In the world of drug trafficking, cocaine is gold. When a single gram is sometimes worth 3,600 dollars – a drug smuggling operation can easily yield millions of dollars in profit.
Of course, drug dealing isn’t easy. Border crossings are routinely checked for drug smugglers – and international flight is highly protected. A couple of years ago, the members of an international crime ring came up with a devilishly brilliant idea: fill tuna cans with cocaine in Ecuador, place the cans inside a container and send the container on a ship to Belgium. Since tuna cans are completely sealed, who could ever find the concealed drugs? According to the plan, the drugs will be thrown over boards next to the Belgian shore – and there, a local team will sneak the precious cargo into the European market.
“I have a cargo ship with a captain on [our] side too. They want to throw over [the] load as they leave”, wrote one of the conspirators in a text, sent from a special clandestine smartphone, “Once [the] pilot boat leaves, we’ll send a message [and] they’ll throw it right away. Can you do it, [and] if so – what’s your fee?”. “Yes, they can definitely catch it,” replies a second conspirator, “They charge [a] 20% fee”.
A multi-million-dollar drug deal was being finalized in these texts – without the use of any code words: both parties used incriminating language. After all, they thought they were safe. The instant messaging app they were using was supposed to be the holy grail of criminals across the world: an end-to-end encrypted communication tool, completely secure from government eavesdropping.
But unbeknownst to them, someone else was listening. Something was rotten in the state of Belgium, and it wasn’t the tuna fish.
The Rise and Fall of Phantom Secure
Vincent Ramos is a genius. Even the official website of the United Nations Office on Drugs and Crime called him a “cyber genius”. Ramos’s talents are numerous and outstanding, probably matching the talents of other cyber geniuses who went on to found leading tech companies worth billions of dollars. Vincent Ramos could have had this life: the start-up phase, the luxurious office spaces, and the praising Forbes profile. But Ramos chose the dark side of the cyber world.
He started his own company in Canada, called Phantom Secure. Phantom Secure bought BlackBerry mobile phones and then modified them to include a secret and secure communication channel that would allow two or more phones of the same model to exchange messages without outsiders peeping in. Phantom Secure had a very specific and rather unusual type of customer: criminal organisations. Drug dealers, mafia bosses, cartel operations, and hitmen – all need secure means of communication. Phantom Secure claimed its product is much more secure than commercial messaging apps with end-to-end encryption such as Signal or Telegram, which according to various media reports can be hacked by law enforcement agencies using advanced technological tools. Phantom Secure quickly became legendary among criminals. Word spread about the Canadian company and its hardened mobile phones. A new genius arrived in town, criminals whispered to each other, and he was offering the holy grail of dark, illegal communication.
The crime world could not wait to use this new tool. The Sinaloa drug cartel of Mexico – nicknamed the Blood Alliance – was one of Phantom Secure’s major clients, and these modified BlackBerry devices were also used by the notorious biker gang Hells Angels, which used them to orchestrate several assassinations. Phantom Secure’s products were used by criminals in the United States, Europe, Mexico, Canada, Australia, and Thailand – and helped operations that dealt in cocaine, heroin, and methamphetamines. More than 20,000 Phantom Secure devices were sold across the world. The company generated at least tens of millions of dollars in revenue, but the real numbers might be even higher: we don’t know, because Ramos used several shell companies and cryptocurrency machinations to launder his company’s proceeds. Still, we can be quite sure that Vincent Ramos made a lot of money, maybe even more than most tech founders.
It was a good run for Ramos – but it all came crashing down on March 7, 2018, when FBI agents cornered Ramos in a breakfast restaurant in Bellingham, Washington. Other members of Phantom Secure were apprehended simultaneously. It was Game Over for the holy grail of criminal communication.
But when it comes to crime, there’s always a new bad guy around the corner. And this particular bad guy had an ambitious agenda: to build a new secure mobile phone – even better than Phantom Secure’s.
Around the time Vincent Ramos’s empire collapsed, a mysterious figure within Ramos’s inner circles was working on a new idea: a more advanced version of Ramos’s secure mobile phone, nicknamed Anom. The holy grail 2.0.
The new Anom devices were basically regular Google Pixel phones with most features turned off. The device’s only functioning app was a calculator – but when a specific code was typed into the calculator, it turned into a messaging app – complete with end-to-end encryption.
The encryption used in the Anom devices was based on Public-key Cryptography, the same encryption method used in the HTTPS protocol, the secure communication protocol we use all the time online.
The idea behind Public-key encryption is quite simple. The most vulnerable point in network communications is when the data leaves its origin and travels across the public network to its destination: this is where hackers (or state-run agencies) will strike. To make sure that our messages are safe from prying eyes, we need then to leave our device already encrypted – and that only the target device will be able to decrypt them. Public-key encryption achieves this by using a pair of “keys”: essentially, long strings of numbers and letters.
As an example, say that I’m the leader of a Math empire.
[Yotam] Ran, come on… you, a leader of a Meth empire? Have you ever even seen meth before!?
Are you kidding me? Of course I have – plenty of times, when I was a student. Anyway, say I want to send Yotam, my henchman, a secret message asking him to bring me some of the white stuff.
[Yotam] Are…are you serious?…
Dead serious. Yotam has two keys: one is a public key, which – as the name implies – is known to all, and the other is a private key that is kept on Yotam’s device. My phone uses Nate’s public key to encrypt the message, which is then sent over the internet. The crucial part to know here is that the public key can only be used to encrypt a message – but not to decrypt it: hence, if someone intercepts the message before it reaches Yotam, they can’t decrypt it even if they have the public key in their possession. Only Yotam, who has the private key, can open it.
[Yotam] (out of breath) …OK, here it is. I got it.
[Ran] What’s that?
[Yotam] Meth. Isn’t this what you asked for?
[Ran] Math, not Meth, Yotam! I asked for some chalk, so I can write formulas on the blackboard!
[Yotam] OOOHHH. Right. No problem, I’ll get rid of it.
[Ran] No, give me that. I’ll take care of it.
[Yotam] Are you sure?
[Ran] Yeah, yeah… give it to me.
Where were we? Ah, yeah. Anom’s encryption protocol made sure that all the communications passing through the network were completely encrypted. Decryption only took place on the receiving device itself – using the private key, which was never shared with anyone else.
The Anom phones had several other features. For example, each phone had a kill switch – a PIN code that could trigger the complete deletion of all the information stored on a device. The same deletion would also be automatically initiated if the phone was left unused for a certain period of time. This meant that even if your device was confiscated by law enforcement agents – they only had a limited time window to try and hack it. If they failed – the phone’s entire content would be deleted. And if you were also arrested and asked to provide the phone’s password – you could simply give the investigators the kill switch PIN code and watch them destroy your phone for you.
One of Anom’s first customers was Hakan Ayik, an Australian drug trafficker, who bought an Anom phone for himself. Ayik is an almost mythical figure in the Australian crime world: he got his start in the late 1990s – and quickly built a massive drug empire. After amassing a fortune of over 1.5 Billion dollars, Ayik fled Australia, found refuge in Turkey and underwent plastic surgeries to alter his facial features.
After purchasing the new Anom phone – Ayik became a sort of super-spreader of the new device. He recommended the devices to many other criminals – and even demanded that communication with himself only be made through the new secure phones. Ayik was convinced this was the safest method of communication possible. He just didn’t trust the alternatives.
It took several months for the Anom devices to gain a following in the criminal world. By late 2019, there were several hundred active devices in the world. A year and a half later there were more than 12,000 Anom phones sold across the globe. More than 300 criminal organisations incorporated the devices into their communications. According to authorities, most users of the phones were upper-echelon, command-and-control figures in the criminal world.
A single phone was sold for between 1,700 dollars and 2,000 dollars in the United States – with prices greatly varying between different countries. Criminals gleefully talked about the new encrypted devices capable of hiding sensitive information. In fact, many of them had such high trust in the phone that, as we saw in the opening of this episode, they didn’t even use code words in the messages they were sending using the Anom software. After all, there was zero chance these messages would one day fall into the hands of law enforcement, right?
A Trojan Horse
It was the best shadow communication tool ever built, if not for one tiny flaw: Every single message that was sent using Anom – was going directly into the FBI’s servers.
You see, the fall of Vincent Ramos’s empire exposed this new communication system to the authorities. The FBI could have its developer arrested – but someone had a different and quite brilliant idea. The bureau approached the developer behind Anom and offered them a deal: give us absolute control over your system, and we’ll give you a reduced sentence. They even offered him or her 120,000 dollars to finance the development of the new software. The developer agreed – and Operation Trojan Shield was born, named after the fabled Trojan horse from Greek mythology: a supposed gift carrying hidden dangers inside of it.
How was the FBI able to sabotage the Public Key encryption scheme used in the Anom? Well, they altered the encryption software so that each message sent from a device secretly included a ‘Master Key’: a piece of information that enabled law enforcement to decrypt the messages. The FBI also set up a communication interception server in a third country – and used it to harvest every single message sent from these devices. Even when the phone’s owner used the so-called Kill Switch option of the device – the FBI could still access the data it contained.
Another capability the FBI reserved was harvesting GPS data. Even when the Anom devices appeared to have their GPS feature turned off, they secretly did save GPS data – and sent it to the FBI. According to a later report on Vice, the Anom device reported to the FBI the exact location of the phone when each message was sent.
Operation Trojan Shield
No less than 16 countries took part in the operation – with the FBI, Europol, Dutch police, and Swedish police coordinating the data gathering scheme. The authorities closely monitored every message sent using these Anom devices – and took notes. Incriminating messages were marked as valuable evidence; other information helped track and map worldwide criminal organisations. Furthermore, when users wrote to each other about how th ey wished they had smaller and slicker phones, the FBI actually made their wish come true and improved the Anom’s design. Over a three-year period, authorities intercepted more than 27 million messages sent via Anom devices.
Finally, the FBI made its move on June 8th, 2021. There are contradicting reports as to the reason Operation Trojan Shield concluded. Some say that the agencies behind the operation became aware of several dangerous plots that required intervention – even if it meant exposing the whole operation. Alternatively, the wiretap authorizations that were granted to agents were over.
More than 800 suspects were arrested in a coordinated strike in 16 different countries. Seven hundred houses were searched – based on incriminating evidence gathered on Anom phones. More than 250 weapons, 55 luxury cars, six tons of cocaine, five tons of marijuana or hashish, two tons of methamphetamine, and 148 million dollars were confiscated during the raids. Over 300 international criminal organisations were identified using the app, among them Italian mafia rings, biker gangs, cartel operations and drug smuggling organisations.
Jean-Philippe Lecouffe, deputy executive director of Europol, said-
“This law enforcement operation is exceptional by its global outcomes. We carried out one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities.”
Calvin Shivers, Assistant Director of the FBI’s Criminal Investigative Division, also spoke on the day Operation Trojan Shield was unveiled and said:
“The success of Operation Trojan Shield is the result of tremendous innovation, dedication and unprecedented international collaboration”.
Europol also promised that “countless spin-off operations” will be carried out in the weeks to come”.
Among those who were apprehended in the first wave of arrests were 17 people who worked for the Anom operation directly – without knowing of the underlying hidden agenda. Some of them were distributors who marketed the devices. Their marketing slogan, ironically, was : “designed by criminals, for criminals”.
There’s no denying that Operation Trojan Shield was a tremendous success. The operation resulted in so many arrests and indictments that it can be considered one of the most successful coordinated moves against international crime in recent history. Moreover, the operation also served to warn criminal organisations across the world: “trust no one”. Even “real” criminal encryption tools are going to be looked at differently after this operation. Criminals now have no choice but to distrust their phones and messaging apps. After all, If even a device “designed by criminals, for criminals” turned out to be a trap – then who can truly be trusted?
But this story also raises another point, not quite as optimistic. There’s little doubt that Phantom Secure wasn’t the only High-Tech company catering to the needs of criminals, and Vincent Ramos wasn’t alone in lending his talents to the dark side. Criminals are going to get more and more advanced systems. Anom was a government-run sting operation – but the next generation of secure and encrypted phones might not be. A future where every single drug syndicate or terrorist organization can communicate among themselves in a shadowy, secure manner – is a future worth fearing. And it might be on its way.