AN0M: FBI investigates hundreds of suspected criminals thanks to tampered encryption app

Das FBI hat eine manipulierte Verschlüsselungs-App unter Kriminellen populär gemacht. Nun wurden in einer spektakulären Aktion über 800 Personen festgenommen, die sich in verschlüsselten Chats verraten haben.

Deutsche Version

On Cipherbrain, I have often reported on criminal cases where the police have come across encrypted computer data. I have even compiled a list of such cases. On it, for example, is the notorious masked man Martin N., who killed several children and in whose possession encrypted data carriers were found. The police could only decrypt them when N. handed over the password after years.

Quelle/Source: Polizei Niedersachsen

When criminals encrypt

Ross Ulbricht, who was sentenced to a draconian penalty as the operator of the illegal online trading platform Silk Road, also used encryption programs, causing problems for the police. My list also includes Susan Powell, a U.S. citizen who has been missing for years and whose suspected husband took his own life, leaving behind encrypted files.

There are numerous other more or less spectacular cases on my list. All the information listed comes from the press. It should be clear that there is an enormous number of unreported cases, because the police are not very forthcoming when it comes to the encryption activities of criminals and suspects. It is known, however, that the software VeraCrypt is extremely popular in such circles and that investigators all over the world have great difficulty decrypting encrypted data with it.

Anyone interested in the topic should definitely listen to my next ICCH talk on June 26, 2021 (I will give it together with Elanka Dunin). As the following agenda shows, the last chapter of this presentation is about the Mask Man (strictly speaking, this chapter is about several cases of computer-based encryption by criminals, the Mask Man is just the hook) :

As always, dial-in details for the talk (it will be held online) are available on the ICCH mailing list or from me upon request. Participation is free of charge.

The list in question now has over 50 entries and will certainly continue to grow. Almost all the cases listed are about encrypted data found on a suspect’s computer – i.e. mostly encrypted files. Sometimes it was also encrypted saved emails that the police came across.

Interestingly, on the other hand, I have found very few press reports of cases where police have encountered encryption while intercepting phone calls, emails or messenger services. I have no idea why that is.


Police countermeasures

Of course, word has long spread in police circles that more and more criminals are using encryption, which is almost impossible to crack. As a result, government investigators have developed various countermeasures in recent years.

In the case of the aforementioned Ross Ulbricht, for example, police officers confiscated his laptop while it was in operation. The transparent file encryption solution Ulbrich had installed was rendered ineffective as a result.

Legally required backdoors in encryption solutions or duplicate keys for the police are also discussed time and again. The manufacturers of encryption solutions, such as my employer cryptovision, are naturally not very enthusiastic about this. Fortunately, such laws have not yet been put into practice in any industrialized country.

On the other hand, it has happened that the police have been able to provide encryption solutions used by criminals with a backdoor. The EncroChat case is particularly worth mentioning here. Encrochat was a European-based company that offered end-to-end encrypted communication networks and associated end devices (crypto phones). Because these services were used with preference by members of organized crime, EncroChat was also called the “WhatsApp of criminals.”

In 2020, French investigators penetrated the EncroChat network and installed malware in it. About the consequences, one can read the following on Wikipedia:

At the time of its closure, the [EncroChat] service had around 60,000 subscribers, and by July 7, 2020, there had been at least 800 arrests across Europe, with over 1000 people arrested in total. In September 2020, it was published that the Federal Criminal Police Office was examining several hundred thousand chat histories and investigating about 3,000 German-based users of the network. In the Netherlands, 19 drug labs were dismantled and several contract killings were prevented. In the Netherlands alone, over 100 suspects were arrested, over 8,000 kilos of cocaine and 1,200 kilos of crystal meth and dozens of (automatic) firearms, expensive watches, nearly 20 million euros in cash and 25 cars were seized. Likewise, it became public that EncroChat tried to conceal the criminal actions of its users by asking its users to destroy their crypto phones.

The authorities also took action against the Sky ECC communications service, which was also popular with criminals, and managed to infiltrate the system, thereby breaking the encryption. Although the law enforcers also netted numerous suspects in this action, there were protests because many blameless people were also spied on.



The FBI has now apparently succeeded in going one step further. Instead of infiltrating any encryption services, the US federal police created their own service of this kind under the name AN0M. They managed to make this service popular among criminals – who, of course, did not know who was really behind AN0M.

Of course, AN0M was designed in such a way that the FBI could read all the messages sent, despite the encryption. That’s exactly what the investigators did – a total of 27 million messages were checked within 18 months – and in this way they were able to identify numerous suspected criminals.

A few days ago, the FBI finally dropped the bomb. According to press reports, 700 raids took place in 16 countries – including Austria, Germany, Denmark, Sweden, Canada and the UK. More than 800 people were arrested. In addition, more than $48 million in cash, tons of drugs, and numerous weapons, jewels, and luxury cars were seized.

This action of the FBI shows once again that modern cryptography is very secure. Programs such as VeraCrypt cannot be cracked even by the FBI, as long as the password used cannot be guessed. However, modern cryptography can sometimes be circumvented. This is exactly what the FBI has done with AN0M – with great success, it seems.

For the average user, this means that you can be unlucky even with absolutely secure encryption software – and that is if an attacker manages to bypass the protection.

If you want to add a comment, you need to add it to the German version here.

Further reading: Wie die Polizei verschlüsselt mit einem Millionen-Erpresser kommunizierte


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.