Hi and welcome back! When I caught wind of the story of the ANOM arrests, it blew my mind. No matter how hard people try to make sure their communications are absolutely private, that status lasts only as long as it takes for someone else to break into the chat. Today, let me show you the increasing lengths some folks will go to for privacy — and how it can be destroyed.
(The system in question, ANOM, is sometimes called AN0M or even ΛNØM. For ease of discussion, I’m sticking with ANOM. As you probably guessed, this post was inspired by the numerous leaks and reveals going on in the fundagelical world right now. What we do in the dark will be exposed in the light, after all, but the awful people in charge of Christianity keep forgetting that verse.)
Privacy: The Currency of Power.
Long, long ago, I did volunteer administration work for online games called MUDs. MUDs are like text-only versions of MMOs like World of Warcraft and EverQuest. As one sees in MMOs, MUD players sometimes like to chat privately with each other.
But in these games, privacy is hard to come by.
Still, people went to extraordinary lengths to gain privacy. In most of these games, other players could sneak into rooms and listen to conversations without being detected. So people had to go to some lengths to ensure privacy. They bought expensive homes in these games so they could have it (and also, of course, so they could decorate them). They’d head way into the most isolated parts of these games to talk together.
However, game admins could spy on everything in the game. We had invisibility powers that mere players couldn’t detect or avert. We also usually had access to logs behind the scenes that told us literally every command coming from a player’s keyboard.
And above us, the ultimate owner of the game, or implementor, had access to absolutely everything. That included everything admins did. The implementor could tell when admins checked out player logs, what we said to each other in private ingame messaging channels, the commands we issued, everything. If an imp had the server physically located nearby, as one of them did, then the server’s program would reveal even the stuff we typed that didn’t make it into a command (like if you typed a word and backspaced it, the imp could see all of that).
So very quickly after starting to play MUDs, I saw one truth:
Out of every currency in these games, people might have valued privacy most of all.
Privacy for Bad People.
Criminals treasure privacy even more than online gamers. After all, if a pair of MUDders get spied on, the worst thing that’ll happen is they’ll be embarrassed, or their plots will implode and fail. If criminals’ communication gets intercepted, they could face prison or worse.
However, criminals do need to communicate with each other. A criminal gang separated from its communication methods will fall apart quickly.
So there’s always been this escalating conflict around privacy between criminals and the authorities trying to catch them.
When cell phones came out, criminals likely considered them a godsend. A skilled person could strip out these phones’ regular communication capabilities — their ability to make calls and send messages, among others — and set them up with special encrypted communication channels. Once outfitted, these phones could only communicate with certain other phones, and their actual communications would be strongly encrypted so anybody who did intercept them would just find nonsense in the messages.
But here’s another gaming principle for ya:
Defenders must be successful every single time in defending their turf. Attackers, however, only need to be successful once.
The Privacy Wars.
In 2018, the FBI announced that they’d taken down an enterprise called Phantom Secure. The people behind Phantom Secure had somewhere between 10,000 and 20,000 users. Users bought eviscerated and refitted cell phones from Phantom Secure, then used them to do their thing. And Phantom Secure was tight. Here’s the FBI’s description:
The group purchased smartphones, removed all of the typical functionality—calling, texting, Internet, and GPS—and installed an encrypted e-mail system, so the phones could only communicate with each other. If a customer was arrested, Phantom Secure destroyed the data on that phone, which is obstruction of justice under U.S. law. In an attempt to thwart law enforcement efforts, the company required new customers to have a reference from an existing user. [. . .] The products were marketed as impervious to decryption or wiretapping.
The story did not end there. Oh, no. Not by a longshot.
Phantom Secure might have been taken down, but the demand for privacy only increased. The invisible hand of the market goes double for criminals.
An Opportunity, Seized.
But then, the FBI discovered that someone was already working to meet that new demand. The authorities refer to this person only as Confidential Human Resource (CHS). CHS was developing a powerful encryption app called ANOM.
ANOM marketed itself as “designed by criminals for criminals.” Its devices sold for about USD$2k, with a huge subscription fee payable every six months.
The FBI offered CHS a deal. CHS accepted it.
So CHS gave ANOM to the FBI. They also agreed to work with the FBI in getting these phones into criminals’ hands.
At first, undercover agents sold the devices. But eventually, that boost wasn’t necessary.
For three years, none of these criminals realized that their privacy had been compromised from the get-go.
Operation Trojan Shield had begun.
How ANOM Really Worked.
Every single ANOM phone contained a “master key.” This key attached itself to every single message sent out from these phones. It decrypted the messages and thoughtfully sent copies of them straight to servers owned by various international authorities.
So for three solid years, authorities knew every single thing these criminals sent from their phones. Along the way, other secure services got caught and busted, like EncroChat in July 2020 and Sky ECC in March 2021. As a result, ANOM gained more and more users. Its userbase swelled quickly to 9,000-12,000 active users.
These users were not nice people. Organized gangs — from formal Italian ones to mayhem-loving motorcycle gangs — loved ANOM; some 300 different criminal groups used it. So did assassins, illegal drug distributors, and other such awful people.
These folks had no idea why they kept getting caught and intercepted — at first. By June 2021, they began to suspect that their privacy had been compromised. (A hacking blog called ANOM EXPOSED helped too. Its writer raised serious questions about ANOM as early as March, says this other blog. Their post has since vanished.)
By then, though, it was far too late.
The Privacy Trap Clamps Shut.
Working with authorities from Europe and Australia, the FBI sprang the trap on June 8. Authorities descended upon their criminal prey from a great height. Eventually, their success tally would include:
- Over 800 arrests in more than a dozen different countries
- 8 tons of cocaine seized
- 250 guns confiscated
- 55 luxury cars grabbed
- Various motorcycles and consumer goods impounded
- USD$48M worth of various kinds of currency and cryptocurrency
- About 10 planned murders foiled in Sweden alone
No arrests took place in the United States, though, cuz we have privacy laws protecting our citizens.
Oh, and there’s apparently one major drug kingpin, Hakan Ayik, still in hiding. Without realizing it, he accidentally super-helped the FBI establish their customer network. Police said of him,
[H]e was “best off handing himself into us” as soon as possible, as he may be in danger himself, having unwittingly helped the FBI with their sting.
Indeed, I’m guessing a whole lot of very angry people are hoping they get to chat with Hakan Ayik before the authorities catch up with him.
So yeah, this story is huge.
The Quest for Privacy Only Escalates.
If normal everyday people crave privacy, terrible people want it even more. And I’m sure someone’s already working on some new way to get it. It’ll probably be even harder for authorities to crack and infiltrate than ANOM supposedly was — and considerably harder than its competitors and predecessors, needless to say.
The easier it gets to communicate with each other, the more services that spring up that grant those methods to users, the harder true privacy is to find for anybody — and the more valuable becomes as a currency for everybody.
It still blows my mind to see so many people on social media sites like Facebook giving intimate personal details to these mega-corporations through their profiles and posts. As a denizen of the second-generation internet, it got drilled into my head from the very start that there is always someone listening to what we reveal.
Even if you’re not a criminal, it’s useful to keep privacy concerns in mind. Through all the changes that have taken place in the internet world since its inception, privacy is still arguably the most valuable currency most of us have in that world.
NEXT UP: The further wrinkles medieval Christians added to Hell — and why they might have felt the need to do it. See you then!
Please Support What I Do!
Also please check out our Graceful Atheist podcast interview!
If you like what you see, I gratefully welcome your support. Please consider becoming one of my monthly patrons via Patreon with Roll to Disbelieve for as little as $1/month! My PayPal is firstname.lastname@example.org (that’s an underscore in there) for one-time tips.
You can also support this blog at no extra cost to yourself by beginning your Amazon shopping trips with my affiliate link — and, of course, by liking and sharing my posts on social media!
This blog exists because of readers’ support, and I appreciate every single bit of it. Thank you. <3
PS: The founder and CEO of Phantom Secure was arrested in Bellingham, Washington. Oh my. I’ve been there many times — it’s just across the border from Vancouver, BC. It’s a small seaside town — picturesque, yes, but economically struggling and largely uninteresting. So this fact will never be not funny to me. A criminal mastermind responsible for many thousands of high-level criminal engagements was in BELLINGHAM. The only way this could have been funnier is if he’d been arrested in Flea Hop, Alabama.
PPS: I knew this guy from my first MUD who figured out a system for gaining privacy with his ERP partners. He had some server space somewhere and there, he ran his own very primitive bare-bones MUD. Whenever he talked a woman into joining him, he had her sign onto his MUD to “play” with him. There, they had a lot more privacy. Coincidentally, he could also see her IP address then, which helped him verify her stated information.