9 Jun 2021

AN0M: How an app to decrypt criminal messages was born 'over a few beers' with FBI

3:54 pm on 9 June 2021

By David Tuffley* of The Conversation

The Conversation

Law enforcement officials have announced they sprung an international trap three years in the making, catching major international crime figures using an encrypted app.

ANoM logo on phone

Photo: AFP

More than 200 underworld figures in Australia have been charged in what Australian Federal Police (AFP) say is their biggest-ever organised crime bust.

The operation, led by the US Federal Bureau of Investigations (FBI), spanned New Zealand, Australia and 17 other countries. In Australia alone, more than 4000 police officers were involved.

At the heart of the sting, dubbed Operation Ironside, was a type of "trojan horse" malware called AN0M, which was secretly incorporated into a messaging app. After criminals used the encrypted app, police decrypted their messages, which included plots to kill, mass drug trafficking and gun distribution.

Millions of messages unscrambled

AFP Commissioner Reece Kershaw said the idea for AN0M emerged from informal discussions "over a few beers" between the AFP and FBI in 2018.

Platform developers had worked on the AN0M app, along with modified mobile devices, before law enforcement acquired it legally and adapted it for their use. The AFP said the developers were not aware of the intended use.

Once appropriated by law enforcement, AN0M was reportedly programmed with a secret "back door" enabling them to access and decrypt messages in real time.

A "back door" is a software agent that circumvents normal access authentication. It allows remote access to private information in an application, without the 'owner' of the information being aware.

So the users - in this case the suspected criminals - believed communication conducted via the app and smartphones was secure. Meanwhile, law enforcement could reportedly unscramble up to 25 million encrypted messages simultaneously.

Without this back door, strongly encrypted messages would be almost impossible to decrypt. That's because decryption generally requires a computer to run through trillions of possibilities before hitting on the right code to unscramble a message. Only the most powerful computers can do this within a reasonable time frame.

Providers resist pressure for 'back-door' access

In the mainstream world of encrypted communication, the installation of "back-door" access by law enforcement has been strenuously resisted by app providers, including Facebook who owns WhatsApp.

In January 2020, Apple refused law enforcement's request to unlock the Pensacola shooting suspect's iPhone, following a deadly 2019 Florida attack which killed three people.

Apple, like Facebook, has long refused to allow back-door access, claiming it would undermine customer confidence. Such incidents highlight the struggle of balancing competing demands for user privacy with the imperative of preventing crime for the greater good.

Getting criminals to use AN0M

Hooded cyber crime hacker using mobile phone internet hacking in to cyberspace,online personal data security concept.

Photo: 123rf

Once AN0M was developed and ready for use, law enforcement had to get it into the hands of criminal underworld figures.

To do so, undercover agents reportedly persuaded fugitive Australian drug trafficker Hakan Ayik to unwittingly champion the app to his associates. These associates would then be sold mobile devices pre-loaded with AN0M on the black market.

Purchase was only possible if referred through an existing user of the app, or by a distributor who could vouch for the potential customer as not working for law enforcement.

The AN0M-loaded mobiles - likely Android-powered smartphones - came with reduced functionality. They could do just three things: send and receive messages, make distorted voice calls and record videos - all of which was presumed to be encrypted by the users.

With time the AN0M phone increasingly became the device of choice for a significant number of criminal networks.

Building up a network picture

Since 2018, law enforcement agencies across 18 countries had been patiently listening to millions of conversations through their back-door control of the AN0M app.

Information was retrieved on all manner of illegal activities. This gradually enabled police to etch a detailed picture of various crime networks. Some of the footage and images retrieved have been cleared for public release.

One major challenge was for police to match overheard conversations with identities - as the AN0M phone could be purchased anonymously and paid for with Bitcoin (which allows secure transactions that cannot be traced). This may help explain why it took three years before police openly identified alleged perpetrators.

It is likely the evidence obtained will be used in prosecutions now that a multitude of arrests have been made.

The future of encryption

Encryption technology is improving fast. It needs to - because computing power is also growing rapidly.

This means hackers are becoming increasingly capable of breaking encryption. Moreover, when quantum computers become available, this problem will be further exacerbated, since they are massively more powerful than conventional computers today.

These developments will likely weaken the security of encrypted messaging apps used by law abiding people, including popular apps such as WhatsApp, LINE and Signal.

Strong encryption is an essential weapon in the cybersecurity arsenal and there are thousands of legitimate situations where it is needed. It is ironic then, that the technology intended by some to keep the public safe can also be leveraged by those with criminal intent.

Networks of organised crime have used these "legitmate" tools to conduct their business, secure in the knowledge that law enforcement cannot access their communications. Until AN0M, that is.

While Operation Ironside may have sent a shiver through criminal subcultures operating around the world, these syndicates will likely develop their own countermeasures in this ongoing game of cat and mouse.

* David Tuffley is a senior lecturer in applied ethics and cybersecurity at Griffith University in Queensland. He does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.

This article was originally published in The Conversation and has been republished with permission.

Get the RNZ app

for ad-free news and current affairs