The AN0M fake secure chat app may have been too clever for its own good

Crims now know what not to trust, and how to stymie future infiltrations


Comment In April 1943, Japanese admiral Isoroku Yamamoto was killed when the US Air Force shot down the plane carrying him to Balalae Airfield in the Solomon Islands.

The attack was made possible by the USA cracking Japanese codes and decrypting a message that revealed Yamamoto’s flight plan would just take him within range of America's scarce long-range aircraft.

The chances of those aircraft happening upon Yamamoto were very small so US strategists worried Japanese analysts might conclude an attack was only possible because their codes been broken.

The US chose to kill Yamamoto, because he was felt to be so important to the war effort that losing access to decrypted intelligence was worth the risk. But on other occasions in World War II, troops were sent into harm’s way to effectively protect intelligence sources.

Which brings me to last week’s news that Australian and US law enforcement agencies seeded a backdoored encrypted chat app named AN0M into the criminal underworld, then intercepted word of a great many crimes and swooped to arrest those responsible.

Late last week, FBI International Operations Division legal attaché for Australia Anthony Russo added another important piece of information: speaking to Australian newspapers he said one reason for discontinuing use of AN0M was that it produced too much intelligence.

“The volume [of content] was increasing at a scale and our ability to resource it and monitoring it really wasn’t scalable commensurate to the growth,” he reportedly said.

Russo said authorities therefore decided enough was enough, so revealed AN0M’s existence. We also noted that, in March, someone poking around in the software's code spotted what looked like a backdoor and raised the alarm in a later-deleted blog post.

I'd been thinking about the Yamamoto story since news of AN0M’s existence was revealed. Russo's reported remarks again got me thinking about when and if it is appropriate to reveal hidden strengths to your enemies.

At the press conference that revealed the existence of AN0M, Australian Federal Police commissioner Reece Kershaw said his agency, and others like it around the world, understand that criminals can choose from many end-to-end encrypted communications services. Kershaw tried to send a signal that while AN0M has been de-activated, authorities will always seek similar capabilities and have the smarts to do so.

“Criminals should be on notice that law enforcement are resolute to continue to evolve our capabilities,” Kershaw said.

Which sounded like a clear message that criminals should not assume AN0M is the end of a story.

So while the most easily-learned and obvious lesson from AN0M was that criminals ought not to trust anyone selling “secure” comms apps, another lesson was that even if an app is cracked it's possible to mess up the cops by changing the signal-to-noise ratio.

The lesson for the rest of us law-abiding Reg readers is that law enforcement authorities around the world are well and truly committed to finding ways through and around encryption, wherever it is used by criminals.

Strategists at those agencies will also be aware of the Yamamoto decision and that the Allies went to great lengths to create cover stories that made a decryption conclusion less plausible.

We may never know if any of what we were told about AN0M this week was one of those useful diversions. And we can only hope that when law enforcement agencies make their very difficult choices about what to reveal, their decisions don’t have the unintended consequence of diluting privacy for the innocent. ®


Other stories you might like

Biting the hand that feeds IT © 1998–2021