Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

FBI make 800 arrests thanks to “encrypted” app

Police in the US and Australia used encryption backdoors in a fake “secure” messaging app, leading to hundreds of arrests. While many will argue that the ends justify the means, this operation has highlighted a growing debate around encryption services and law enforcement.

Malcolm Higgins

Malcolm Higgins

FBI make 800 arrests thanks to “encrypted” app

A messaging app leads to hundreds of arrests

In 2018 Australian police and the FBI came up with Operation Greenlight/Trojan Shield. In one of the largest global stings in modern history, more than 800 arrests were made worldwide. The successful operation was possible because of an encrypted messaging app with secretly installed backdoors.

US officials infiltrated the criminal world and distributed smartphones with a pre-installed encrypted communications app called AN0M. The app, developed by the FBI, had a backdoor that allowed Australian police to read the messages their targets were sending in real-time.

In total, 12,000 devices distributed among 300 criminal groups in more than 100 countries were monitored. During a huge worldwide operation, more than 800 arrests were made. The authorities confiscated 30 tons of drugs, millions of dollars in cash, various weapons, and numerous luxury cars.

The AN0M messaging app is essentially a honeypot – software that looks genuine but is secretly a trap designed to catch criminals in the act. Only in this case, it was used to gather the information that allowed authorities to carry out this massive operation.

Privacy vs. public safety

Operation Greenlight highlights an ongoing argument between lawmakers and privacy-focused companies like NordVPN.

Authorities argue that they will be better equipped to keep the public safe if private companies give them backdoor access to encryption services, like VPNs or anonymous messengers. Along with many privacy advocates, we disagree, for two reasons:

  • State-sanctioned hacking sets a dangerous precedent. If an encrypted messenger service lets authorities view user activity once, there’s no reason to think it won’t happen again. While one specific set of circumstances might make such an operation seem justified, it could set a precedent for law enforcement demanding regular backdoor access. Pretty soon, no encryption service would be truly private.
  • Encryption backdoors could be used by cybercriminals. If companies leave weak spots in their code for law enforcement agents to use, there’s no way to guarantee that cybercriminals won’t stumble on them. There’s a growing concern that the NSA has been secretly maintaining backdoors in various softwares; if that’s true, they’re putting users at enormous risk.

However, Operation Greenlight did not involve these more questionable tactics. Police worked in a highly targeted fashion: instead of forcing backdoor access into apps used by the general public, they distributed smartphones with built-in backdoors directly to known criminals. This could be a step in the right direction.

Privacy tools and criminal activity

Privacy and security are things we all want. Law-abiding citizens have a right to both, and can use many tools to protect their data and communications. Backdoors violate these rights.

Yes, wrongdoers use privacy tools and encrypted messengers. But the overwhelming majority of people who benefit from these services aren’t criminals.

Operation Greenlight proved that targeted attacks like these could be the compromise we’re looking for. They are effective for the police, and they don’t put the privacy and security of regular users at risk.

Whether or not this approach becomes the norm remains to be seen. However, we’ll continue to follow the debate, and to advocate for the privacy of the individual.

Malcolm Higgins
Malcolm Higgins Malcolm Higgins
Malcolm is a content writer specializing in cybersecurity and tech news. With a background in journalism and a passion for digital privacy, he hopes his work will empower people to control their own data.