Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime Australia Cellphones Government

'Every Message Was Copied to the Police': the Daring Sting Behind the An0m Phone (theguardian.com) 105

The Guardian tells the story of "a viral sensation in the global underworld," the high-security An0m phones, which launched with "a grassroots marketing campaign, identifying so-called influencers — 'well-known crime figures who wield significant power and influence over other criminal associates', according to a US indictment — within criminal subcultures." An0m could not be bought in a shop or on a website. You had to first know a guy. Then you had to be prepared to pay the astronomical cost: $1,700 for the handset, with a $1,250 annual subscription, an astonishing price for a phone that was unable to make phone calls or browse the internet.

Almost 10,000 users around the world had agreed to pay, not for the phone so much as for a specific application installed on it. Opening the phone's calculator allowed users to enter a sum that functioned as a kind of numeric open sesame to launch a secret messaging application. The people selling the phone claimed that An0m was the most secure messaging service in the world. Not only was every message encrypted so that it could not be read by a digital eavesdropper, it could be received only by another An0m phone user, forming a closed loop system entirely separate from the information speedways along which most text messages travel. Moreover, An0m could not be downloaded from any of the usual app stores. The only way to access it was to buy a phone with the software preinstalled...

[U]sers could set an option to wipe the phone's data if the device went offline for a specified amount of time. Users could also set especially sensitive messages to self-erase after opening, and could record and send voice memos in which the phone would automatically disguise the speaker's voice. An0m was marketed and sold not so much to the security conscious as the security paranoid...

An0m was not, however, a secure phone app at all. Every single message sent on the app since its launch in 2018 — 19.37m of them — had been collected, and many of them read by the Australian federal police (AFP) who, together with the FBI, had conceived, built, marketed and sold the devices.

On 7 June 2021, more than 800 arrests were made around the world....

Law enforcement agencies ultimately saw An0m as a creative workaround for unbreakable encryption, according to the Guardian. "Why debate tech companies on privacy issues through costly legal battles if you can simply trick criminals into using your own monitored network?"

The Guradian's story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"
This discussion has been archived. No new comments can be posted.

'Every Message Was Copied to the Police': the Daring Sting Behind the An0m Phone

Comments Filter:
  • is the favorite go-to defense for ALL the whiney criminals. For maximum effect, be sure to claim it loudly in your whiniest, high-pitched, righteously-indignant voice.

    With regards to the hand-wringing worry about the possibility that some tyrant might do something similar, my response is a big, loud, echoing "meh". Tyrants maintain their power through the use of cell phones, the internet, antibiotics, automobiles, paper and pencils, eyeglasses, wheelbarrows and sharpened sticks. If we refused to develo
    • Re:"entrapment" (Score:5, Informative)

      by Rosco P. Coltrane ( 209368 ) on Sunday September 12, 2021 @04:47PM (#61789279)

      It's not entrapment.

      Entrapment is when the pigs propose to someone to transport coke for a fee, then arrest them for drug smuggling. It's entrapment because that person might never have been tempted to smuggle drugs if the pigs hadn't planted the idea in their nogging and made it an attractive proposition.

      Here they sold phones to individuals who were criminals to begin with. The secure phone didn't turn them into criminals, nor did it cause them to engage in new criminal activities they wouldn't have engaged in otherwise.

      • Re: (Score:1, Insightful)

        by Trump One ( 8427569 )

        Here they sold phones to individuals who were criminals to begin with.

        Okay, fair enough.

        The secure phone didn't turn them into criminals, nor did it cause them to engage in new criminal activities they wouldn't have engaged in otherwise.

        Ehh, that seems debatable in my opinion.

        If you take a guy who wants to steal stuff, but doesn't have any tools to pull it off, maybe he won't do it. If you hand him the keys to the backdoor of a nearby store though, maybe now he thinks the job is so easy that he goes ahead and does it.

        Handing criminals tools to make it seemingly easier to commit crimes seems like a dumb idea to me. But at least this one wasn't anywhere near as dumb as "Operation Fast and Furious [libertarianinstitute.org]".

        • Re: "entrapment" (Score:4, Informative)

          by gnasher719 ( 869701 ) on Sunday September 12, 2021 @06:02PM (#61789517)
          If you had considered committing a crime but didnâ(TM)t do it because it was too difficult, then handing you the tools is not entrapment. Only if you hadnâ(TM)t considered committing a crime. Showing you opportunities for crime, like an unlocked car with the keys in the ignition, is not entrapment.
          • Note: it's also entrapment if the police coerce a person into committing crime. Which they also didn't do here.

          • by dryeo ( 100693 )

            Even that depends. The BC legislature bombers got off due to being entrapped on appeal due to being a couple of junkies who weren't capable of getting the bus across town and the amount of work and encouragement the RCMP put into getting them to attempt to blow up the legislature.
            Hmm, not appeal, but between conviction and sentencing the Judge found they were entrapped and quashed the conviction. From http://www.thealfalfafield.com... [thealfalfafield.com]

            This pair of recently-converted ex-heroin addicts living on welfare i

            • hijacking a nuclear submarine and (somehow) building a missile and launching it at Seattle (which he believed was hundreds of kilometres closer than it actually was)

              Interesting, since the distance from Vancouver to Seattle is only 192 kilometers. I guess it would depend on where they thought the submarine would be located when they fired their homemade missile.

              --

        • by PPH ( 736903 )

          Handing criminals tools

          Did they give these phones away for free? I doubt it. Even if they did, I don't see anything about possessing an inexpensive phone that could be considered an inducement to commit crimes. Or I'd be on all the most wanted posters at the Post Office.

        • Itâ(TM)s not entrapment if they want to do it, but just so far didnâ(TM)t because it was hard. Itâ(TM)s only entrapment when the person would never think of doing it, and the police convinced it coerced him to do it.

      • by RobinH ( 124750 )
        I don't think that meets the threshold of entrapment. Asking someone (who is already suspected of committing criminal activities) if they'll commit a crime and arresting them if they do it is allowed. The defense might claim entrapment if they said no, but the police officer persuaded them. Here, I think "persuasion" is the crux. Putting the idea in your head by asking isn't enough. Now, the defense could argue that the accused had never done it before, but from what I've read, the onus would probably
      • by vadim_t ( 324782 )

        Entrapment proper requires overcoming resistance.

        "I'll pay you to transport drugs for me" is not entrapment. You need to first say no, and then the undercover cop needs to overcome your resistance in some way. If the cop keeps on telling you a sob story about how their whole family will die or starve if they don't find a mule, or they follow you around incessantly, or they keep promising more and more money to a ridiculous amount, or they hint harm might come to you if you don't do this one thing, or they l

      • by dfghjk ( 711126 )

        "Here they sold phones to individuals who were criminals to begin with."

        Here is how a thinking person can ignore what you have to say. If they were "criminals to begin with", "they" wouldn't need to sell them phones at all.

        "The secure phone didn't turn them into criminals..."

        No, it turned law enforcement into criminals. When that happens, criminals who have their rights violated will often escape justice.

        • No, it turned law enforcement into criminals. When that happens, criminals who have their rights violated will often escape justice.

          Remember that "criminal" is a designation based on a definition... a definition that is entirely under the control of the government.

          In the western world, we play the ace as the high card by claiming that some things are "Natural Rights" and are therefore bestowed by "God" or "The Universe" or "Nature", and are or should be out of the reach of the government, which does help curtail some of the worst excesses. But it's not a panacea.

          So in some ways, as in this instance, law enforcement cannot be criminals,

          • Remember that "criminal" is a designation based on a definition... a definition that is entirely under the control of the government.

            The government publishes one definition of criminality, the one it enforces with its own courts and police. It does not have a monopoly on defining criminality, however. Other parties will have their own standards by which the actions of law enforcement can rightly be judged as criminal—or as the Legal Services Commission of South Australia aptly puts it, "an offence that merits community condemnation and punishment". (See also: common law offence [wikipedia.org]; malum in se [wikipedia.org].)

    • Nobody was suggesting maybe we should have stayed in the trees. The question is what should we do to avoid tyrants? It would seem to me we should (a) avoid walled gardens like Apple, who can't be trusted to not work with the government (b) use open source, end to end encryption apps which are... (c) either compiled by yourself, or a community you trust.

      • Its not that I trust apple entirely, but they are by FAR the most trustworthy of the bunch. wait, youre actually suggesting that people compile apps themselves because security? Sure, thatll work. For 0.5% of the population. What about the other 99.5+ percent? They sort of matter too. For that crowd,, apple and microsoft are MUCH better options the tech companies that monetize your data.
        • apple and microsoft are MUCH better options the tech companies that monetize your data.

          You had me right up to the last moment there when you - for no reason I can discern - roped M$ into your conclusion.

          If you don't think Microsoft collects and monetises your data, you've not been paying attention. Microsoft bought SwiftKey. Why, because they couldn't code their own virtual keyboard? Of course not. They were buying SwiftKey's user base.

          Why? What makes a virtual keyboard worth two hundred and fifty MILLION dollars?

          It's so Microsoft can know what you type, including things that are private.

          Appl

      • Hey! Aren't the trees where the Apples are?

    • Any attempt by a defense lawyer to claim 'entrapment' in this case would have that shot down in two seconds flat in a court of law.
  • Assuming signal is not a honeypot with extraordinary pr, itâ(TM)s fairly straightforward research to determine who is and is not a worthy platform and was even a few years ago.

    • by gweihir ( 88907 )

      Signal has some people that will be very hard to corrupt. That makes Signal pretty secure. They also have complied with court orders. Deception on this level is beyond the usual authoritarians.

      That said, most criminals _are_ stupid and have about the same understanding of IT and IT Security of an average person, i.e. next to none. Many stupid people go for conspiracy theories and an "Underground Secure Phone!" may have fit right into their fantasy of how the world works.

      • Many stupid people go for conspiracy theories and an "Underground Secure Phone!" may have fit right into their fantasy of how the world works.

        To be fair, this was indeed very truthfully an "Underground Secure Phone" in every way... except the one way that mattered to the people who wanted it for the purposes for which they wanted it.

        I would have loved to get my hands on a few of these for entirely non-criminal purposes.

  • by GameboyRMH ( 1153867 ) <gameboyrmh.gmail@com> on Sunday September 12, 2021 @04:42PM (#61789263) Journal

    I think it's spelled The Grauniad.

  • by 140Mandak262Jamuna ( 970587 ) on Sunday September 12, 2021 @04:46PM (#61789271) Journal

    The Guradian's story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"

    Lets say the law enforcement did not do this. Would that stop the tyrant?

    • Agreed. I didn't really understand the point of that argument, either. I can understand being worried about a law enforcement agency gathering up private conversations, but this argument that it is somehow going to CAUSE a tyrant to do this as laughable.
      • by ghoul ( 157158 )
        Yeah you are getting confused because you somehow think tyrants and law enforcement are different entities. There is no natural law of property in nature. Law enforcement was inventedby tyrants to protect their wealth from the masses.
        • by dfghjk ( 711126 )

          Right, the "masses" don't benefit from enforced "property rights" at all.

          It's amazing the stupid shit people will post on /.

      • by dfghjk ( 711126 )

        The question is posed to draw your attention to the idea that you may support the effort because the victims are "already criminals", as has been expressed here already by usual dimwits. If you can violate constitutional rights and ignore requirements for court orders for one group, you can also do it to protestors and political enemies. See, it's not really hard to understand.

        • If you can violate constitutional rights and ignore requirements for court orders for one group, you can also do it to protestors and political enemies.

          That wasn't the argument brought up in the summary or this thread.

    • by ytene ( 4376651 )
      Just been looking for a link to this story and can’t find it now but I remember back near the beginning of Gulf War 1, the US made some public comments about being concerned that they had learned that there was a consignment of super-secure phones in some warehouse in Kuwait. The US said they were concerned because they had an unbreakable new encryption scheme running on them

      In reality, the warehouse contained a series of phones that the US would be particularly easy to track and intercept, because
      • How about the ruse that was spread by Iran that Saddam was a tyrant and had no Iraqi support and USA would be welcomed as liberators in Iraq. 30 years later, 2 wars and multiple insurgencies, 12 trillion dollars , 5000 deaths and 25000 crippled soldiers later, USA still falling for it.
        • Saddam, or someone like him, would be the only kind that can rule Iraq.

          Shias to the East, Sunnis to the West, fertile Mesopotamian valley in the middle ... they have been fighting since the days of Prophet Mohammad. The schism, called Fitna in Islam, happened just one generation after Mohammad. His wife Aisha fought in it leading a camel borne infantry against Ali, a son-in-law of Mohammad to avenge the assassination of the third Caliph, Uthman who was another son-in-law of Mohammad. https://en.wikipedia. [wikipedia.org]

        • by ytene ( 4376651 )
          The problem is, as the old (and wise) saying goes, "In war, the first casualty is truth."

          If you wind the clock back far enough - for example to the time of the Shah of Iran, before the Iranian Revolution in 1979 - you would see that the US was friendly towards Iran and indifferent towards Iraq. Then the Iranian Revolution overthrew the Shah, the US military went and crashed a few helicopters in the desert, trying to rescue hostages from the American Embassy in Tehran, and Iraq was viewed favourably.

          Bu
          • I've a horrible feeling that you're absolutely right about the causes of the Gulf War.

            There was so much FUD about Iraq and the reasons for war. I don't think we can ever be sure what the motivations really were but I'm pretty sure they weren't honourable.

    • Is a tool of tyrants. I'm not saying I want to do away with the police but if you look at the history and uses of police it's extremely common for it to be used against the population. Go read up on how occupy Wall Street was shut down by a combination of local police and the FBI coordinating using provisions of the Patriot act but our politicians pinky swore would never be used on American citizens.

      We have a huge number of institutions explicitly designed to prevent our military from overthrowing our g
      • by gweihir ( 88907 )

        Indeed. The problem is that the Police does tend to attract small-time authoritarians. Hence these people are generally more than willing to enforce any and all laws, the more restrictive the better and many have absolutely no restraint doing that. These are exactly the wrong people doing the job if you want any protection of freedoms.

        Now, doing away with the police is not a good idea. But it needs to be carefully monitored and illegal behavior bu the police must have serious consequences for those that do

      • by vivian ( 156520 )

        Tyrants don't need to use a fake security app - they have complete control of the networks and can see who it contacting who, and use the age old method of a hammer and pliers to extract any necessary information from suspects.

    • by gweihir ( 88907 )

      Law enforcement has, does and will server tyrants. There is nothing inherently ethical about laws or the people that enforce them and they are in no way required to protect freedoms. That is just the pretext used to sell laws.

    • by dfghjk ( 711126 )

      The answer, at least in the US, is judicial oversight. The judicial branch is tasked with preventing this, both against suspected criminals and "rivals or innocent protestors".

      So, did a judge authorize this blanket wiretapping of unidentified people?

  • what's to stop a tyrant doing the same against rivals or innocent protestors?

    Wow, that's a really, interesting ethical question.

    Oh wait, it's not, at all. Who cares.

    1. Governments are already doing this.
    2. However, if this really, really, really worries you, instead of buying your phone from your friend who "knows a guy" buy it from Apple.

    Problem solved.

    • Apple is currently actively building and deploying infrastructure to report private data from phones to them and to authorities. There's absolutely no practical way to prevent that infrastructure being drafted into service by any government for any other data they want.
    • Apple is now the worst option. They spent years building up a reputation only to completely torch it in a single day. They crossed a major line in having the OS scan the local drive for prohibited files. That's further than even the companies with a reputation for terrible privacy practices have gone. They may have been able to resist writing whole new software, but there's no chance they can resist adding a hash to the list, and probably no chance they can resist reducing the threshold or changing folders
    • Even if Apple really wanted to be ethical, which they don't, they wouldn't have any choice but to comply with a NSL requiring them to hoover up user data, and they wouldn't be allowed to tell us they had done it either. Using closed-source software when you expect security is a spectacular idiot move.

  • by careysub ( 976506 ) on Sunday September 12, 2021 @05:11PM (#61789335)

    The Guradian's (sic) story was shared by jd (Slashdot user #1,658), who sees an ethical question. "As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?"

    And the ethical answer is that this operation makes that less likely to work. The An0m phone scam is now well known, and a tyrant seeking to get rivals or protestors to use their own "secure" device or app will have a harder time tricking them. People will say: "Remember the AnOm phone? Maybe I should just use PGP encryption, or other stealth measures, that I control.

    • It also makes it harder for anyone trying to sell âoerealâ secure phones to criminals because they wonâ(TM)t be trusted. AFAIK this phone was actually secure except for it sending copies of everything to law enforcement.
    • by dfghjk ( 711126 )

      As though "rivals" and "innocent protestors" are the only concerns.

      We have literally been witnessing efforts for "right wing" social media alternatives; fundamentally the exact same things that are talked about here. You think it's somehow different that a "tyrant" monitor his own rather than monitor the "opposition"? A tyrant views everyone as potential opposition.

  • Embracing transparency. Which means being true to a set of ethical standards in all of life's actions.

    You can call me Buddha all you like, but when you can see the possibility of calling yourself Buddha, then you know you're getting somewhere!

  • "a tyrant" (Score:5, Insightful)

    by PCM2 ( 4486 ) on Sunday September 12, 2021 @05:21PM (#61789377) Homepage

    "What if a tyrant did it" is a kinda dumb, slippery-slope type argument.

    The first question should be: Is this an ethical thing to do in a presumably free and democratic society? Whichever answer you give, then the same rules apply to tyrants.

    If it is an ethical thing to do, then "but wait, you're a tyrant" just sounds like the usual name-calling that governments do to each other.

    • by gweihir ( 88907 )

      I do no know whether what they did is an ethical thing. It looks at the very least highly fishy. Like selling fully functional weapons to criminals, but with a tracking beacon. Or like selling drugs to criminals to they can re-sell them.

      But the way to limit this is pretty clear and works in other areas: Have an ethics oversight committee that has no stake in the outcome (hence absolutely no judges, politicians, lawmakers or police-persons on it) and is very hard to influence. What for for medical experiment

      • How is a phone like weapons or drugs? It isn't, not at all.

        It's like if the police opened a restaurant that serves the favorite dish of the local mob boss, so that he'd hold his meetings over dinner there while the cop waiters listen in. Which is absolutely fine.

        • by gweihir ( 88907 )

          Read a bit up on war and organized crime: Communications is _more_ important than weapons. So you are right, it is not the same. It is _worse_.

    • The first question should be: Is this an ethical thing to do in a presumably free and democratic society? Whichever answer you give, then the same rules apply to tyrants.

      Only if you assume the tyrant is willing to hold himself to the rules, since no one is in a position to hold him to them.

      What makes intrusive government action ethical in a free and democratic society isn't the details of the action, it's the details of the due process surrounding the authorization and response to the action. It's the impartiality of the judges and the evenhanded application of the rule of law. But when a tyrant does the same thing, they don't have to follow due process and the rule of la

    • by mjwx ( 966435 )

      "What if a tyrant did it" is a kinda dumb, slippery-slope type argument.

      The first question should be: Is this an ethical thing to do in a presumably free and democratic society? Whichever answer you give, then the same rules apply to tyrants.

      If it is an ethical thing to do, then "but wait, you're a tyrant" just sounds like the usual name-calling that governments do to each other.

      My first thought on that would be... Why would a tyrant go to such lengths when all a tyrant needs to do is manufacture enough evidence to convict them? If even bothering with that at all... The hallmark of a tyrant adhering to a fair and just legal system, they usually just arrest and execute their opponents sans trial.

  • by felixrising ( 1135205 ) on Sunday September 12, 2021 @05:26PM (#61789409)
    A strong argument for open source software.
    • by gweihir ( 88907 )

      A strong argument for open source software.

      More like a strong argument for _popular_ FOSS. Niche FOSS often sucks and does not get much review.

  • The moral of the story is to verify your shit before buying into it. Tyrants are everywhere, and they're extremely popular these days

    • by gweihir ( 88907 )

      Indeed. These defectives have been a blight on the human race forever and will continue to be until we find a way to identify them early in ans securely contain their evil before they get power of any kind.

      The other moral is to not trust anything you do not understand. Can be done with one indirection, but at two, it already gets dicey. Trust is not transitive.

  • As the article notes, what's to stop a tyrant doing the same against rivals or innocent protestors?

    Freedom Phone in a nutshell.

  • https://mobile.slashdot.org/st... [slashdot.org]

    Dicedot needs new editors as the current batch display obvious contempt for the site and their audience. I'm not sure who owns Slashdot but they would be wise to direct the current staff to do a better job (their slackness is clearly deliberate so they know exactly what they are doing therefore can easily choose to correct it) or replace them with humans who support what made the old Slashdot great.

  • by TFAFalcon ( 1839122 ) on Monday September 13, 2021 @02:20AM (#61790567)

    Could the customers that were not arrested launch a class action lawsuit? This seems to me to be an obvious case of false advertisement.

  • Back in college I wrote my own encryption/decryption program. I knew it was secure up to a point. But I do wonder what the criminal underworld's tech people were thinking trusting some software that they didn't write in-house.

    • Simple: This is merely natural selection. They only caught the stupid ones.
      The average IQ in the set of criminals just went up.

    • by vivian ( 156520 )

      The problem is if you want to talk to other criminals they all have to use the same security protocol - it doesn't work if each criminal or each individual organization writes it's own secured app, each unable to communicate with others. This app naturally seemed like it was one that had been written by a criminal organisation and the additional genius of making it expensive and hard to get and only available via criminal associates made it that much more believable that it was what it claimed to be.

    • I do wonder what the criminal underworld's tech people were thinking trusting some software that they didn't write in-house.

      You cannot trust any encryption software which is not reasonably provable or which is not at least peer reviewed. They don't have the people to do it in the first place, and even if they did, it would be a bad idea.

      You're much better off using something open source and popular than trying to write your own solution.

    • What is the alternative? Every criminal's tech people write their own encryption software which would be trusted by no one else's tech people.
  • And having somebody *YOU* personally trust audit the damn thing too!

    Claims by third parties that you don't know are useless.
    Example: The CAs behind your browser's built-in TLS certificates.
    Other example: Auditing companies that you don't know auditing WhatsApp or Telegram or Treema.

  • As an IT guy, I know without a doubt that:

    - The only secure device is one you make yourself.

    and that

    - Rolling your own encryption/security is a recipe for disaster.

    So... good luck with that. You need to be a genius who is able to secure their device against the most determined and well-funded of state-level attackers.

    But most people aren't - so they have to rely on someone else being one of those kinds of guys. And they have no idea whatsoever if those guys are actually on their side or not, like this.

    If

  • I wouldn't be surprised if the majority of the pedo / crime / arms / terrorism sites on the dark web were stings operations that will bear fruit one day. Because it's much easier pickings if the scumbags come to you and do their dealings in "secrecy" while you read everything they say rather than infiltrate them after the fact. It's like gathering all the rotten fruit up in one basket and smashing them in one fell swoop.

    This communication app is just an extension of that. They must have seeded the app aro

  • The quantity of harm by Tyrants using this technique is nothing compared to the harm organized and common crime does to everyone in every country. This is not a good reason to say privacy matters above all else. Most people need privacy from criminals finding out where we live and what our money numbers are, and we don't need An0n's super privacy, and mainly, if our shit is recorded and scanned by the police, will be boring and unactionable. I say, good for the US and Australia law enforcement for this

  • The phone that gets a pillow case put over your head, a punch to your stomach, and your body thrown into the back of a windowless van driven by guys who work for scary 3 letter agencies.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...