping we could talk about it.
Yeah, of course. I mean, I have been working on this book for three, maybe four years at this point, speaking to essentially every sort of person involved. That's law enforcement. That's also a lot of very dangerous people. But I don't think I've ever been more obsessed with a story. I mean, I'm sure of that. I've never been more obsessed with a story than this one.
Okay, so this is an incredibly nuanced story, which is going to fill your head with a lot of questions. I know it did that to me. But let's first start with some context. I am not a criminal, but I make a lot of effort to be private and secure. And the first time I made an effort to have a privacy phone was after I read an article by Joseph
He was using an iPod Touch and did all his phone calls over Wi-Fi. The main advantage here is that there's no SIM card in an iPod Touch. It basically has all the features of an iPhone, just no SIM card. So that means nobody can SIM swap you. But also SIM cards are notorious for beaconing out to cell towers and giving fairly accurate location data to cell phone providers.
And that's even if your phone is always using a VPN, because SIM cards communicate with cell towers using baseband technology, which operates completely outside of VPNs. So this iPod Touch was the main phone that Joseph was using to keep private.
That's been my life for years at this point.
Yeah, you use that as like a secure phone, right?
Yes. For years, I used an iPod Touch as a secure device, and now I've moved on to an iPad Mini because the iPod's no longer supported, unfortunately.
When Apple stopped supporting the iPod Touch, I switched over to Graphene OS, which is a fork of Android. It's an open source project, but with a lot more privacy features added in. And unlike Android, they don't send everything I do back to Google.
My messaging app of choice is Signal, which I can also make phone calls with because Signal is end-to-end encrypted, which means the people at Signal can't see my messages. Only the receiver of who I'm chatting with can. And I do so much more to remain private online. So you can see, Joseph and I, we take our mobile privacy very seriously, and we want the best there is.
And then one day, Joseph heard about this new privacy phone called Anom. Anom.
So I call it an encrypted phone, which is simultaneously a helpful term, but then also not very helpful at all. We don't really have the terminology for it. But yes, it's a combination of things. It had a secure communications app that allows you to send end-to-end encrypted messages to one another with photos and...
voice memos and all of that, very much like a Signal or a modern WhatsApp or a Freema or whatever, right? And it also was a custom phone operating system. It is based on Android somewhat. It's actually a fork of Graphene OS, the privacy-focused operating system. Apparently, Anom had also removed all GPS functionality so that there would be no way
for law enforcement or Google or sort of third-party apps to track the location of those devices.
I think the features of Anom are amazing. I mean, it took Graphene OS, the phone operating system I already use, which is considered great already for privacy, and it made it even more locked down? What? ! And the features just kept going. Like, for instance, Anom had its own little end-to-end encryption chat app built in, but it was in a secret spot.
The thing is, there were all these dummy apps on the phone. Like, if you look at the phone, it has Tinder on there and Candy Crush. They look like normal apps, but they're just decoys. They didn't really work. And another app you'd see on the home screen was a calculator app, which worked just fine like a regular calculator, except...
If you were to open the calculator app and punch in a certain code, that's when it would open up the secret Anam chat messaging app. It was hidden beneath a few layers of obfuscation.
Which, hey, that's pretty good if you're having a private conversation and, I don't know, an abusive partner snatches your phone trying to rummage through your messages. Or if you're a criminal, a police officer does it or a border official or something like that. So there's that. There's also voice scrambling. So...
You know how on Signal you can send a voice note for one another, and that's very popular on other messaging apps. On Anom, you could do one where it would add either a high-pitched distortion or a low, deep distortion to it as well, and that would mask what your real voice sounded like.
Who is the brainchild behind Anom? Who created this thing?
So Anon was created by someone called Afgu. I have to be a little bit careful about what I say about them for reasons that we'll get into. But they are, from what I've learned, a pretty sort of nerdy tech expert for the criminal underground. They were connected to a very well-known criminal called Hakan Ayik, who at one point was Australia's most wanted man.
And this AFCO character sells or did sell phones in this space before eventually deciding, well, I'm going to go make my own. Like rather than working underneath other sellers and sort of other encrypted phone companies, I'm going to create my own tech startup for the criminal underground.
For the criminal underground. Wait a minute. What? Like, all the features of this phone, they're all fine. None of them are illegal. But if you're specifically making a phone for criminals, knowingly and purposely helping criminals conduct their crimes... Now, suddenly, what AFGA was doing was illegal.
Yes. Legally, it's very, very messy because it's not illegal, generally speaking, to sell or use an encrypted messaging app, which is a good thing, to be clear. Like, that should not be illegal. But a lot of these companies in the, I would say, shadier part of the encryption industry... The thing that differentiates them is that they deliberately facilitate crime.
As in, it's not like Signal, whose users will of course include criminals, or even Apple iMessage or something, just because they're very popular. One of the taglines was, I think it was... designed for criminals by criminals, which is just asking for trouble, really. But Anom had all of those sorts of bells and whistles you would expect, you know, wiping the phone, all of that sort of thing.
And it really positioned itself as sort of the Royals Royce of the encrypted phone industry. If you wanted a super secure device from a company that didn't care if you were a criminal, if anything, it likes the fact you're a criminal, you could turn to Anom.
So I learned from the book that this is quite a lucrative underground criminal industry. Anam was not the only one here. And you got to read the book about what happened to all the other encrypted phone companies. Like each of the competitors have just as wild and crazy of a story of what was going on with Anam.
And Joseph does a great job of giving you a tour of this whole criminal encrypted phone industry. But it bugs me because, like I said, I'm not a criminal, but I love having a highly secure phone with the best privacy you can get. So it's a weird line for me that this is even a criminal industry.
It's kind of like if someone started a hammer company selling hammers, but it was just selling hammers to criminals to kill people with. And it had like features on it, like non-slip handle for when blood gets on it or blunt side for smashing skulls and fork side for stabbing through stomachs. And really, it's just a hammer that's no different than any other hammer.
But it has the sole intention of being for criminals to cause pain and injury. And the company works exclusively with criminals to find ways to improve it. Like, why? Why not just make a great hammer that the whole world can use? Why make these secure phones for criminals? Privacy and security is important to the whole world, not just criminals.
Anyway, so Anom was this really sleek, super private phone that you could buy and have ultra-secure chats with others. And it was purpose-made for criminals.
That is basically what Anom was pitching itself as to its customers and even to its sellers. It was saying, your messages will be end-to-end encrypted. We can't see what's going on. We won't turn over data to law enforcement. Our servers are outside the reach of the Five Eyes. All of the normal sort of marketing and privacy benefits you would expect. Except, of course, that wasn't true.
Anom was doing something else in the background.
So what were they doing?
So it's very, very interesting on a technical level. And what it is, is that Anom basically created a ghost contact that was added to every conversation. And it received a blind carbon copy, a BCC, of every message sent across the platforms. So when Criminal A was talking to Criminal B about a cocaine shipment, that was secretly being sent off to Anom, and the users were none the wiser.
It was like having a spy in everybody's pocket, in their back pocket, looking over their shoulder. They could just see into everything.
So while it's true it was end-to-end encrypted, it was also end-to-end encrypted directly to Anom's servers, right?
Yes, it's almost end-to-end encrypted. There's another end in there.
So this story just took a 90-degree turn. The phone was not actually as private as it was advertising itself to be. But hold on tight, because we're taking another 90-degree turn right now. You've got to ask yourself, why was Anam wanting copies of every message? No, I don't think Anam or Afgu cared about looking at people's chats.
However, Afgu knew the value of these messages and decided to make a very odd deal to let someone see those chats. And I'm not sure how all the logic went down here. We really don't know how this deal was made.
But my best guess is, since Afgu wasn't a stranger to being a criminal himself, and he may have thought this whole encrypted phone business is actually illegal and could go very wrong for him at some point, and he needed a plan, I really don't know.
I mean, I want to think he was a brilliant business person that just played everyone perfectly, but AFKU's lawyer advised him to make a deal with the FBI and let them see the encrypted chats. This way, the FBI would appreciate Afgu and not try to arrest him.
So why not, Afgu's lawyer tells the authorities, would you want to use Anom in your investigations in exchange for, you know, leniency if Afgu ever faces charges, right? It became the ultimate bargaining chip, essentially.
Okay, so... That's quite a leap. It takes me and Beat to just kind of be like, okay, that's how the new thing is going, right? It's a jump.
Yeah, and this is very quickly done in the book. And that's not because I'm sort of glazing over it. It's because it just happened really, really quickly. And that's just a series of events that happened. Now, I don't know whether that was always the plan or something like that, or was it maybe always in the back of Afgu's mind? I don't know that. But very, very quickly...
Anom was put on the table to the FBI back in around 2018, I think is when these conversations were happening.
The FBI and the Australian Federal Police.
Yes, and the Australian Federal Police, who for years, they've been really stymied by encrypted phones, like probably even more than the FBI. In Australia, these sorts of phones are incredibly common among organized crime groups. You know, you'll have the Italian Mafia over there in Australia, them using it. You'll also have the biker gangs like the Comicheros and the Hells Angels. They all use...
these sorts of phones. And for years, if not more than a decade at this point, the AFP in particular has been running into these phones again and again and again. So the idea of a backdoor in an encrypted phone is incredibly attractive to them.
I mean, what I've been told is that when the AFP agents were told about this possibility and the plan to go ahead, they looked like they were kids on Christmas morning.
So a deal was made. The FBI and AFP, Australian Federal Police, got access to all the encrypted messages going across Anam. And this is where I start to have a million questions. Who the hell is this AFKU person? An undercover cop acting like a fellow criminal, but really working with the feds? What kind of criminal makes deals with the feds like this?
If this gets discovered, his whole business is ruined. Or is Afgu a brilliant business person, cashing in on both sides of the fence, making money off criminals and federal police at the same time? Maybe he's playing some 4D chess, trying to be a few moves ahead of everyone. There's a lot of unanswered questions here. But the AFP were the first to get access to this.
And they were looking through the logs and were like, there's nothing here. Because Anom was just a startup company and didn't have any users yet. With the product already and the infrastructure in place, it was time to start marketing the thing. The next plan was figure out how to get these Anom phones in the hands of criminals, specifically criminals.
And I guess now I'm starting to see why this phone was purpose-made for criminals. So the FBI and AFP could see what everyone was doing.
So it starts when Afgoo, the creator of Anom, offers the phones to a particular phone seller slash drug trafficker in Australia. His name is Domenico Catanzarati. And he used to sell Phantom Secure phones, one of those earlier companies. And when that company was shut down, He obviously doesn't really have any phones to sell.
Well, lo and behold, here comes AFKU with what looks like it's going to be the hottest new phone on the market. So he provides some of those phones to Catanzarati and just starts using them and just starts talking about them and spreading them around. I think initially the phones were actually just given... for free to Catanzarate.
It's almost like a sort of Uber technique, Silicon Valley growth technique. I don't know, just get it out there for free. And we'll figure out the laws, we'll figure out the market later. But we just want to get devices into people's hands, basically.
Early users were liking these phones. Word was getting out about them, and more orders were being made. Chat messages started to show up, and the AFP could see what was happening.
At least for the Australians, the AFP, it was relatively real-time, instantaneous. You know, they could see that, oh, the Comacheros are talking about beating up this guy. Oh, this biker gang is talking about... doing a weapons drop off of like high caliber assault rifles at this time in this location. It was really like peeling back the curtain on these conversations.
Was AFP like actually arresting people or were they just watching, trying to figure out what to do at this point?
At the start, the AFP, as far as I know, was simply collecting the intelligence. There is this massive trade-off constantly throughout this entire story, which is that, okay, you have a backdoor into a phone, but how do you act on that? Do you act on it? And when do you act on that information?
Because if you go too loud too quickly, it's going to become obvious to the criminals that something bad is going on, at least for them.
Yeah. Yeah, I found this tension while reading the book quite interesting of, oh my gosh, there's some crime going on here. We can see it happening. What do we do? Do we bust in? Because you have to have some sort of good reason how you knew that was happening. And if it was, well, we've got an access to your chats and your phone, then that's going to just ruin the whole company.
So they really have to be very careful. And I'm surprised there wasn't just some AFP officer like, oh, I'm not going to be careful. I'm going to go stop this drug deal and just not understand the intricacies of it.
Yeah. It got to the point where the people I've spoken to, the law enforcement officials around the world, they had to do stuff like basically lie. They had to make up a story where it's like, okay, we are finally going to strike on this drug lab or this drug warehouse or whatever, because it's so large and we have to act, but we're going to write the intelligence in such a way that
It looks like it's coming from an informant or a source. There's going to be no mention of a NOM, no mention of a backdoor. And from a law enforcement perspective, that's great. Okay, we managed to get the drugs and arrest the people or whatever while without revealing... you know, the secret about a norm. On the flip side, there is a justice issue there.
You know, that's basically parallel construction. It's very complicated. It gets very nuanced. But I do think that civil libertarians would be a little bit aghast at sort of the trade-offs that were being made on a daily basis.
I think everyone's aghast at the whole story. Yes, okay. Yeah, because here's a situation where the federal police are lying on the record about where they're getting their intelligence from. Are the citizens of that country okay with that? Here in the US, during court, you're asked to swear that you're telling the truth. The cops weren't telling the truth here.
Or I guess not yet telling the truth. We learn later how they did get this information, but the evidence in these earlier cases did not mention Anam. But additionally, they were working with this criminal, Afgu, to get these messages. And I call him a criminal because if someone makes an app exclusively for criminals to conduct crimes with, then historically that's criminal behavior.
So who's AFKU? And when did the police start making business deals with criminals? Is there proper oversight here? Is this within best practices for the feds? Point to the policy that allows this. This just isn't sitting right with me. And you might say to me, Jack, the ends justify the means.
If all this results in a takedown of a lot of criminals, then it's okay for them to lie and do back alley deals with criminals. Really? What about Fast and the Furious? This was a real operation done by the ATF, Alcohol, Tobacco, and Firearms, where they set up weapons deals with criminals so they could track where these weapons are going and ultimately try to arrest a bunch of weapons sellers.
Yeah, well, it all went wrong. The ATF made weapons deals, but lost track of the guns that were sold. They didn't make significant arrests and basically armed the very criminals they were trying to find and arrest. This ultimately resulted in a Border Patrol agent getting killed and at the scene of the crime was one of the guns the ATF sold to criminals. The ends did not justify the means here.
The Fast and the Furious operation was a big mishap, and it showed how the ATF was operating without proper strategy or oversight or following policies put in place. What is the deal? Did the FBI take ownership of it? How did they? Was there a licensing?
Like licensing Anom and stuff. So the deal itself is between AFGU and the US authorities and got paid something like $120,000 and then $60,000 for travel expenses, I think is how it's phrased in some of the documents. But Anom basically became an FBI tech company. From what I've been told from people with direct involvement, you know, the FBI was picking up the bill.
They were paying for infrastructure. They were paying for hardware, Android hardware for the phones, for the app to be flashed on. They were running a tech company. And I think that's just the craziest thing here. And beyond that, they were running a tech company for criminals.
Yeah, and it's fascinating, too, that AFGU was somehow able to control the company in a way that all the developers and suppliers and shippers and even the distributors had no idea that the FBI or AFP was involved, right? Or even that there was a man in the middle. I mean, what was the kind of the thoughts going on in the developers' head?
Did they know that they were building a man in the middle and encryption? Or what did they think?
So yeah, I've spoken to people who actually coded the app and basically made the phone. And these were completely ordinary developers. One I spoke to, who I call, has hit in the book. I used a different name just to protect their identity. But they found a freelancing gig online about the secure communications app.
They get involved and they're doing normal coding like they've done a million times before for an Android app. And what they're told is that... We make this app and we sell it to businesses. We sell it to corporations to protect their communications.
And as part of that, companies like to be able to audit their messages, you know, and that's very common in banking, very common in finance, all of that sort of thing for legal reasons.
Yeah, I found that part to be interesting. I didn't realize how common that was. So the other day I was looking to see if Google has any sort of end-to-end encryption in their chats. And I didn't think they did, but they're like, yeah, we do. I was like, well, shoot, sign me up. And it's like, well, what we have is for businesses, for enterprise.
And the way we have it set up is that the admin of the account can see all the messages that your users are sending encrypted. And I was like, what? Hold on a second. Why would you have a man in the middle of an encrypted thing? And then I read your book and I was like, oh, this is more common than I realized. For instance, I think you mentioned federal agencies.
have to be able to pull up any communications, emails, chats, messages, and stuff in case there's indictments or subpoenas, what was talked about federally or even state agencies, at least in the U.S. here. This stuff has to be archived. And if it's encrypted, you can't archive it in a proper way. So there is a reason to get in and take a look. I don't know. This kind of just surprised me.
Yeah, I mean, Customs and Border Protection, part of DHS, they use Wicker, the encrypted app that many people will be familiar with. But they use an enterprise or government version, which, yes, it's encrypted, but it has that extra archiving function. And the... Developers of Anom, that's what they thought they were building.
They thought they were building a communications platform for businesses to, yes, talk somewhat securely, but have the messages archived. So then, for whatever reason, the administrator can go through them at a later date. That's what they thought they were doing. What they weren't told was that the phones are being sold to criminals and the archiving feature is actually for the FBI.
AFGU left that bit out when telling the developers about that. And I mean, just very briefly on that, the compartmentalization that AFGU did, I think is very interesting, as in there were the people designing the app, and they were sort of in their own silo. There were then people making the custom fork of Graphene OS, the Android operating system, and there was those people.
And then somewhere else, there were the criminal resellers on the ground. And these groups never really communicated with one another. And I'm surprised it didn't leak. To be perfectly honest, I'm genuinely surprised, but somehow it managed to stay a secret, at least for a long time.
Too many secrets. See tech astronomy. I mean, think about it. The criminals think they're the ones being the most secretive here. They've got these super private Anom phones, which you need a pin to unlock and then go through a dummy calculator app to punch in a secret code to get into the chat apps that are end-to-end encrypted, right?
Then they're doing things like disguising their voice and having disappearing messages and being super secretive about their crimes, trusting Anom with all their secrets. Then there's AFKU, who is secretly scooping up all these messages and lying to his developers of who these customers are.
And then there's the FBI and AFP who are secretly reading them all and secretly making business deals with AFKU.
I mean, did you know that the FBI was operating a tech startup, which was a phone purposely built for criminals to use to message each other? Secrets were kept from you in this story, too.
Well, criminals had no idea they were being played. So Anam phones just kept spreading. They ended up making their way to some criminals in Europe and things really started to heat up there.
The phones start popping up in Europe, and that's when broadly sort of the Swedish police get involved, and then also the Dutch. They are the two main European agencies that first come forward, because that's simply where the phones are ending up. And obviously the AFP doesn't really have jurisdiction. over Sweden or the Netherlands.
And the FBI, although they are reading the messages by this point, they're not in English, for a start. And the FBI can't really go over and start arresting people in the Netherlands, nor should they. So they decide to share some of the intelligence with... their Swedish and their Dutch counterparts.
And it starts to mirror what's going on in Australia with, you know, more intelligence gathering and the rest here and the rest there. But it's still very much under wraps, even though more and more cops are being looped in.
Some crazy things started happening with Anam at this point. It takes more and more 90-degree turns. I'm not even going to get into what happened in Europe or South America or Turkey. I'll simply say that there were a few criminals that loved this Anam phone so much that they tried to purchase ownership of that company.
and eventually just started calling themselves the CEO of Anam, which when a major underground criminal is saying he's the CEO of Anam, it really legitimizes the phone for other criminals to want to buy it. So the Anam phones were starting to grow wings and take on a life of their own in Europe.
At this point, I've read, I think, tens if not hundreds of thousands of Anon messages and messages from other providers as well. And what emerges through reading those is that a lot of people who sell these encrypted phones in a particular market or territory, they treat it like having a drug territory. Like in the same way that somebody may be the wholesale distributor for...
you know, a certain part of Sweden or maybe Antwerp or something like that, these phone dealers treat their product in the same sort of way.
So I want to shift gears here to the FBI. So I've got a lot of questions about what the FBI is doing here. First of all, FBI handles internal threats to the United States. They're not the CIA, which is doing international investigations. So I don't even understand why the FBI would be looking at foreign messages in the first place.
Yeah, I think this is something that a lot of people reading the book are going to have an issue with, basically. I think that's the only way to put it, which is like, why is this US law enforcement agency intercepting and reading messages from all over the world? And the best answer I have is that, well, there's two.
There's sort of the legal one, which is that, you know, the Fourth Amendment only protects people on American soil, right? Where you have to get a search and seizure warrant to go through communications or a wiretap order or whatever, right? Not to get too technical. The FBI does not need that for overseas.
And that's basically sort of the loophole that they used where they were able to go through all of this data. The second one is like sort of how they see themselves and maybe how they see their ethical obligation as well. But the prosecutors I've spoken to who were involved in this case, they just simply see this as a good thing.
And they want to go out and they want to shut down all of these criminal gangs. They want to intercept them. I think that there are valid questions about national sovereignty and all of that sort of thing. But that is what the FBI... They set out to wiretap the world, essentially, and they were very, very successful at it.
There's just so many questions I have. At this point, not many phones were in the U.S., so the FBI couldn't really look at U.S. citizens' chats, even if they wanted. But the FBI was heavily involved with Anam. creating this startup, basically, funding it, creating the infrastructure, actively monitoring the messages. And it just makes me wonder, have they solved all the cases in the U.S. already?
Because to start a tech company and collecting and analyzing and reporting intelligence so that you could give it to other countries...
That takes a lot of time and resources.
So whose idea was it to divert FBI resources to focus on stopping crimes in Sweden and Australia?
I mean, it... It's partly they're doing it because they can. They can monitor these communications. Yes, they can't go arrest people themselves, but then they can provide that intelligence to foreign partners. I mean, it's sort of an overused cliche at this point, the idea of America being the world police or whatever. But there is...
There's an element of that stereotype here in that the FBI went out and they collect all these messages all around the world, even though they couldn't monitor what was going on in America. This is sort of the future of policing that we're in now. And there wasn't really a debate about it.
It was just like one day or several days over the past few years, police have just decided that they're going to hack or otherwise intercept communications all around the world, basically. And we didn't really get a chance to talk about that as a society, about whether that's something we want. Maybe it turns out we do. Like, I don't know.
But we can't have that conversation unless we know what's going on. And that's kind of what I was hoping to do with this book. pause and consider this.
The FBI's fundamental mandate is to protect and defend the nation from threats. Defend. However, in this story they've gone on the offense in the name of defense. And this difference is worth noticing. I mean, imagine you're defending yourself in some legal battle and you're worried you might lose because of some surprise thing the opposition might bring up.
So to defend yourself better, you decide to break into the other lawyer's office and steal all their notes that they have on the case or hack into their phones and see their chat messages. All so you can better defend yourself? Well, this tactic would be unequivocally unethical. Yet the FBI's strategy here is to penetrate private chats in pursuit of criminal activity.
It's crossing that boundary from passive monitoring to active intrusion. And I think it's important to be aware when that boundary gets crossed because we never see them cross it since it's always done in the shadows.
If the FBI were to cross that boundary in the physical world, it would be akin to them secretly breaking into thousands of homes, rummaging through personal belongings because they're trying to detect crime. This wouldn't be acceptable. So why, then, should our digital lives be subject to a lower standard of privacy?
I guess the FBI uses all kinds of spy gear, though, to cross that threshold all the time, like wiretapping and planting bugs. They're always covertly reaching into someone's communication and taking it. But I think what's different about this story is the mass surveillance aspect to it. All messages for all users were being collected and stored.
And maybe it wasn't stored in the FBI's database exactly, but the FBI was funding this company who was collecting it all. I remember when the Snowden revelations came out. The NSA and GCHQ were trying to collect massive amounts of data flowing over the internets, not targeting a specific person, just grabbing everything, which means a lot of non-criminals were getting their data analyzed.
And I wonder... Is that offensive as well? It's mass spying at least. And I, for one, don't approve of governments doing mass spying on their citizens. But this is a crazy ethical dilemma because what if the mass spying is just on the criminals?
I think that is something that cryptographers and privacy experts I spoke to in the book were worried about, which is that some of them are less worried about the specific case of a norm, while some are, to be clear, but they're more worried about, well, what happens now? If we have a network that's 90% criminal and 10% normal users, is that a fair target? I don't know.
What happens when it moves to 50-50? You know, and there's a really good quote in there from Matthew Green, the cryptologist, and he says that, well, maybe 50% of the criminals on this network are doing really, really bad stuff like trafficking or whatever. And then 50% are doing like, I don't know, copyright infringement of song lyrics, something that I don't think many people really care about.
In the eyes of law enforcement, is that a fair target? And that's the discussion we're not having. And we need to have that as quickly as possible, because otherwise law enforcement are just going to go ahead and do it.
People sometimes say to me when we're talking about government surveillance that they've got nothing to hide and they aren't worried about it. Well, what those people are really saying is that they're always going to comply with the government no matter what. They're never going to have dissenting views or protest.
And honestly, I've never met anyone who 100% agrees with the government no matter the leadership. It's important that we preserve our freedom to have opposing views without the government watching us. Because the thing is, if we're being watched, it changes our actions. I mean, gosh, in this story, the FBI themselves has stuff to hide. And they can't spy on people in the U.S.
without proper warrants and stuff. But they were circumventing this rule by providing intelligence to other countries and then those countries providing intelligence back to the FBI.
Yeah, yeah. It's a worry, and that was a big worry in the Snowden ones. And in this case, it was like, even though the FBI couldn't look at phones in America, the AFP agreed to keep an eye on the ones on American soil for threats to life. And, you know, on one hand, you could say that, well, it's good the AFP were monitoring that so nobody got hurt, hopefully.
On the other end, well, why didn't the FBI just get a warrant and do it themselves? Yeah.
We're going to take a quick ad break, but stay with us because, well, clearly you can see there's a ticking time bomb going on at this point. Support for this show comes from Black Hills Information Security. This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work. If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training.
You can learn things like penetration testing, securing the cloud, breaching the cloud, digital forensics, and so much more. But get this, the whole thing is pay what you can. Black Hills believes that great intro security classes do not need to be expensive, and they are trying to break down barriers to get more people into the security field.
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range, which is great for practicing your skills and showing them off to potential employers. Head on over to blackhillsinfosec.com to learn more about what services they offer and find links to their webcasts to get some world-class training. That's BlackHillsInfosec.com. BlackHillsInfosec.com.
The Anarm phones were getting picked up by some criminals in Europe who were taking them to Dubai to try to sell them there.
Some of the phones landed in Dubai and, you know, part of the UAE. And the UAE is very interesting because it's one of the very few places that you're not allowed to just go around and start selling an encrypted phone or an encrypted app. If it is not approved by the government, you can get into a lot of trouble. You know, I guess sort of in the same way as like the Russian Federation, right?
Wait, why is encryption a problem there?
It has to be approved by the government. It is basically a combination of a censorship and a surveillance sort of posture. Whereas if you are selling an encrypted app that the local authorities and national authorities do not approve of, you're not allowed to do that. And the reason being is that, well, they want to be able to access that.
And somebody running around selling Anom phones is not going to get on their good side.
See, it's not completely out of the question for your government to ban encryption, to force the people of the country to use certain apps so they can see into it. This, I think, is a huge violation of our privacy. Luckily, in the United States, we have the Fourth Amendment of the Constitution, which states—I'll read the whole thing for you—
The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures shall not be violated, and no warrants shall issue but upon probable cause supported by oath or affirmation, and particularly describing the place to be searched and the person or things to be seized.
The Fourth Amendment is needed to maintain a balance between national security interests and individual rights." It's a tool to make sure that the government actions are subject to oversight and grounded in legitimate need. If we eliminate that protection, it creates a really dangerous power dynamic and a slippery slope towards a government that could abuse its power with no accountability.
If the U.S. government did some kind of mass surveillance and was searching through all that data without a warrant, it seems to me it would be in direct violation of the U.S. Constitution. And yet here's a situation where the FBI was running a tech startup with the entire goal to be snooping on other users' chats, watching every message to see if there was criminal activity.
There's no targeted search here. No individual warrants were being made at this point. They were analyzing all the chat messages going through Anam. Is this in violation of the Fourth Amendment? I can make a case that it was. And the FBI had that in their head too. So they were trying hard not to peek into any Americans' messages.
The data was available in Anom's database, but they had to program their system to only show them foreign chats.
I mean, I walked through the same rooms that the FBI was reading the Anom messages in. I've obtained screenshots of what the FBI interface looked like. So I feel like I can put myself in the head of some of these FBI agents because I've also read a ton of these messages as well, right? And the system itself is called Holler iBot. You log in.
Initially, it was just from the San Diego FBI field office, but then they made it remote as well for the European partners. And also because of COVID, people couldn't go to the office as much. You log in, and there's sort of a green and black interface. And you can click on an individual Anom user. And it will show sort of a constellation of all of their contacts.
There'll be a circle in the middle, and there'll be another circle of the person they spoke to, and then another circle which shows sort of the group chat. You can then zero in on those. It's almost like a Maltigo sort of interface. And then once you go to a specific user, you can see all of their messages. You can see all of their photos.
And rather handily, there was also AI-powered summaries of what was being spoken about, powered at least in some way by... Amazon, the FBI used some Amazon capability there. So you can look on the right side of the screen and it's like, Jerry is talking about a cocaine deal or whatever it is. And sometimes it's that blunt, which was just always hilarious to me.
But when it gets to the point where there are millions and then tens of millions of messages, the FBI had to turn to some of these AI capabilities because otherwise they're going to be swimming in data. And by the end, they were absolutely swimming in data.
There was a real danger that if they did not analyze every single message, well, what would happen if the one message about a death threat got through and then somebody died? That was a constant threat, and it really, really ramped up as Anom became especially more popular.
This tool that they were using, was it developed by Anom or developed by FBI?
HoloEyebot was developed by FBI computer scientists. It was made in-house as basically like the surveillance interface of a knob.
It sounds pretty advanced to be able to have this graphical view of who's connected to who and then also use AI to search for... I mean, because a lot of the criminals are using code words for different drug names and all this kind of stuff, thinking they're outsparting the police. But they're able to find all that.
Yeah, and I mean, if you think about it, imagine a normal wiretap in LA or something, and it's one guy talking to another guy on a normal phone, and they're talking about a drug deal. And if you're the FBI or whoever, you have to figure out who these people are. And that might be tricky. As you say, maybe they're using code names, maybe they're using pseudonyms.
And then you go about, and you maybe get phone location data, you figure out who they are, whatever. Now imagine doing that
for something like 12 000 people in 150 different countries it's like i almost can't picture the task in front of them and that's why they had to turn to these pretty sophisticated systems for figuring out not just what people are saying but who the hell these people even are and they would do that and then even put you know the stereotypical graphs on the wall in the fbi with uh
the layouts of different criminal organizations. And in some cases, the FBI doesn't even know who these people are at first. They're just like, well, we have a new crime syndicate on the platform. Let's start mapping out how they're related to one another.
So you said, you know, we're looking for that threat to life. Or what was really what they were like, let's not let this slip through and really trying to focus on...
Yeah, so as well as the drug trafficking, the main thing that flowed across Anom were what the FBI calls threat to life. And this is where a criminal organization or just an individual criminal will want to harm, torture, or in many cases, kill somebody else. And this happened across Anom constantly to the point where one of the FBI agents who was reading the Anom messages at first
His task was just to go through every single image that was sent across the platform. And often these were weapons or locations or targets. And the way it was described to me is that it's trying to figure out a puzzle basically as quickly as possible. You have to take all these disparate pieces of information and maybe you only have a photo of... a weapon.
So that indicates there's probably going to be violence here. Or maybe you only have a photo of the location and it's like, well, something's going to happen there. And the FBI would have to very, very quickly, as best as they could, figure out this puzzle, give information to foreign authorities who could then act on it, and then maybe save people or maybe not.
I don't think it was always successful, but they did save lives in the process as well.
It's got to be really complex because when you just see two criminals talk to each other over messaging, they're going to easily say, I'm going to kill you, man. That doesn't necessarily mean he's going to kill them. But it's just one of these – this is the way our lingo is. And then the opposite is when you're saying, okay, listen, we really need to, you know, off this one person.
There's also like all kinds of, you know – coded messages in there. Just be like, all right, minus one, this guy. And they're like, minus one? What does minus one mean? Oh, it means kill him, right? So you have to decode this. That must be incredibly difficult.
Yeah, there's a lot of posturing in there through the Anon messages I've read where there are people doing exactly that. Like, oh, I'm going to effing kill him or whatever. And then you'll come across messages where they are talking specifically about getting a getaway car to drive away from the restaurant after they've killed somebody. Then they need to rent an Airbnb to hide the assassin.
When it starts to get specific and granular, at least to me, that's when it's like, oh, okay, we need to actually take this seriously. And that's what the Swedish authorities did, the Dutch as well, and especially the FBI.
Yeah. And it's also wild because typically what we're talking when we're looking at the or when I was reading the book, it seemed like this is criminal on criminal gang on gang activity. Right. And so trying to save the life of a criminal is sometimes a strange, you know, moral situation you're dealing with here.
Yeah, it puts the FBI in a complicated ethical spot, and it puts the foreign agencies in the same spot as well. What started to happen was that the FBI or its partners would intercept communications about a threat to life. The authorities would then act on it. They would somehow stop the killing, and that could be in various ways.
But then what would happen would be that the criminals would continue talking, and they would go, huh. how did the authorities know we were going to kill this guy? And they wouldn't assume it was a nom. They would assume there was a mole or a rat in their organization. And then they would try to kill that person. So then the FBI has another threat to life.
And it almost became like this endless cycle or spiral where it just started to become exceptionally difficult for the FBI to maintain tempo, is the way they described it.
There's so many ethical and moral dilemmas here. I mean, just imagine the AI tool that's out there scouring messages, looking for threats to life. But the tool has to be trained to ignore it if it's an American.
Anom phones, as I found through reporting this book, they absolutely landed on American soil. There were Anom phones being used inside the United States. there was a plan for the FBI to start reading those messages. But it was very difficult for them to figure out what to do with all this information they collected. They are basically stonewalled in being able to look at U.S. communications.
There just didn't seem to be the appetite to go after people inside the states, even though the prosecutors and the agents on the case very, very much wanted to. They were ready to do it. They were collaborating with a field office in Los Angeles as well. It was just a matter of basically pulling the switch, but higher-ups in the DOJ shut that down, essentially.
What do these chats look like? Does the FBI go to Congress or what and say, like, hey, we've got this... Okay, sit down, because I've got some crazy story to tell you. We've got this mass surveillance tool that we somehow bought from some guy... We now have like view into like the whole criminal world here in the U.S. and or, you know, a large portion of it.
We would like to do a mass arrest because we can see this. And but we don't have the warrant. We need your help. Like, what is that? Do you have any understanding of what those conversations were like?
Yeah, so what happened when it was first approved for the FBI to gain access to the messages in general was that most drug prosecutors in San Diego in a specific meeting I describe, they were like, no, this is a ridiculous idea. You can't do this.
On top of that, they were like, well, don't even look at the US chats, right? Just look the other way because we don't have approval to even look at it.
Yes, exactly. They were like, please don't look at the US messages. We will figure that out later. And what happened was that the prosecutors on that, they send their requests to a specific part of the DOJ called the Office of Enforcement Operations. And they're the ones who basically approve every wiretap. If you want a wiretap in the US, they have to approve it.
And the prosecutors on the Anom case sent that, and... OEO just sat on it for months and months and months. There was clearly this divide between the cowboys on the Anom case and then the more senior people in DOJ who were just like, we're absolutely not approving this.
And Anom obviously grew to a massive size even without that, but it could have grown even bigger with potentially even more disastrous consequences.
Yeah, but like we've been talking, you know, it introduces so many ethical dilemmas within law enforcement of, well, do we need a wiretap for this and all this kind of stuff? What's allowed and what's not allowed? And they're just like, screw it. We're going to just get all the data and we'll figure out what's allowed later. It seems weird to go that direction.
Yeah, I absolutely think there should be a debate around whether secretly running a tech company should be allowed. There should be a debate on whether we want to be able to hack into entire telecommunications providers. Maybe the end result of that conversation is that we as a society are okay with the trade-offs.
But I don't think ordinary members of the public, one, first, even though this is basically happening, and second of all, aren't aware of what those trade-offs even are. Like, how can we even have that conversation when this is basically done in the shadows and then everybody moves on?
Yeah, and I also just realized how if the FBI is running a tech company that is a communication platform, which is facilitating the murder and drug deal... Are they responsible for, well, we're the ones who made this communication possible. We're the ones who put the phone in your hand to make this even happen. Is there some responsibility there?
I mean, there's no two ways about it. The FBI facilitated crime with the development and the ongoing maintenance and the secret running of Anom. The FBI was a tech backbone of organized crime. Now, yes, of course, they also had the surveillance capability as well, but they were selling a product to criminals, and the criminals were making great use of it.
It's like the ends justify the means in some way. I think that is how people who worked in the operation would phrase it. And as for the ethical responsibility, from everybody I've spoken to, they did take the ethical consideration seriously. Like, we're running this communications platform, and that's why if a murder does flow across...
the chats, we need to respond to it aggressively and quickly. Now, that didn't always work out, unfortunately. But that was the approach they were coming from. But at the end of the day, Those messages were still on FBI chat app.
Gosh, and I think about AFKU again. He was making a phone for criminals, right? Like he was working with criminals, listening to their requests and adding in features like a remote wipe ability.
So because AFKU was making this for criminals, it meant he was a criminal. Clearly, right?
Yet it was the FBI who was the true owners of this company. So what does that make the FBI if they were making something purposely for criminals to use? The implications of this story just keep going and going. I'm telling you, I have like a million questions. I just love this book.
June 7th, 2021. Yes. Yes. What happens on this day?
Sure. So the FBI and its foreign partners, they decide on a date, June 7th, 2021. The reason for that is that the country that was sort of part of the technical infrastructure, Lithuania, their court order was running out. But basically Anon was just getting too unwieldy. It was starting to get out of the FBI's control immediately. Sellers were pushing into countries as they wished.
Every time the FBI asked for more resources to monitor the messages, which was eventually like 130 FBI agents in total, then more messages came and they have to ask for more resources. There had to be an end point. And that was basically the date that was picked before it went over the edge.
I spoke to multiple law enforcement officials who were part of that day, and the pressure and the stress they felt was incredible. The way it was set up was that it was almost a global line of dominoes, starting in Australia, and they would do their arrests first. It would then move over to Europe, and then they would do their arrests. And then eventually, when people woke up,
on the West Coast in San Diego, the FBI would come forward and they would take credit for running Anom. It was the single largest law enforcement action in any one day. Something like 10,000 police officers were involved in that one day in this world-spanning relay race domino track of activity. Good morning. Good morning.
I am Randy Grossman. I'm the acting United States Attorney for the Southern District of California. Welcome. Thank you for being here. We're here today to announce the unsealing of a federal indictment by a grand jury in the Southern District of California, which charges 17 foreign nationals in facilitating drug trafficking, money laundering, and obstruction of justice.
This is part of a worldwide law enforcement operation that has resulted in hundreds of arrests for drug trafficking, money laundering, firearms violations, and crimes of violence. These international arrests and the U.S. charges were possible because of a San Diego-based FBI investigation like none other in history.
This investigation called Operation Trojan Shield shined a light into the shadowy industry of hardened encrypted devices. For the first time, the FBI developed and operated its own hardened encrypted device company called ANOM, A-N-O-M.
As we allege in our indictment, criminal organizations and the individual defendants that we have charged purchased and distributed ANOM devices in an effort to secretly plan and execute their crimes. In fact, ANOM's distributors,
Administrators and agents had so much confidence in the secrecy of their devices that they openly marketed them to other potential users as designed by criminals for criminals. But the devices were actually operated by the FBI. The worldwide implications of this investigation are staggering.
In total, the criminals sold more than 12,000 Anand encrypted devices and services to more than 300 criminal syndicates operating in over 100 different countries. This was an unprecedented operation in terms of its massive scale, innovative strategy, international coordination, and investigative achievement.
Operation Trojan Shield has shattered any confidence criminals may have through the use of hardened encrypted devices.
Shattered any confidence that criminals may have in the use of encrypted devices? I'm not sure this is a good take. Because what about me? Who just wants a hardened encrypted device for, you know, privacy and security?
Yeah, if you're an ordinary person and you're trying to figure out whether an app is legitimate or not, it can be really, really hard to tell. Yes, you'd look at the owners, all of that sort of thing, and maybe some researchers dig through the code or whatever it is.
But even beyond that, even beyond looking for specific answers, it's just that we know the FBI is prepared to do it now, which changes the conversation.
Someone even asked the FBI at the press briefing about this.
Well, I'm wondering, is this something you can replicate and do again? So who knows, right? This will lead all of our criminals guessing of what company out there is actually a true secure company and which is run by potentially the government. So we obviously have the technical capability and obviously the international partners to work these types of cases in the future.
I basically believe the FBI is absolutely exploring more of this. To get some of the information in the book, I snuck into a law enforcement-only conference in Vancouver, where two of the agents were talking. And towards the end of that talk, one of them said they look forward to what the next version is. of Operation Trojan Shield, which the Anom operation looks like.
That's not an agency saying, okay, job well done, let's all go home. That's an agency looking for an even bigger thing to do next. And as well as Anom, there was the Sky hack, there was the EncroChat hack as well. Absolutely, law enforcement are continuing to push down this route. I mean, some of the police officers I even spoke to told me that.
The Dutch authorities told me, we are doing this right now.
This is why I love Joseph so much. He's sneaking into law enforcement conferences to get the story. We've skipped over so much of the book.
I purposely left out some of my favorite parts of the book just so you can enjoy it still. This story goes deeper and deeper and deeper. And so you should do yourself a favor and go read Dark Wire by Joseph Cox. A big thank you to Joseph Cox for sharing this story with us. You can find a link to his book, Dark Wire, in the show notes. Again, it's highly recommended.
This episode is created by me, the Bit Bumbler, Jack Recyder. Our editor is the Silicon Sorcerer, Tristan Ledger. Mixing is done by Proximity Sound, and our intro music is done by the mysterious Breakmaster Cylinder. One time, I went into a client's data center to do some work on their servers, and I found a computer that was so old, its IP address was one. It's just the number one.
This is Darknet Diaries.