Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
209647 ZDNET 2021-6-8:
How the FBI and AFP accessed encrypted messages in TrojanShield investigation
1.000 Find similar Compare side-by-side
209525 ARSTECHNICA 2021-6-8:
FBI sold phones to organized crime and read 27 million “encrypted” messages
0.977 0.677 Find similar Compare side-by-side
209388 THEVERGE 2021-6-8:
The FBI secretly launched an encrypted messaging system for criminals
0.971 0.613 Find similar Compare side-by-side
209646 ZDNET 2021-6-8:
AFP used controversial encryption laws in its 'most significant operation in policing history'
0.977 0.564 Find similar Compare side-by-side
209527 ZDNET 2021-6-9:
FBI touts arrest of hundreds thanks to fake app
0.138 0.523 Find similar Compare side-by-side
209550 VENTUREBEAT 2021-6-5:
U.S. Supreme Court restricts scope of computer fraud law
0.375 Find similar Compare side-by-side
209783 ZDNET 2021-6-11:
Feds strike Slilpp, a marketplace for flogging initial access credentials
0.370 Find similar Compare side-by-side
209642 ZDNET 2021-6-7:
After DOJ arrest of Latvian Trickbot coder, experts highlight public-private efforts to tackle cybercrime
0.325 Find similar Compare side-by-side
209443 ZDNET 2021-6-9:
Qrypt’s cloud service will distribute entropy for better cryptography
0.315 Find similar Compare side-by-side
209430 ARSTECHNICA 2021-6-7:
US seizes $2.3 million Colonial Pipeline paid to ransomware attackers
0.314 Find similar Compare side-by-side
209298 ZDNET 2021-6-4:
US Supreme Court limits scope of CFAA and rules bribing cops for data is not hacking
0.312 Find similar Compare side-by-side
209608 ZDNET 2021-6-7:
US Justice Department accuses Latvian national of deploying Trickbot malware
0.311 Find similar Compare side-by-side
209281 ZDNET 2021-6-4:
Experts suggest tougher limits on access for employees after Supreme Court ruling limits use of hacking law
0.302 Find similar Compare side-by-side
209596 ZDNET 2021-6-7:
‘Majority’ of ransom paid by Colonial Pipeline seized and returned by DOJ
0.290 Find similar Compare side-by-side
209639 ZDNET 2021-6-7:
Facebook ramps up privacy efforts with end-to-end encrypted audio, video calling trials in Secret Conversations
0.290 Find similar Compare side-by-side
209834 ZDNET 2021-6-10:
This new hacking group has a nasty surprise for African, Middle East diplomats
0.272 Find similar Compare side-by-side
209273 ARSTECHNICA 2021-6-4:
Ransomware will now get priority treatment at the Justice Department
0.267 Find similar Compare side-by-side
209705 ZDNET 2021-6-11:
Card Broken: 1000 arrests made in Chinese crackdown on fraud, cryptocurrency laundering
0.265 Find similar Compare side-by-side
209711 VENTUREBEAT 2021-6-9:
What the Supreme Court’s decision on federal computer crime law means to you
0.251 Find similar Compare side-by-side
209605 ZDNET 2021-6-6:
NSW Police using artificial intelligence to analyse CCTV footage
0.250 Find similar Compare side-by-side
209770 ARSTECHNICA 2021-6-10:
EA source code stolen by hacker claiming to sell it online
0.248 Find similar Compare side-by-side
209791 ZDNET 2021-6-11:
Singapore researchers tap human body as medium to power wearables
0.246 Find similar Compare side-by-side
209769 ZDNET 2021-6-11:
DOJ charges cybersecurity official for attack on Georgia hospital
0.240 Find similar Compare side-by-side
209201 TECHREPUBLIC 2021-6-4:
Microsoft Teams: Here's when your calls will get end-to-end encryption
0.237 Find similar Compare side-by-side
209658 ZDNET 2021-6-8:
A deep dive into Nefilim, a ransomware group with an eye for $1bn+ revenue companies
0.236 Find similar Compare side-by-side

1

ID: 209647

URL: https://www.zdnet.com/article/how-the-fbi-and-afp-accessed-encrypted-messages-in-trojanshield-investigation/

Date: 2021-06-08

How the FBI and AFP accessed encrypted messages in TrojanShield investigation

Over a three-year period, law enforcement agencies around the world jointly decrypted messages of criminals to foil various activities, such as plans to ship tonnes of cocaine. The US Department of Justice has unsealed a warrant detailing how law enforcement agencies accessed and used the encrypted communications of criminals as part of its TrojanShield investigation, a global online sting operation. The warrant [PDF] reveals that the Federal Bureau of Investigation (FBI) in 2018 commenced the investigation after it recruited a confidential human source to provide access to Anom, an encrypted communications product used by transnational criminal organisations (TCOs). The confidential human source also distributed Anom devices to their already existing network of distributors of encrypted communications devices, which all had direct links to TCOs. According to the warrant, the FBI said it recruited the source shortly after arresting Vincent Ramos, the CEO of Phantom Secure, who had sold the company's encrypted devices exclusively to members of criminal organisations. Operation Trojan Shield was centred on exploiting Anom by inserting it into criminal networks and working with international partners, including the Australian Federal Police (AFP), to monitor the communications. In order for an Anom device to be useful for monitoring, the FBI, AFP, and the confidential human source built a master key into the existing encryption system, which surreptitiously attached to each message and enabled law enforcement to decrypt and store messages as they were transmitted. Users of Anom devices were not aware of the master key's existence.  By design, as part of the TrojanShield investigation, for devices located outside of the United States, an encrypted "BCC" of the message was routed to an "iBot" server located outside of the United States, where it would be decrypted from the confidential human source's encryption code and then immediately re-encrypted with FBI encryption code. The newly encrypted message would then be passed to a second FBI-owned iBot server, where it was decrypted and its contents became available.   Each Anom user was assigned to a particular Jabber Identification (JID) by the source or an Anom administrator. The JID is either a fixed, unique alphanumeric identification, or for more recent devices, a combination of two English words. Anom users could select their own usernames and change their list of usernames over time. As part of the Trojan Shield investigation, the FBI maintained a list of JIDs and corresponding screen names of Anom users. During the testing period for using Anom devices as part of the investigation, the AFP obtained a court order to legally monitor the Anom devices that were to be distributed to individuals in Australia or those that had a clear nexus to Australia. In Australia, intelligence and law enforcement agencies can request or demand assistance from communications providers to access encrypted communications under encryption laws that were passed at the end of 2018.   Approximately 50 devices were distributed as part of the test which was deemed a success, the warrant said. "Through the interception of these communications, the AFP penetrated two of the most sophisticated criminal networks in Australia. The AFP has shared generally with San Diego FBI the nature of conversations occurring over Anom, which included drug trafficking activity (including discussing the transportation of hundreds of kilograms of narcotics), firearms purchases, and other illegal activity," the warrant detailed. After the testing in Australia, the FBI engaged a third country -- which has been left unidentified -- that agreed to join the TrojanShield investigation and set up its own iBot servers. The third country then agreed to obtain a court order in accordance with its own legal framework to copy an iBot server located there and provide a copy to the FBI pursuant to a Mutual Legal Assistance Treaty. From infiltrating the Anom network, the law enforcement agencies translated and catalogued more than 20 million messages from a total of 11,800 devices located in over 90 countries as part of Operation TrojanShield. The top five countries where Anom devices were used, before the encrypted product's services were shut down on Tuesday, included Australia, Germany, the Netherlands, Spain, and Serbia. In the unsealed warrant, one example of Anom devices being used to shut down criminal activities was a shipment of cocaine from Ecuador to Spain that had been concealed within a shipping container of refrigerated fish. The FBI and law enforcement officials in Spain reviewed the messages that contained specific details regarding the shipment and distribution once it arrived in Spain. Law enforcement officials in Spain then conducted a search of the container and upon completion, located approximately 1,401 kilograms of cocaine. In addition to decrypting messages made on Anom devices, the FBI sought to seize content, including electronic mail and attachments, stored instant messages, stored voice messages, and photographs, from certain Google accounts through the warrant. The unsealing of the document comes shortly after the AFP made public the online sting operation, which has also been dubbed as Operation Ironside. Australian Home Affairs Minister Karen Andrews labelled it as the "most significant operation in policing history" in Australia. The law enforcement agencies decided to bring the online sting operation to light as the third country's warrant expired on June 7 along with the operation itself. The TrojanShield operation led to 525 search warrants, 224 individuals being charged, 525 charges in total, six clandestine labs being taken down, and 21 threats to kill being averted. 3.7 tonnes of drugs, 104 firearms and weapons, and over AU$45 million in assets were also seized as part of the operation.