ISSUE 18.23.F • 2021-06-21

ADVERTISEMENT

Become a PLUS member! Plus members receive the full newsletter, including all our great content about Windows, Microsoft, Office, 365, PCs, MS-DEFCON Alert notifications, useful and safe freeware, Susan Bradley’s sought-after patch advice, and continuous access to the complete archive of nearly two decades of Windows Secrets and AskWoody Newsletters.  Support our Donation model – Join AskWoody PLUS Today!

PUBLIC DEFENDER

By Brian Livingston

Special smartphones that were supposedly the most super-secretive in the world actually resulted in at least 800 arrests, the seizure of eight tons of cocaine, and the recovery of $48 million in currency from organized-crime gangs on June 6 and 7.

The FBI, Europol, Australian Federal Police, and the law-enforcement agencies of several other countries announced on June 8 that they had quietly intercepted 27 million messages from what’s being called “WhatsApp for criminals.”

How this sting operated holds valuable information for you and any company you work for, even if you aren’t planning to join an organized-crime syndicate soon.

The intercepted material had come from customized smartphones called Anom (short for anonymity). The phones had been “jailbroken” — an ironic term, in this case — with most tracking and app functionality removed. Even the phones’ GPS capabilities were disabled, supposedly to prevent a user’s location from being revealed. (See Figure 1.)

To appear like an ordinary phone, the stripped-down devices included a typical calculator app. But the cute utility hid a texting service that was advertised as being untraceable by authorities.

Figure 1. A link to Anom offered the customized phones (in Dutch, in this instance) for 1,500 euros, about $1,817. That included six months of worldwide connectivity, renewable for another $250 or so each month after the initial period.  Source: We the World

Impressed by the device’s supposedly unbreakable encryption, thousands of Anom purchasers soon dispensed with code words and cryptic comments. Some of the communicators were so bold as to include photos of drug shipments as proof of delivery. And others casually discussed which functionaries who had outlived their usefulness would be whacked or, in one case, thrown overboard to drown at sea. (See Figure 2.)

Because the FBI and other agencies had set up the Anom system in the first place, all the messages went straight into law-enforcement computers, where they were translated when necessary and acted upon almost in real time.

Figure 2. Believing themselves to be free from detection, users sent each other photos of drug deliveries (left) and made arrangements for the murder of inconvenient lackeys (right).  Source: Screen shots from FBI statement

To give criminals a good reason to buy the new “super encryption” phones, authorities in numerous countries coordinated their efforts to shut down pre-existing devices and services that also served organized crime:

The shutdown of each of these messaging networks tended to push organized-crime gangs toward a new device — Anom. What the criminals didn’t know is that Anom had been secretly run since 2019 by law-enforcement agencies in the US, UK, Europe, Australia, New Zealand, and other countries.

Instead of learning a valuable lesson — encrypted phones might not be as secure as advertised — criminals simply flowed into Anom. By May 2021, more than 12,000 Anom phones were operating in at least 100 countries around the world.

In an unrelated case — but another sign that everything is not as secure for criminals as they may think — the FBI made a major breakthrough in the tracking of bitcoins that had been paid out by a victim of a ransomware attack.

Colonial Pipeline, a distributor of almost half of the gasoline and jet fuel delivered to markets in the eastern United States, announced on May 7 that its computer systems had been locked up by a cyber attack. As filling stations in numerous states quickly began running out of fuel, the company transmitted into a hacker’s digital wallet a ransom of 75 bitcoins, worth about $4.3 million at the time.

Remarkably, the FBI reported on June 7 that it had recovered 63.7 (or 85%) of the bitcoins that Colonial had sent to the hackers. The agency had somehow determined the perpetrators’ “private key” and simply transferred the cryptocurrency back to the pipeline’s owners. In other words, the FBI had hacked the hackers.

Anom’s busts and Colonial’s bitcoins have been widely reported elsewhere, so I won’t go into all the fascinating details here. What’s important — for individuals as well as company executives who are concerned about security — is to answer some pressing questions:

What encryption devices can you trust? You can’t fully trust anything. No matter how strong an encryption scheme may be, there’s always a possibility that the software or hardware contains a “back door” to allow some agency — or a snoopy insider — to record your communications.

We’ll debate for the rest of our lives the correct balance between absolute privacy, in which no wrongdoing can ever be detected, and legitimate court-authorized warrants to permit agencies to collect evidence on suspected criminals.

In the meantime, no matter how much you think you’ve ensured privacy, you always need to consider the likelihood that someone, somewhere, might be listening in.

Do you know something that we all should know? Tell me about it! I’ll keep your identity totally confidential or give you credit, as you prefer. Send your story via the Public Defender tips page.

Join the conversation! Your questions, comments, and feedback about this topic are always welcome in the AskWoody Lounge!

The PUBLIC DEFENDER column is Brian Livingston’s campaign to give you consumer protection from tech. If it’s irritating you, and it has an “on” switch, he’ll take the case! Brian is a successful dot-com entrepreneur, author or co-author of 11 Windows Secrets books, and author of the new book Muscular Portfolios. Get his free monthly newsletter.

You’re welcome to share! Do you know someone who would benefit from the information in this newsletter? Feel free to forward it to them. And encourage them to subscribe via our online signup form — it’s completely free!

Like what you see in the AskWoody FREE newsletter? Become a PLUS member! As a Plus member, you’ll receive the full newsletter, including all our great content about Windows, Microsoft, Office, 365, PCs, MS-DEFCON Alert notifications, useful and safe freeware, and Susan Bradley’s sought-after patch advice. Plus membership also allows continuous access to the complete archive of nearly two decades of Windows Secrets and AskWoody Newsletters. Naturally, Plus members have all the benefits of free membership, including access to the popular AskWoody forums. The cost? We’re supported by donations — choose any amount for a one-year membership. Every little bit helps.  Join AskWoody PLUS Today!