How the FBI Tapped the Encrypted Chats of Criminals Around the World

Paris Marx: Joseph, welcome to Tech Won’t Save Us.

Joseph Cox: Thank you so much for having me.

PM: I’m very excited to chat. You contacted me a few months ago about the book. When I heard about it, I was like, this seems interesting. I’m not super sure if it’s in my wheelhouse. And then I started digging into it and I could hardly put it down because it’s so fascinating. And, I was saying to you before we started recording, I think that you’ve found a way to present a kind of tech story about this involving the police that makes me actually kind of empathize with the police and feel like I’m on their side, which just feels wild.

JC: It’s very, very complicated story. And as I said, just before we started recording, when privacy people read it, they’re horrified. And then when people who lean more on the side of law enforcement, they find it amazing and fascinating. And then I think there’ll be a lot of readers, myself included after writing the book, who sit in the middle and they’re kind of confused about what we’re supposed to make of this because it has implications for everybody.

PM: I think that is absolutely true. I was reading aspects of it and I was like: Whoa, holy shit. But then other aspects where I was like: Yeah, this is great. They’re getting the criminals. And maybe that partly comes from watching these police shows that we’re all used to watching over such a long period of time and how this also gives us this idea of how these things all work, but I’m wondering, we’ll get into the details of this story, but how did this whole kind of case and how did this whole idea of these encrypted phones and the involvement of authorities like the FBI, how did this all get on your radar?

JC: It got on my radar because I found an obscure Dutch crime blog in around 2016, and people on there were talking about these PGP BlackBerrys. And I’m like: What the hell is a PGP BlackBerry? It turns out it’s an ordinary BlackBerry that they’ve installed pretty good privacy email encryption software on. And as I started digging, it turned out that a lot of the top tier criminals we’re not using ordinary Apple or Google devices. They were using these highly customized phones, which not only had email encryption software, they had the microphone removed, the GPS taken out the camera as well — really extreme modifications.

And I just became completely obsessed with this industry, in the same sort of way that someone would cover Facebook as a beat, I started covering the weird world of encrypted phones for criminals. And I definitely approached it from the perspective of the criminals and of the people who make these phones. I haven’t really interacted with law enforcement much up until writing this book. I’ve always spoken to hackers, drug traffickers, smugglers, hitmen, all of that sort of thing. So I came from there and I think nobody, no journalists at least, had really messaged these companies before or just ask like: Hey, so what are you doing with these?

And some got back to me, some threatened me, as is just the nature of this sort of story, but I developed sources in this community. And that led to me learning about Phantom Secure, which is one of these companies being shut down by the FBI before the FBI actually announced it. And then all of these other side stories and it basically meant that when the ANOM story, which is what “Dark Wire” is primarily about, I was very well positioned to tap into all of my sources and be like, well, what actually really happened here .

PM: And that really comes through in the book as well — the quality of the stories that you tell, the depth that you get into it is very apparent from the book itself. And listen, you might not have been on the Facebook beat, but someone needs to be on the encrypted phone beat, which is much more unique and probably interesting as well. If we go back, like when does. criminal use of these encrypted phones and kind of the beginning of using specific phones that are designed for their needs? When does that really start to emerge and when does that start to become popularized?

JC: It starts to happen after BlackBerry becomes popular. We all know about President Obama having his BlackBerry. When I was growing up, having a BlackBerry was sort of a status symbol among my friends. I never had enough money to buy one.

PM: I never had one either.

JC: No, I could not afford that , but it was clearly a status symbol and then criminal started to use it because it had BlackBerry Messenger and that was seen as more secure. It was sort of more direct form of messaging and scrambled. I wouldn’t say encrypted, but the messages were scrambled. And then the cops got wise to that and they did all of these sorts of operations around BlackBerry Messenger. And then that’s when the criminals started to: Well, let’s customize the a little bit so we can still use them, but we can be a step ahead. of what the authorities are doing.

And it’s this constant cat and mouse game as it always has been with law enforcement and criminals. We’ve had burners, we’ve had pagers; we’ve had pay phones, whatever. And now we have very sophisticated cryptography installed onto a customized device. It’s always that cat and mouse game. And that’s sort of the lineage that leads to these very expensive, very customized phones.

PM: One of the things that stood out, obviously, because I am in Canada is how, at least early on, a lot of this seems connected to Canada. Obviously, BlackBerry is a Canadian company. Phantom Secure, as you’re talking about, I believe is based out of or was based out of Vancouver. I think Sky, which is another one of these encrypted phone companies is Vancouver-based, as well. Is there a particular reason why a lot of this seem to be coming out of Canada?

JC: It’s really fascinating that so much of it is localized in Canada, both on the law enforcement side and the company side. It’s kind of hard to tell, but my read on it is that rightly so. It’s not actually illegal to make one of these encrypted phones. It’s not. illegal in and of itself to sell an encrypted phone. I don’t think any of us really want to live in a world where you can get criminally prosecuted for making what is code designed to mask messages. Don’t really need to go down that. I would just take that as it is, but it’s not illegal to do that in Canada. So that’s where a lot of these companies started to spring up.

I imagine it also has something to do with BlackBerry also being from the country as well. And they could more easily just get used to the technology and manipulate it. But as you say, The Royal Canadian Mounted Police were really some of the leaders when it came to targeting criminal use of BlackBerry devices. They did this really audacious operation where they somehow obtained the global decryption key for BlackBerry Messenger, which means they had a key to unlock, well, an infinite number of safes all over the world. It didn’t just have to be in Canada. And that’s actually sort of a preamble for a norm because I think it just shows sort of the extreme lengths that law enforcement are prepared to go to access encrypted messages, even if the format of those messages then changes over the coming years and decades, the police will really push the envelope when it comes to encryption.

PM: And it is a fascinating story. And just to be clear, ANOM is the company that ends up getting started by the FBI, which we’ll talk about in just a minute. But I was hoping you could give us a bit more detail on how the use of these phones and the design of these phones actually evolves, because you’re talking about there, how early on a lot of these were kind of Blackberrys and then eventually modified Blackberrys. But obviously as the broader expectation for smart phones starts to change because, we get the iPhones and the Androids and they start to become more advanced. I’m sure criminals want a lot of those features as well. So how does that kind of affect the way that these encrypted phones evolve over time and the way that these companies are making them?

JC: Yeah, so Phantom Secure, one of those companies that was doing encrypted customized Blackberrys, they just sold encrypted emails and it got to the point where their customers just expected more. Other companies were coming out with android smartphones where you could send voice messages or make calls. You could send photos across like all of the sorts of stuff that we take for absolute granted when it comes to consumer communications. Criminals want to send photos too! They want to send emojis or whatever.

So Phantom Secure sort of fell out of favor because it wasn’t prepared to innovate. And then you had other companies such as EncroChat and then Sky, one you mentioned, they also started using iPhones. And it is almost like there is this entire shadow industry, which has product launches and, rebrands and new features just like Google or Apple or whatever. Maybe some people look forward to seeing the new ultra thin iPads or whatever these criminals look forward to watching: Oh, wow, there’s a voice scrambler on these phones now! That’s really, really cool.

And these criminals have intense brand loyalty. I mean, I was even told about some people getting tattoos of specific brands, and that’s because there is a status symbol here as well. As in, if you do not have an encrypted phone, you’re not a real criminal. As in, I’ve literally seen that quote in some messages as well. It’s a logistical benefit as in: Well, we can hide our messages from the police, but then if you’re in a meeting with somebody, and you put a customized phone on the table. It’s: Oh, I’m dealing with the real deal here.

PM: Fascinating. Obviously when we kind of go buy our iPhones or Android phones or whatever, we go to the Apple store or we go to the telecommunications company’s local store, whichever telecom company operates in your jurisdiction. That’s where we get our phones. That’s how it works. How does it work to get your hands on one of these encrypted phones?

JC: Typically it’s with a reseller and often it is in person. You can go to some shops and buy them, but they are for lack of a better way of putting it, and they also describe this themselves, spy shops. So you might go to Amsterdam and on one side, there’ll be GPS trackers, bugs for putting in cars, anti-bug tools as well. And then maybe behind the counter, or maybe elsewhere, there will be some of the encrypted phones. That’s sort of the only context in which you’re going to buy these phones in which it resembles anything like buying a normal one.

Ordinarily, it’s going to be word of mouth through your criminal network. It wants to work with another one, or you want to join a criminal network. You have to be on the same phone as everybody else because they’re typically closed networks. You’ll get introduced to a reseller and you’ll go buy it in person or it will get shipped to you.

That word of mouth network has a couple of benefits in that it keeps the customer base insular, and you’re not really going to have cops coming in and that sort of thing, at least ideally. And then for the criminals, it also gives them someone to blame if things go wrong. If a criminal downloads Signal and buys an iPhone, what are they going to do if they get caught? Yell at Tim Cook or like yell at Signal? Maybe they might, and that could be very scary, but what they can do here is they can go to the reseller and say: You sold me a phone that was bad, or they broke the encryption or something. This is your fault. And there can be repercussions for that.

PM: Right. Could be scary repercussions, I’m sure, depending on the person who we’re talking about. So you talked about how the RCMP in Canada got this key for the BlackBerry Messengers and that started to compromise BlackBerrys and forced these criminals to go in a different direction, have very specific phones. How does law enforcement more generally start to really target these encrypted phone companies and start to kind of take them down?

JC: They start by trying to get insiders, they start by trying to flip the sellers or maybe the people who are the higher echelons of the organization and try to get closer to them. In the case of Phantom Secure, they tried a few different things, but the thing that eventually worked was that the Australian police had a Phantom Secure reseller or distributor. They flipped them and told the distributor, you need to get close to the CEO, a man called Vincent Ramos. A long series of events leads to Ramos saying some rarely incriminating stuff in an undercover meeting with law enforcement officials, and they arrest him.

They do try to flip Ramos to put a backdoor into Phantom Secure. They’re not successful. He escapes. There’s a very dramatic escape when he’s trying to get to the Canadian border. And I won’t spoil exactly what happens, but that’s what they try to do. They try to flip the people to then flip the code. What law enforcement really want is a backdoor in one of these systems because phantom secure had 10,000 users. The vast majority of which appeared to be criminals. If you’re a law enforcement officer, imagine getting access to those messages. It would be an intelligence gold mine. I really can’t think of anything more valuable to law enforcement than getting a backdoor in an encrypted phone company.

PM: One of the things I was fascinated about as I was reading it is you were describing how when they’re going after Ramos and he flees the scene and he’s headed toward the Canadian border, the authorities are actually like: Oh my God, I wish he had gone to Mexico because it would have been so much easier to get him back from Mexico, and if he crosses into Canada, it’ll be so much harder. And I had like, never really considered that before.

JC: I mean, same. I was surprised when people I spoke to told me that. And it’s because sort of what you mentioned earlier about these companies based in Canada, he’s a Canadian citizen going back to Canada where making or selling the phones is not a crime. That’s going to be tricky for the American authorities. Whereas if they run to Mexico, they’ll find a way to grab them pretty easily.

PM: Definitely. In the book, you talk about how once Phantom Secure is taken down, there’s kind of a two pronged approach that the authorities and the FBI in particular, well, I guess not just the FBI, but European police and people like that as well, really try to carry out in order to get into these encrypted phone companies and to figure out what these criminals are actually doing. And one path is trying to actually crack these existing companies, the Skys and the EncroChats, as you were talking about, but then they also get presented this opportunity to actually have control over an encrypted phone company without people knowing. How is it that they start to head down these different paths to try to crack these companies and these broader criminal networks?

JC: So after Phantom Secure is shut down by the FBI, it’s very, very clear to people in the industry that sell these phones that they could be next. This is a watershed moment. The FBI is not messing around anymore. The gold rush of selling phones to these criminals looks like it’s over or at least start the end of it’s going to start. So someone in that industry who uses the name Afgoo then reaches out to the FBI and says: Look, I’m making my own company. It’s called ANOM. It’s not really fully developed yet, doesn’t really have many customers, but would you like this for you to use in your own investigations? And I said earlier about how I can’t imagine anything more valuable to law enforcement than the back door in a crypto phone company. I lied. This is more valuable.

You get to run the company yourself and put in whatever backdoor you want. That is what was on the table. In return, Afgoo would get a lighter sentence for whatever charges they may or may not got prosecuted with later. But this is like the ultimate ace that Afgoo played and basically handed the FBI and their partners, the Australian Federal Police, a tech company, a tech company for criminals that the FBI now had to figure out how to run. They had to run the sort of phone tech gadget startup of the criminal underworld.

PM: When I was reading about the FBI’s involvement in that and like getting it set up, obviously they had Afgoo and this team that he put together to kind of help get it started and run it and things but I was like: Man, they always say like the government can’t run a tech company and doesn’t understand tech. And here’s like the FBI running an encrypted phone company that becomes like globally used before it finally gets shut down.

JC: The Department of Justice is not usually a place for move fast and break things. And there were issues with the main DOJ that the book gets into later. But for the most part, these FBI agents and the prosecutors from San Diego just ran with it. And I mean, even one of them, Andrew Young, told me to slightly paraphrase, the idea was that: Let’s just keep going until someone tells us to stop. And they thought that was going to happen at various points, but they were like, fuck it. Let’s just go because this opportunity will probably never present itself again.

PM: And so how does ANOM and this company like get off the ground, but also take advantage of the fall of Phantom Secure and questions about some of these other companies to really start to grow and get those phones out there?

JC: So when Phantom Secure shuts down, there is obviously a big vacuum. This was one of the biggest companies in the space. Sinaloa Cartel used it and a bunch of other criminal networks. ANOM was very well positioned to fill that vacuum. Afgoo already had connections in the criminal underworld, especially to someone called Hakan Ayik, who listeners may not be familiar with, but he is, I guess, still is the most wanted man from Australia, a top tier, multi billion dollar drug trafficker. And ANOM starts first by seeding a few phones in Australia, literally just five, a handful, it then gets spread around. But very quickly, more people want to get on this phone, more people want to use it.

And especially people overseas want to use it because of course, the globalized nature of organized crime today is that people do not stay in their own territories, and if they do, they simply work with people from other territories as well. The idea of organized crime groups is an old idea now. It’s very much organized crime networks, and Afgoo starts to get these inquiries like: Hey, my people overseas want to get on ANOM, as well, and we need them to be on the platform. Can you help us out? And of course agrees with the FBI in the background encouraging all of this as well.

But Hakan comes in the very high tier drug trafficker and he is the one who really helps ANOM explode especially in Europe, but people he brings in also globally as well. You need these drug trafficking influencers, which is what law enforcement calls them, as ambassadors for your product. I said it was a brand, the status thing. What is a better endorsement of your product than the most wanted man in Australia using your phone?

PM: Absolutely. And around when is this really happening? Is the FBI setting up this company and it’s starting to get in people’s hands? What’s the timeline here?

JC: So it starts in around 2018 and stuff is a little bit slow for the first few months, but come a year, people are talking about it by the fall of 2019. And that is when the FBI itself starts to actually get access to the messages as well. Up until this point, it’s just been the AFP for various legal reasons. The FBI then gets access in 2019, and they can finally start reading the messages that are coming in from all over the world, basically by that point.

PM: And you talked about how obviously this is an operation that was kind of led by the FBI, but they are, they very early on partner with the AFP, the Australian Federal Police because of a lot of work that’s going on down there. And as you talked about these connections that exist between Australia and these larger criminal networks. What I was thinking, again, coming from this Canadian perspective that I have, is when we were talking about Phantom Secure and the arrest of Ramos, you had the American authorities, along with the Australians and the Canadians involved, and there was a suggestion, or, it was confirmed that Canadians had actually kind of given information to Ramos to let him know. he was kind of being targeted or whatever so he could get away? Were the Canadians excluded from this broader operation in part because of that or was there any suggestion from it or is there another reason why they just tried to go with the Australians to start?

JC: I haven’t seen any evidence that that’s the reason why Canada was not broadly included in the norm. They are mentioned much later in the press release thanking them, but their role certainly was not as large as the FBI’s or the AFP’s. And what you’re referring to is that, of course, there was a very high profile case in Canada, where a civilian senior intelligence officer leaked the information information to Ramos, which even if it didn’t necessarily help his case, it could have, and that was a serious security threat. I think more the reason that the AFP took the lead was one because the AFP has been stymied by encrypted phones for decades by this point. Serious biker gangs use them.

You have the Comancheros, which are very violent, Hell’s Angels, the Banditos, all of the sorts of biker gangs you would expect. And they have straight up assassinations planned on these platforms. It really is a massive problem in that country. So I think that’s the first reason. The second is just sort of a more boring legal one. Australia recently had a relatively new surveillance law that basically allowed this to happen. And they were like: We’re allowed to monitor all of these phones if they have a nexus to Australia. And it acted as something of a beta test for the FBI. Also, because some of the American officials felt the DOJ wouldn’t go with the plan if it hadn’t been proven to work. So let’s just use Australia as like a nice little test tube and they can like figure out what it’s doing, prove it works, and then the FBI will step in and start doing it there.

PM: Because this becomes a really key part of the story that you tell, right? The FBI is spearheading this operation, is ensuring that this company can run and this whole operation is taking place and eventually bringing in international partners, but they get the kind of legal authority to start looking at these messages that are being sent outside of the United States, but if I understand it, they never, ever actually get the authority to look at stuff that’s happening within the country?

JC: That’s basically the compromise that the FBI and the San Diego prosecutors had to accept that DOJ was not prepared to allow monitoring of a non-messages inside the US by the FBI, because that brings up massive fourth Amendment or wiretapping issues depending on what legal route you’re going to take. So they found a workaround. They put into the code that whenever there was an ANOM phone on US soil, the messages would not be sent to the FBI. They would still be sent to the Australian Federal Police.

And they agreed to monitor those messages for threats to life, which is somebody trying to assassinate somebody else, somebody saying: I’m going to kill you, all of that sort of thing. And the AFP would then provide a tip off. About that threat to life. And then maybe the FBI could act or something like that. It was kind of in its simplest terms by absolutely. I think it’s fair to say, it was a workaround. It was a legal workaround so that ANOM phones in the US would still be monitored for certain content. It just wasn’t the FBI doing it.

PM: And as I understand it, there are some other kind of restrictions that they put on what they could actually monitor. They were obviously going after criminals, but then other people would get these phones, as well, because they were engaging with criminals or new criminals, and they had certain regulations on what they were kind of ethically or legally allowed to look at beyond just Americans.

JC: So the FBI treated it ethically as a wiretap, even though it was this massive data harvesting operation, basically unprecedented, they treated it like a normal wiretap in that if a lawyer got the phones, they would really try not to look at those. If a civilian got the phones, which is what happened, they would try not to monitor those, as well. But to be clear, there was sort of no legal barrier to the FBI doing that because the way they set it up technically and legally, this massive dump of messages came every Monday, Wednesday, and Friday with basically no strings attached, except don’t look at phones in America.

So they could rummage all they want. And of course, that did lead to a ton of drug shipments and all of that sort of stuff being seized. Also raises some pretty serious questions about, do you want to allow a law enforcement agency or its partners unfettered access to a platform? And the FBI’s argument is that ANOM was for criminals. So, anybody on this platform is fair game. That’s their argument, at least.

PM: No, I see that. And we can talk about that a bit more later and the broader ramifications of that. But as the FBI and as the AFP started to receive more of these messages started to be monitoring what was happening on this encrypted phone platform network, whatever we want to call it, what did they start to find? Did they learn important things by having access to the communications of these criminals?

JC: The FBI and its partners found basically that the communications were overwhelmingly criminal in nature. And I found this myself when I eventually got copies of the ANOM messages and I would go through them and it’s just drug deal after drug deal, shipment after shipment, assassination after assassination. So they’re getting all of this sort of intelligence on how the drugs are being packaged and all of these sorts of unusual techniques, like putting them into stone slabs and lumber and all of these other very. fantastical techniques, where they’re being shipped from, where they’re being shipped to, who is selling them, where they’re being sold, the entire supply chain as much as they could of multi ton cocaine deals.

You just do not get this sort of visibility normally. And then there’s the money laundering and the safe houses. There’s the people who are ordering the hits. There’s the massive public corruption at ports or inside government offices as well, where, I mean, Andrew Young, the prosecutor I mentioned, he was blown away by how much corruption was going on. And that’s especially something that you just don’t really hear about, normally. That is a really hidden part of the international drug trade, but ANOM, and then later some other operations into Sky and EncroChat really revealed some of that.

PM: And, of course, as you would expect, that is essential to ensure that these drugs and kind of other things can move, but it’s probably even harder to suss out than finding the actual criminals who are behind these things?

JC: I think that this is what they really, really wanted. It’s the corruption side, especially, I mean, US officials told me that as much, and that’s why they were so determined to also do this in the US. They wanted to get the guys who don’t get caught, the guys who never come on law enforcement’s radar, because they are actually smart and they are actually using pretty sophisticated technology. That’s the sort of people that they wanted, that the San Diego FBI wanted to get, and they did get a lot of them, but they definitely didn’t get all of them because of that restriction on not monitoring in the US.

PM: You talked about how it’s not so much just criminal gangs, but criminal networks today, as these criminal organizations operate around the world and have connections to people everywhere, and as these encrypted phones, these ANOM phones from this FBI-run company started going global as well, they started to see the extent of those networks and how far they actually went in the connections between them. Can you talk a bit about how far that went and how global in scale these criminal networks actually are?

JC: So that drug trafficker I mentioned, Hakan Ayik, who was very important to ANOM growth, he eventually makes what Australian law enforcement call the Aussie Cartel. And ordinarily you may have one criminal group, smuggling, I don’t know, methamphetamine, then you’ll have another one smuggling cocaine. What Hakan and other members of the Aussie cartel did, they came together to put not a total monopoly, but to gain control of a very large chunk of drug importation into Australia. And that allows you to set the routes, allows you to set the price. It allows you to potentially lower violence because people aren’t screwing each other over.

And this involves people who usually kill each other if they were in the same room. Hakan Ayik is heavily linked to the Comancheros biker gang. And then the Hell’s Angels are also part of this super cartel. And you have very similar stuff happening in Dubai as well, where you’ll have Irish gangsters, like the Kinahans, then working with gangsters from the Netherlands, as well. And they sort of all bring their own skills, resources, investment money, as well. And they can then communicate and plan on a much larger, grander scale than they ever could just by themselves. These crime groups may have longstanding rivalries, but there’s something that brings them all together and that’s obviously getting more money.

PM: Of course. And one of the things that I was. surprised to learn from the book and maybe should have realized was just how much Dubai was really a center for a lot of these criminal groups and how a lot of these criminals when they started to feel the heat in their own jurisdictions would look to Dubai as somewhere where they could go and feel quite secure that they were going to escape authorities if they did that.

JC: Dubai is a fascinating place because what happens is in the criminal underworld, you’ll have like these hidey holes or these relative safe havens. And Thailand used to be one of them. Marbella, some people still do that. And especially over the last 10 years, tons of criminals have gone to Dubai for various reasons. One being lack of taxation, I guess that’s one way to pull it.

PM: That always helps.

JC: Yes, that always helps, especially when you have hundreds of millions, if not billions of dirty cash, the ease of which of buying real estate is a big one as well. But then of course, Dubai’s somewhat adversarial to nonchalant relationship with foreign law enforcement partners. And this has changed pretty quickly over the past two or three years, where Dubai authorities are now actually arresting people on behalf of the AFP or the Dutch authorities. And then they will you extradite them and it’ll be a big win for the Dubai police. But that was only very, very recent. And up until then, Dubai was a playground, a sort of business conference room, and just a great place to have a high quality of life, if you were a serious organized criminal. You could do all of those things. You could escape the authorities and also go to some fancy hotel and meet your gangster comrades.

PM: It seemed like one of the big risks, though, was that Dubai authorities don’t like encrypted messaging. And so some of these folks who sold encrypted phones or even use them needed to watch out because sure they were criminals and they were doing all this kind of criminal activity or involved in it that maybe the Dubai authorities would overlook, because they were doing like encrypted messaging, that was a problem.

JC: There’s a scene in the book where a particular ANOM seller is arrested. And so as one of his resellers, because they’re trying to sell, I think he’s technically selling EncroChat devices at the time, but he also plans to sell ANOM devices later. And I think that’s just a fascinating tension in that Dubai is this relative safe haven for criminals, but then if you sell encrypted phones, whoa, whoa, whoa, you can’t do that! It’s way too far. We’re going to clamp down on you. Again, that’s sort of changing again because they are now extraditing more of the criminals, but it’s just very funny that they went after the encryption first rather than the drug traffickers.

PM: Yeah, it is funny. Obviously, at a certain point, the number of messages that are coming into a nom as the user base is growing becomes far too much for the FBI or the AFP to handle on their own. And they start to build this kind of broader network and these relationships with the other in particular, European countries and European authorities, and eventually they move up to Europol with this broader operation. That’s bringing a lot of this in how does that broader operation work? And how does that start to use this information to go after some of these criminals?

JC: So it starts when the FBI is getting all of these messages that are obviously not in English because ANOM is worldwide and it’s all over the place. So they’re getting stuff in Swedish, they’re getting it in Dutch, German, etc. And initially the FBI starts sharing with just the Swedes, just the Dutch, and then the Germans a little bit later, but it becomes clear that to actually have pretty good impact with ANOM. They need to have much more coordination. In the case of EncroChat, which was eventually hacked by European authorities, they got a bunch of messages, they distributed them. There was something of a bottleneck in which some of the European officials were just feeding out their intelligence to other agencies. The FBI went on. They wanted to do something different.

They wanted everybody in the same room that ended up being your policy, said talking across the table from one another. So we can really coordinate and take these people down. And it’s very similar to how you have these super cartels who are meeting face to face in Dubai over a hotel conference table or whatever. Now you have the police basically doing the same thing, but over a conference table in Europol. And that’s, I think, one of the big reasons why they were actually able to generate so much impact with this operation. And it was something like 16 countries in the end. You’ve got Austria, the UK is in there as well.

Just basically any sort of country you would expect to be involved probably was, but they crucially did not include some countries such as Serbia, because that is where I believe a lot of the public corruption took place. We’re obviously talking about very openly now at the time, this was a massive secret. And not only was it a secret in the FBI, now it’s a secret among 16 other agencies. And I’m genuinely shocked that it didn’t completely leak, to be honest.

PM: Yeah, I believe the book said the Italians were excluded from that as well, right?

JC: I don’t know why. I don’t know why exactly, but what that meant was that when the FBI was really pivotal to capturing a very high-tier Italian mob boss, they fed over the intelligence, action was taken in Brazil to get this guy. And that leaves the Italians going: Why the hell is the FBI giving us this information? How do they know this? And all these sorts of questions. And the FBI obviously does not answer them. It just carries on. It’s just doing its own thing. And like: Here’s like one of your most wanted criminals, but we’re not going to tell you why.

PM: You mentioned how the FBI really wanted to bring everyone into the same room because these networks were operating across European borders or even beyond. But a lot of these authorities were still operating in their own jurisdictions and didn’t have that same degree of communication. Obviously, Europol was created to create some of that. Is there any suggestion that this operation has changed how these agencies work together? After that, because they had this experience of doing this with the ANOM kind of operation?

JC: So Europol and European authorities in general have definitely been cooperating more and more over the years. ANOM is not the only case where that’s happened. There’s tons of human trafficking or other drug trafficking cases. And like, I wouldn’t say ANOM was the only one, but this was a massive case where you have these people sat across the table from one another going through all of this data at once. And I’m sure it showed not just Europol, but very importantly, the FBI, that this is possible, and we should probably do more cooperation. There’s a couple of people from the FBI in the book who are pretty skeptical of giving it to Europol because they honestly, they don’t think Europol can handle it.

They think it would get leaked. It will probably get drowned in European bureaucracy, whereas the FBI is running a tech company. We don’t want this regulation get out of the way. We want to do whatever we want. It all worked out in the end, relatively so. But I do think if anybody learned from this, when it came to cooperation, it was probably the FBI more than anybody.

PM: Interesting. Another one that I was surprised to see was not like in those initial countries. You mentioned how the FBI went to Europe and was initially working with Sweden and the Netherlands and Germany. The authorities there was France, because I believe France was the country whose authorities hacked Sky and maybe EncroChat as well, or maybe that was bigger. So I was wondering why kind of the French were able to get into these networks and then kind of share that information with other authorities, but were not initially brought into this ANOM deal, or if you have any idea why that is?

JC: You’re right in that the French military police hacked into EncroChat. Them being military is very key because they’re using that to claim this is a national security issue, so we’re not going to tell you how we hacked it. We figured it out through various other court documents. It was a malicious update pushed to the phones, but they don’t really want to provide any more information than that. What I would say is that I was surprised at how much the collaboration and bringing countries in was basically built on them being friends. It really was built on these personal relationships where if they didn’t already know each other, and they often did, and they then brought that country in. By the end, these people were like great friends, going to the pub and stuff together.

And I found that very strange because when we think of law enforcement, we usually think of it in the terms of systems and agencies. And all throughout this, It was just like individual officials just doing what they thought was good or cool or whatever and that was on the DOJ side. I absolutely think it was on the European side as well.

PM: And so you talked about how this operation really started in 2018 and then really starts to pick up steam in 2019. Obviously we know what happens in late 2019, early 2020. How does COVID like disrupt this whole operation and what they’re trying to carry out or does it have much of a flip at all?

JC: So, the FBI had been developing this sort of back end surveillance system called Hola iBot. I don’t know why it’s called that, but it does have a little robot as its logo, which I found in some documents, which is really fun. But they were developing that, FBI computer scientists were, because they knew eventually what Yes, we do want to give it to foreign partners and they’ll need to remote in. They’ll need a, a VPN or interface or whatever. Then as you say, COVID happens and that dramatically speeds up the need for this tool because you can’t really go into the office or at least not many people can. The FBI had to respect this just like we did. So they accelerate production of that. And that allows the FBI officials to remote in and look through the messages that way.

Some of them still did go into the office, and there’s some very funny scenes where not being used to cleaning their own offices, they have to go and find a vacuum cleaner somewhere in the San Diego FBI field office. And I absolutely loved them telling me that detail, but it sped it up and they had to adapt just like we all had to. And crucially, the criminals had to adapt to COVID, as well, to the point where, for money laundering, there were much more dead drops. So, criminals would put money in one place, they would leave, somebody else would come pick it up. That way, they’re social distancing. They haven’t seen each other, they’re not face to face.

PM: It’s like dropping off your DoorDash order or something like that on your step so you’re not talking to the delivery driver, you’re dropping off your big stash of cash so someone else can pick it up without seeing you.

JC: It’s their sandwich. It’s just $500,000 or euros in cash. It’s like basically the same thing. And then some criminals, of course, because they’re always looking for opportunity. They start to try to smuggle drugs in hand sanitizer or in shipments of masks, which while everything else is slowing down shipments of those products are, if anything, they’re ramping up. So why don’t we like attach ourselves to those shipments as well? And COVID didn’t really impact the drug trade. It’s crazy. It impacted people buying cocaine or ecstasy or whatever because they literally can’t go to nightclubs or festivals or anything else. It didn’t really stop the international drug trade. They just found other ways.

PM: And I imagine if you’re thinking about like the Australian authorities as well, the criminals down there were probably helped by the fact that Australia had this quarantine measure where a lot of life was quite normal in much of the country for a while. So things could continue and people are still going to the night clubs and stuff like that. eventually the FBI sets this deadline, this date of June 7th, 2021, where everything is going to be revealed because the number of users on the platform is just growing too great. And also they have this ruling that allows them to continue funneling data through Lithuania until June 7th.

And so instead of trying to get that renewed, they’re just going to set that as the date where this is all ending and the preparations begin for what all of these different authorities who are now involved in this project are going to do and how they’re going to use that information. What’s the preparation for that kind of big reveal? What does that look like?

JC: Things are getting really hectic, really crazy. One FBI agent in the book is saying things like: We just can’t do this anymore; this is getting out of control; it’s going to break. Then more resources come in and then they carry on. And it’s like this endless loop that’s going to snap at some point. As for the preparations after they set the date. There’s just a flurry of activity. And I’ve gone through, I think, tens of thousands of pages of police reports from various countries and read them all one by one. And around this time, that’s when you see officers going out into the field, they’re filming the people they’ve been reading the messages on for months, if not years.

At this point, they’re following some hotels, they’re trailing them in cars, they’re flying drones over them and everything. And they’re sort of doing all the techniques you would ordinarily expect in a law enforcement investigation, but on steroids and on an insane deadline. It’s like we have June 7th. It’s now, I don’t know, April, May or something like that. And we need to gather evidence on these people, not just so we can arrest them, but we can prosecute them. And there’s this switch from ANOM being an intelligence gathering tool to like a judicial tool. And they’re going for all of those. And eventually they get like a target list of 800 people that they’re going to arrest on a single day.

And that’s just an insane number to me. Sky and EncroChat, they got probably a lot more messages and a lot more intelligence, but ANOM is sort of the single biggest law enforcement sting operation ever, especially on that day, the 800 planned arrests. And then, eventually 10,000 law enforcement officials are involved. I mean, that’s like a small army all over the world acting on that single day.

PM: Before we talk about what comes out of that, obviously in the months and the years leading up to June the 7th, law enforcement around the world are using this information to increasingly act on things that they’re seeing in these messages and in these voice recordings and these calls and things like that, that they are receiving through the ANOM network. Do the criminals ever get wise to the fact that they’re using this phone system that is actually owned by the FBI?

JC: So, that’s the constant tension in that some authorities would say: We have to act; we have to shut down this drug lab, or we have to seize this shipment. And they would have to sort of fabricate some sort of reason, not really for why they want to do it, because they want to get the drugs, but what they say to the suspects, or even sometimes to their own colleagues inside the same agencies. There’s one Swedish official, who had to lie to her counterpart because he thought: Oh, there’s a source who’s giving you this information when actually it was ANOM. And she just had to like glaze over that. And she didn’t feel great about that, to be honest. That also brings up a few justice issues as well.

It’s basically parallel construction, even though eventually, when these people are prosecuted, it is revealed that it’s ANOM. Criminals, in the context of that flurry of activity, did start to get suspicious of ANOM. There was just too much activity happening. If they had been able to zoom out and seen the connection between all of these raids, all of these seizures, they would have realized quickly it was ANOM. But eventually, people are telling themselves, something’s wrong with this phone. I think someone says it’s cursed at one point because their friends got onto it and they immediately got raided. And that’s another constant drumbeat in the background of this, which is that the FBI doesn’t really want the criminals to figure out what is going on before the FBI gets to act. Because obviously they can go and destroy evidence or they can run away or anything like that. But some people do start to get wise.

PM: And so what does June 7th, when they finally undertake this operation, what does that look like? And how does this ultimately get revealed to the world that the FBI has been running this and all these other law enforcement agencies have been involved?

JC: So the plan was, as it was told to me, to follow the sun. And that means it starts in Australia. They’re doing these, I think, early morning / late night raids of kicking down doors and arresting bikers, that sort of thing. Eventually they have a press conference where the Australian authorities announced that: Hey, we’ve been reading messages from ANOM sort of at the same time as that the baton has passed to European authorities in Europol and they start arresting people and they start chasing people down.

They have their own press conference as well. By this time, it’s very clear to the criminals what was going on. Oh my god, ANOM was bugged the entire time. This is a disaster. Many of them are now in a police car or in a jail cell or whatever. And then eventually, later in the day, the DOJ, they come out and they say, we were running it the entire time. And they say a key piece, of information, which I think has implications much more broadly. They didn’t just want to arrest people. They wanted to undermine trust in the hardened encrypted phone industry. This wasn’t just an operation to gather evidence and arrest people. It was like, we want to fundamentally shift the way we trust people, how criminals think about encryption.

PM: And as I understand it, since ANOM has gone down, and obviously Sky and EncroChat were hacked by European authorities, by French military police, that there hasn’t been another large, encrypted phone company like this before. There are smaller ones, but not anything to this scale. Is that right?

JC: There’s nothing really big. There was one called Cypher that was very large in Australia, and they just threw in the towel and basically quit the business because of it. Presumably thinking they were going to be next. I spoke to people who were inside the company at the time and to pull it bluntly, they were freaking out essentially inside.

And then I ended up speaking to more people who sell encrypted phones after the ANOM operation, and they said, it’s basically impossible to get a user base now, because everybody suspects, well, is this run by the FBI as well? Is this run by the Dutch or the Australians? There is a massive tinge of paranoia through organized criminal communities. Now that’s not to say they’ve stopped using crypto phones because some definitely still use them, but everything has changed now for sure.

PM: And so if we look at the broader impacts of this Anam operation and what the FBI did, if we look at the law enforcement side of it first and the criminal side of it, what ultimately was the broader impacts for law enforcement and for trying to clean up this criminal activity in the various countries where this was being used, like have they really been successful at disrupting what is going on here? Have they been successful in prosecuting a lot of these people and arresting a lot of the people involved with it? What have we seen there?

JC: I mean, ANOM ended up getting well over a thousand arrests in total. There were multi tons of drugs seized, something like 150 weapons, I think, and 150 threat to life mitigators, which is when the police intervened in some sort of way, when somebody’s life was under threat. That is all just on a quantitative level, pretty damn successful, right? They arrested a bunch of suspected and now sometimes convicted criminals to answer that part of the question. That doesn’t mean the war on drugs was over and whatever.

I was shocked by some of the sentiment of the European officials I spoke to who even after doing this operation and the EncroChat and the Sky one, they started the question: Well, is this even the right thing that we’re doing? We seize the drug shipments and then there’s just more, which of course goes back to the age old question of, well, the war of drugs is a massive mistake of resources and ends up with a bunch of people being arrested when maybe they shouldn’t. That’s basically another discussion. But even with all of those seizures, the drug industry continues. It just soldiers on and it will continue.

PM: I think it definitely does make us reflect on what is actually needed to stand us out if that’s ever even possible and what it looks like to try to get a greater control over what’s happening there and to reduce the killings, the crime, the traffic of drugs and, on a political level, whether the policies that we have are the right ones, if those are the sorts of goals that we have.

But then on the other side of this, there’s also the question of the broader implications, even beyond the criminals for the ability of law enforcement to do something like this. Right. And there’s obviously, a very strong push in privacy communities to ensure that All of our communications that everything we do is encrypted and is happening on encrypted platforms and things like that. What broader reflections do you think that this sort of case, kind of forces us to have about a push like that or a movement like that?

JC: So Matthew Green, who is a cryptographer, does a really interesting thought experiment at the end of the book. And he has no problem, he told me, with authorities targeting these closed, basically criminal networks. They’re using phones, that’s very stupid, hack them, whatever. What he brought up, and I think it’s a really, really compelling argument or thought experiment is: Well, what happens when it’s not entirely criminals? Is the split 90 percent criminal, 10 percent innocent, and then they’re okay compromising that, or is it 50-50?

And he even uses an example of, let’s say half the criminals are doing something like copyright theft of song lyrics, something I don’t really care about. I don’t think many people would care about. And then the other half, a hardened top tier drug traffickers. Would the FBI be okay compromising that network? And we don’t know the exact answer yet, but by all indications, by me sneaking into a law enforcement conference where an FBI agent said they look forward to the next iteration of this operation, whatever that may be. And in my conversations with the San Diego FBI, when I asked them, well, what about signal and like that sort of thing?

And this is what people are worried about. They say that we believe we should have access to any encrypted messages that we’re legally entitled to. And yes, signal on a technical level does not allow that legally. The FBI would argue that it should have access. Now, to be absolutely clear, I’m not saying the FBI has compromised Signal in any way. I use it every single day. I trust it with my security more than any technology products on the planet. But the FBI is not going to stop at ANOM. And people I’ve spoken to who used to use encrypted phones or used to sell encrypted phones, they say people have moved to using apps such as Signal with a customized Android. So I don’t think the FBI or any of his partners are then just gonna clap their hands and be like: Okay, well now we won’t bother and we’ll, we’ll go home. They’re going to continue. They’ve told me as much.

PM: And I think it’s important to say that about Signal as well, because there have been some suggestions recently online pushed by Elon Musk and people like that, that Signal is actually insecure and you should be using Telegram, which is not nearly as secure as Signal is. So just to kind of mention that and put that out there, I wanted to drill down on that. point a little bit further with you though, right? Because so we have obviously these law enforcement agencies that want to get access to these communications of criminals that are happening on encrypted platforms. And when we talk about ANOM, that is them really targeting a platform that is basically designed and meant for criminals where mostly criminals are going to be using it. But do you think that now that criminals do not trust something like that, a network that is just for criminals any longer and are increasingly moving into more consumer products that offer encryption, I think that obviously puts them more at risk.

But does the lack of transparency allowing law enforcement to get any access to these sorts of messages, then create the further incentive for them to try to do more projects like ANOM or to create more surveillance software is that, certainly might not be breaking the encryption on these apps, but are getting other sorts of ways of surveilling communications onto your phones, like a Pegasus software or something like that. What is kind of the arms race that you think that this gets into? And does it force us to have some consideration of, whether there are times when it makes sense for law enforcement to be able to get access to some of this stuff?

JC: I think apps or technology platforms or whatever, not providing legally requested information to the authorities absolutely does create an incentive for the FBI or any other agency to find new techniques. That’s not me saying, I think Signal should hand over data. I’m just saying, yes, that’s the cause and effect right in that Signal or I would argue Telegram a lot does not work with the authorities, even though it is cryptographically garbage, it does not readily provide data. Now that will create, I think, a situation where on one side, you could have authorities doing something like Pegasus, as you say, it’s like: Well, we can’t get data from the app, so we’re going to do this thing that’s very, very expensive and very on a per target basis. And we’ll hack into a phone, we’ll get their data and we’ll do it that way.

The other side is we’re going to do something much broader, and that could be the undermining of a particular app, or it could be something like European legislators and authorities are debating at the moment in Europe is that, well, we want the scanning of encrypted messages for child abuse material, which could easily balloon into all sorts of other content. I think there was a leak to the outlet Balkan Insights where a Europol official admitted as much. They said: This is good for CSAM, but we would like it for every sort of crime. I mean, they’re just saying it now. They’re not even hiding it. And maybe there is a third option. Maybe there’s a secret third option that I’m not thinking about right now.

But when it comes to mass compromising of apps or targeted exploitation of devices. I’m going with the latter personally, because you absolutely have to have a warrant to deploy that tool. It can be in a limited circumstance because it’s so expensive to hack iPhones, relatively. I don’t think either of them are great, but this is the real world and this is how messy and complicated it is. And I think the idea that, well, the FBI just aren’t going to do anything, go home is naive. They’re going to do something. And I think members of the public, civil society, law enforcement, journalists, policy makers, policy experts need to continue having that discussion around what one of those options or some sort of other option might be.

PM: Definitely. And, one of the things that stood out to me in the book and that we’ve talked about, of course, is how the FBI was ultimately not able to monitor these messages that were happening in the United States that were being sent in the United States because, it largely couldn’t get the approvals to do that. Obviously, it’s a very bureaucratic system, and obviously there are a lot of problems with US intelligence agencies, US police, US law enforcement. There’s no debating that. Does that give you any reassurance about the ability to ensure that these law enforcement agencies don’t do the worst possible thing and don’t surveil everyone’s communications, even if that opportunity is available to them?

JC: American police have a ton of different problems, obviously. So I’ll of course, preface it with that. The reason that a norm was not monitored in the US was more because there was a particular part of the DOJ, the Office of Enforcement Operations, OEO, I think they basically sat on the wiretap orders to do this. The prosecutors of San Diego had everything set up. They were going to work with the LA agents and officials as well. They sent off the first white app request and OEO, which approves all wiretaps in the US didn’t approve it. They didn’t say no, but they also didn’t approve it. I think you can look at that in a couple of different ways.

You could look at it, as: Well OEO did its role because it didn’t approve this wiretap they didn’t agree with, and that shows that checks and balances work. And that’s a good thing. Like you could frame it like that, or you could be like, they got in the way of something which could have caught a lot of criminals legitimately. I’m not leaning to either way. All I would say is that when we have even just the hacking tools or these mass monitoring tools, there obviously has to be massive checks and balances in place to ensure that they’re not inappropriately used with any sort of law enforcement technology. I would be very, very scared if there were no checks and balances on this, obviously.

And I guess it’s a silver lining to some that never happened for that reason. I would think the San Diego FBI and the prosecutors in San Diego would strongly disagree with that because they were fully prepared to do it. And they thought they had every legal right to. They did believe it was legal to do that.

PM: I guess in that case, they were looking at this specific network that was used by criminals, and I guess if we’re talking about them being able to look at something further, do you think it gives you reassurance that it wouldn’t just be kind of mass surveillance of the broader public, but would be targeted or it’s hard to say for sure?

JC: That’s where I get more scared, where it’s not used on a specific network that the overwhelming majority are criminal. And we’re talking about just monitoring an encrypted platform. I don’t know. I think you possibly need more than nice little checks and balances to help with that. I think that’s a discussion we need to have where fundamentally, do we even want law enforcement to the capability to do mass monitoring of encrypted platforms like this. And I imagine a lot of people would say they don’t want it, but they’re going to try.

PM: Absolutely. Joseph, this has been a really enlightening and fascinating conversation. As I said, I thoroughly enjoyed the book. I thought it was such an interesting read to learn about this broader story and network that, honestly, I had never heard about before. I missed all the reporting on it back around when this was unveiled. So thanks so much for taking the time to come on the show and for having this chat. I really appreciate it.

JC: Same. Thank you so much for having me.