CRIMINAL organizations that rely on hardened, stripped-down devices to send encrypted messages may learn this week they have been using a platform operated by the very investigators they are trying to thwart, the FBI announced on Tuesday.
In an innovative effort, the FBI, with the help of the Australian Federal Police, launched their own encrypted communications platform and supplied more than 12,000 devices to hundreds of criminal organizations that operate around the globe.
The FBI, along with the Drug Enforcement Administration, Australian Federal Police, Europol, and law enforcement partners in more than a dozen countries, are announcing the results of that covert effort, known as Operation Trojan Shield. In recent days and weeks, authorities have carried out hundreds of arrests in Australia and across Europe as a result of intelligence gathered during the operation. Law enforcement has also been able to mitigate direct threat-to-life situations.
The FBI’s San Diego Field Office was the hub for the more than 100 agents and analysts and 80 linguists who were pooled together for the operation that began with the takedown of the encrypted phone provider Phantom Secure. In 2018, the FBI and the U.S. Attorney’s Office for the Southern District of California pursued charges against the company’s executives for facilitating the transnational importation and distribution of narcotics by providing encrypted devices to criminals.
While the charges shuttered a key device provider, FBI San Diego Assistant Special Agent in Charge Jamie Arnold said they watched the organizations quickly regroup: “When we took down Phantom Secure in 2018, we found the criminal organizations moved quickly to back-up options with other encrypted platforms.” After Phantom Secure, investigators came up with a solution that would do more than cause the organized crime groups to shift to different platforms, such as Sky Global and EncroChat.
“Encrypted devices have been and continue to be a safe haven for criminal organizations, in particular the leadership of these organizations—providing them a platform for their communications that we have not had access to,” said Arnold. “For the agents on the investigative team and our federal and international partners, this was a creative and innovative way for us to get behind that firewall and see what was happening among the leadership of these criminal organizations.”
These devices are typically purchased through word-of-mouth referral networks and offer robust data encryption tools. They can also be wiped clean remotely if they fall into the hands of law enforcement. Every feature of the devices, which sell for between $1,200 and $2,000, is designed for maximum secrecy and to avoid court-authorized access needed by law enforcement. The devices deployed in Trojan Shield, however, generated a carbon copy of each message for the FBI to assess and analyze.
When appropriate and authorized, the FBI sent information to partner agencies. As a result, law enforcement entities around the globe were able to seize thousands of kilograms of narcotics and millions of dollars in proceeds from criminal activity.
U.S. federal prosecutors may bring charges against additional providers of these platforms, and FBI San Diego said that the operation will have far reaching, long-term transnational effects on these organizations and their ability to communicate and coordinate their criminal activities.
Arnold said the erosion of trust in these networks was a primary goal, along with gathering invaluable investigative information. “Criminal groups using encrypted communications to thwart law enforcement should no longer feel safe in that space,” Arnold said. “We hope criminals worldwide will fear that the FBI or another law enforcement organization may, in fact, be running their platform.” He went on to stress that the FBI and its partners will continue to dismantle transnational organized criminal organizations, wherever they are and however they choose to communicate.