This article is more than 1 year old
The AN0M fake secure chat app may have been too clever for its own good
Crims now know what not to trust, and how to stymie future infiltrations
Comment In April 1943, Japanese admiral Isoroku Yamamoto was killed when the US Air Force shot down the plane carrying him to Balalae Airfield in the Solomon Islands.
The attack was made possible by the USA cracking Japanese codes and decrypting a message that revealed Yamamoto’s flight plan would just take him within range of America's scarce long-range aircraft.
The chances of those aircraft happening upon Yamamoto were very small so US strategists worried Japanese analysts might conclude an attack was only possible because their codes been broken. If Japan reached that conclusion, it would probably adopt a new encryption scheme and the USA would be deprived of a very valuable intelligence source.
The US chose to kill Yamamoto, because he was felt to be so important to Japan's war effort that losing access to decrypted intelligence was worth the risk. But on many other occasions in World War II, troops were sent into harm’s way to effectively protect intelligence sources.
Many people died as a result of those decisions not to reveal successful decryption.
Which brings me to last week’s news that Australian and US law enforcement agencies seeded a backdoored encrypted chat app named AN0M into the criminal underworld, then intercepted word of a great many crimes and swooped to arrest those responsible.
Late last week, FBI International Operations Division legal attaché for Australia Anthony Russo added another important piece of information: speaking to Australian newspapers he said one reason for discontinuing use of AN0M was that it produced too much intelligence.
“The volume [of content] was increasing at a scale and our ability to resource it and monitoring it really wasn’t scalable commensurate to the growth,” he reportedly said.
Russo said authorities therefore decided enough was enough, so revealed AN0M’s existence. We also noted that, in March, someone poking around in the software's code spotted what looked like a backdoor and raised the alarm in a later-deleted blog post.
I'd been thinking about the Yamamoto story since news of AN0M’s existence was revealed. Russo's reported remarks again got me thinking about when and if it is appropriate to reveal hidden strengths to your enemies.
At the press conference that revealed the existence of AN0M, Australian Federal Police commissioner Reece Kershaw said his agency, and others like it around the world, understand that criminals can choose from many end-to-end encrypted communications services. Kershaw tried to send a signal that while AN0M has been de-activated, authorities will always seek similar capabilities and have the smarts to do so.
“Criminals should be on notice that law enforcement are resolute to continue to evolve our capabilities,” Kershaw said.
Which sounded like a clear message that criminals should not assume AN0M is the end of a story.
- UK terror law reviewer calls for expanded police powers to imprison people who refuse to hand over passwords
- Revealed: The military radar system swiped from aerospace biz, leaked online by Clop ransomware gang
- FBI confirms Zodiac Killer's 340 cipher solved by trio of amateur math and software codebreakers
- 'Facebook simply would not exist today if not for Bletchley Park,' says social network – but don't hold that against it
But while the most easily-learned and obvious lesson from AN0M was that criminals ought not to trust anyone selling “secure” comms apps, the AFP has effectively told crooks that a flood of info - true or false - in any communications channel may overwhelm investigators.
The lesson for the rest of us law-abiding Reg readers is that law enforcement authorities around the world are well and truly committed to finding ways through and around encryption, wherever it is used by criminals.
Strategists at those agencies will also be aware of the Yamamoto decision and that the Allies went to great lengths to create cover stories that made a decryption conclusion less plausible.
We may never know if any of what we were told about AN0M this week was one of those useful diversions. And we can only hope that when law enforcement agencies make their very difficult choices about what to reveal, their decisions don’t have the unintended consequence of diluting privacy for the innocent. ®