Your IP:Unknown

·

Your Status: Unknown

Skip to main content


FBI honeypot leads to 800 arrests

Police in the US and Australia used a honeypot, a fake “secure” messaging app with encryption backdoors, to arrest hundreds of criminals. While many will argue that the end justifies the means, this operation has fueled the debate around encryption services and law enforcement.

Feb 20, 2023

5 min read

police surveillance

What is an FBI honeypot

An FBI honeypot, just like any other honeypot, is a virtual trap for criminals. It is software created as bait to lure in lawbreakers for the purpose of gathering information on them, deflecting attacks, and preventing organized crime. This software has a built-in backdoor that law enforcement agencies, like the FBI, exploit.

How does an FBI honeypot work?

FBI honeypots are made to look like real software (computer systems, websites, apps) that offers features that may be attractive to attackers. Once the criminals start using it, the FBI can utilize the backdoor of the software to gain access to the criminals’ data that is transferred over the system.

For example, an encrypted messaging app is a perfect trap for organized criminals who have a huge demand for encrypted communication platforms. Once they start using the app, the FBI begins collecting evidence about their actions and whereabouts in order to carry out a sting operation. But does the FBI have the right to do so?

It is debatable whether FBI honeypots are legal. The laws regarding surveillance and data collection differ in each country and state.

In the US, the Electronic Communications Privacy Act, often referred to as the Wiretap Act, prohibits any interception, use, disclosure, or procurement of electronic communications. However, law enforcement officials can legally obtain communications if one party consents to it, for example, when an FBI informant or agent takes part in the communication. Other legal exceptions to the ECPA include the search for evidence of criminal wrongdoing, reaction to threats, and protection of citizens and organizations.

For example, in the EU, the independent data protection authority, the European Data Protection Supervisor (EDPS), states that “Any form of surveillance is an intrusion on the fundamental rights to the protection of personal data and to the right to privacy.” But there are exceptions when surveillance is “provided for by law” and deemed “necessary and proportionate.”

Example of an FBI honeypot

In 2018 Australian police and the FBI came up with Operation Greenlight/Trojan Shield. In one of the largest global stings in modern history, more than 800 arrests were made worldwide. The successful operation was possible because of an encrypted messaging app with secretly installed backdoors.

US officials infiltrated the criminal world and distributed smartphones with a pre-installed encrypted communications app called AN0M. The app, developed by the FBI, had a backdoor that allowed Australian police to read the messages their targets were sending in real-time on those phones.

In total, 12,000 devices distributed among 300 criminal groups in more than 100 countries were monitored. During a huge global operation, more than 800 arrests were made. The authorities confiscated almost 40 tons of drugs, millions of dollars in cash, various weapons, and numerous luxury cars.

The AN0M messaging app is essentially a honeypot – software that looks genuine but is secretly a trap designed to catch criminals in the act. Only in this case, it was used as a tool for gathering evidence that allowed authorities to carry out this massive operation.

Privacy vs. public safety

Operation Greenlight/Trojan Shield highlights an ongoing argument between lawmakers and privacy-focused companies like NordVPN.

Authorities argue that they will be better equipped to keep the public safe if private companies give them backdoor access to encryption services like VPNs or anonymous messengers. Along with many privacy advocates, we disagree, for two reasons:

  • State-sanctioned hacking sets a dangerous precedent. If an encrypted messenger service lets authorities view user activity once, there’s no reason to think it won’t happen again. While one specific set of circumstances might make such an operation seem justified, it could set a precedent for law enforcement demanding regular backdoor access. Pretty soon, no encryption service would be truly private.
  • Encryption backdoors could be used by cybercriminals. If companies leave weak spots in their code for law enforcement agents to use, there’s no way to guarantee that cybercriminals won’t stumble on them. There’s a growing concern that the NSA has been secretly maintaining backdoors in various softwares; if that’s true, they’re putting users at enormous risk.

However, Operation Greenlight/Trojan Shield did not involve these questionable tactics. Police worked in a highly targeted fashion: instead of forcing backdoor access into apps used by the general public, they distributed smartphones with built-in backdoors directly to known criminals. This could be a step in the right direction.

Can hackers detect honeypots?

Yes, hackers can detect honeypots if they are experienced enough and apply special methods. But by the time they complete their investigation, law enforcement officials will have obtained at least some information about them.

Privacy tools and criminal activity

Privacy and security are something we all want. Law-abiding citizens have a right to both, and can use many tools to protect their data and communications. Backdoors violate these rights.

Yes, wrongdoers use privacy tools and encrypted messengers. But the overwhelming majority of people who benefit from these services aren’t criminals.

Operation Greenlight/Trojan Shield proved that targeted attacks like these could be the compromise we’re looking for. They are effective for the police, and they don’t put the privacy and security of regular users at risk.

Whether or not this approach becomes the norm remains to be seen. However, we’ll continue to follow the debate, and to advocate for individual privacy.

Like what you’re reading?

Get the latest stories and announcements from NordVPN

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We won’t spam and you will always have the choice to unsubscribe


author malcolm 1 png

Malcolm Higgins

Malcolm is a content writer specializing in cybersecurity and tech news. With a background in journalism and a passion for digital privacy, he hopes his work will empower people to control their own data.