Oz Feds reveal distribution model behind backdoored 'An0m' chat app spread by crims
Resellers were given exclusive territories to target, and offered tech support
Australia's Federal Police force has revealed more about how it distributed a backdoored chat app to criminals.
The app, named An0m, was revealed in June 2021 when Australia's Feds (AFP), the FBI and European authorities revealed they'd combined to convince crims the software allowed secure communications. The app ran on conventional Android smartphones modified to run An0m and nothing else.
The AFP today revealed a little more about how the app, and phones running it, were seeded. The Force described the following four steps:
- Wholesalers were mid-to-high-level criminals, some with exclusive distribution rights in certain countries and regions;
- Agents had distribution rights for particular territories – they employed staff to recruit more clients and deal with "customer" issues;
- Representatives were resellers who sold devices to associates and collected fees for subscriptions; and
- Drivers were employed to deliver the An0m handsets.
But An0m was backdoored, so law enforcement agencies were able to observe crims merrily chatting among themselves, often freely discussing criminal conspiracies.
The resulting law enforcement efforts – Special Operation Ironside in Australia, Operation Trojan Shield in the USA and elsewhere – proved very productive.
In Australia alone, over 700 warrants were executed, 311 people were charged, and 6.3 tonnes of illicit drugs plus AU$52 million ($37M) of filthy lucre were seized. Around the world another 993 suspects were arrested, over 42 tonnes of illicit drugs were seized, and more than $58 million of cash and cryptocurrency is now in the hands of authorities.
- FBI paid renegade developer $180k for backdoored AN0M chat app that brought down drug underworld
- The AN0M fake secure chat app may have been too clever for its own good
- Cuffed: Ukraine police collar six Clop ransomware gang suspects in joint raids with South Korean cops
The AFP today announced a new phase of Operation Ironside, based on further analysis of 19-million-plus messages that pertain to criminal activity in Australia. An arrest of a man allegedly involved in supply of methamphetamine was attributed to that intelligence, and to messages passing between Australia and motorcycle gang members in Turkey.
The AFP's announcement of its progress also offers the observation that "Criminals have moved to other encrypted devices" and predicts "It is likely some large syndicates will develop their own dedicated encrypted communication devices and private networks within the next three years." ®