Law Enforcement Secretly Ran Part of the Dark Web, Again: What Is the Lesson Here?
For close to two years, the FBI ran a sting like no other. The organization clandestinely established and operated an encrypted communications platform called “ANOM” that was used by organized crime. Believing they're using a private, secure means of communication, many illicit dealers carried their operations here to conduct business.
Divulging from the topic a bit; a couple of years before this, another large-scale dark web takedown—or rather, takeover—took place, at first silently. That takedown is known as "Operation Bayonet" and it involved multiple nations' cybercrime units (mostly Germany, Netherlands, and the U.S.).
How Bayonet went down
So let's sum up what happened. First thing to note: What happened involved two separate illicit marketplaces, Hansa and AlphaBay. One day, the Dutch law enforcement received a tip from a security researcher regarding the location of Hansa's development servers (the place where new developments are tested out before being made live on the actual site), which definitely isn't an easy feat. We'll save you the details but the police somehow got both the owners' full names and even the home address of one.
This was enough information to pass on to German law enforcement so they could capture these men, close the marketplace, and charge them. But in the darknet, this causes nothing more than a momentary panic, users just cut their losses and move on to the next biggest marketplace. But this time, an interesting thing happened.
A tip from the FBI
The Dutch knew simply shutting it down wouldn't do these lawbreakers justice and started working on a takeover. Right around the same time, the FBI gave the Dutch a heads up: They were about to shut down the other marketplace we mentioned, AlphaBay. Everyone involved quickly realized they might have struck gold with this. As we just said, when a marketplace shuts down, people seek the next reputable provider.
With an elaborate plan, the Dutch and German police seized and took control of the Hansa market. And nobody noticed, not even the moderators. This was perfect because now the good guys could make alterations on the website to give them more information about people using the site. They modified the site to store passwords in clear text and altered the site's automatic image metadata removal function (metadata typically includes the GPS location as most smartphones come with geotagging on). Everything uploaded to the website appeared to have its metadata removed, but it was all stored.
A happy mistake
At some point, something they changed caused all the photos on the website to disappear completely. The cops panicked at first, but it turned out to be a happy mistake. They explained to the community that they had a bug and everyone had to upload all theirs pics again. The community was quite okay with this—mind you, the criminals were appeased with the quality of customer support they got from the police during this period—so upload they did. Great! More metadata for the cops!
As expected, when the FBI put AlphaBay down, many flocked to Hansa, now puppeteered by Netherlands National High Tech Crime Unit and possibly German and U.S. teams (can't be confirmed as both US Department of Justice and the German Federal Criminal Police Office didn't respond to Wired's requests for comment)
In the end, the law enforcement ran the site for a while, uncovered a ton of drug dealers and whatnot, and busted many, many of them. In the Netherlands, the police knocked on the doors of some smaller-time buyers and sellers even. Imagine doing something illegal and feeling the breath of the law on your neck, imagine the paranoia of "they know."
In the end, the law enforcement took ahold of data on 420 thousand users and millions of dollars of worth bitcoin directly from this operation. Darknet markets saw little activity for months after this. Operation Bayonet was a huge success!
So, with this in mind, let's get back into the more recent case.
'Legitimately' setting up a business
Apparently, FBI wanted to take things a step further. How?
"For the first time, the FBI operated its own encrypted device company, called “ANOM,” which was promoted by criminal groups worldwide. These criminals sold more than 12,000 ANOM encrypted devices and services to more than 300 criminal syndicates operating in more than 100 countries, including Italian organized crime, Outlaw Motorcycle Gangs, and various international drug trafficking organizations, according to court records," read a statement released by the FBI.
The operation was called Trojan Shield and it culminated in 800 arrests, as well as seizures of more than 8 tons of cocaine; 22 tons of marijuana; 2 tons of methamphetamine/amphetamine; six tons of precursor chemicals; 250 firearms; and more than $48 million in various worldwide currencies. It also saw the dismantling of more than 50 clandestine drug labs including one of the largest clandestine labs in German history.
Nowhere safe for criminals
However, beyond arresting bad guys, the point of these operations was to make criminals feel that there is no safe platform or a method of communication for them, hopefully dissuading them from ever partaking in illicit activities in the first place.
“This was an unprecedented operation in terms of its massive scale, innovative strategy and technological and investigative achievement,” said Acting U.S. Attorney Randy Grossman.
“Hardened encrypted devices usually provide an impenetrable shield against law enforcement surveillance and detection. The supreme irony here is that the very devices that these criminals were using to hide from law enforcement were actually beacons for law enforcement. We aim to shatter any confidence in the hardened encrypted device industry with our indictment and announcement that this platform was run by the FBI.”
The move was a very smart one by the FBI as the organization essentially managed to break encryption without having to actually break encryption. From now on, criminals will be forced to wonder whether an encrypted chat service is actually legit or just another FBI honeypot. And that should have all of us sleeping a little sounder at night.
H/T: Jack Rhysider, WIRED