Journalist Joseph Cox reveals how an ‘encrypted’ app sting took down organized crime

Journalist and 404 Media podcaster Joseph Cox tells the weirder-than-fiction true story about how the FBI ran its own tech company for organized crime in his book, Dark Wire: The Incredible True Story of the Largest Sting Operation Ever.

Cox joined Michael “Roo” Fey, Head of User Lifecycle & Growth at 1Password, on the Random But Memorable podcast to explain all of the cloak-and-dagger action and dig into the larger question of privacy versus security.

Read highlights from the interview below or listen to the full podcast episode for more fascinating tidbits like just how global organized crime is today and how a reporter goes about contacting sources in the underworld.

Editor’s note: This interview has been lightly edited for clarity and brevity. The views and opinions expressed by the interviewee don’t represent the opinions of 1Password.

Michael Fey: How have things been going since the book launch? Do you want to start by giving listeners a brief overview?

Joseph Cox: Let me speed-run the plot. In 2018, there was an encrypted messaging app that started to get popular among organized criminals. We’re talking drug traffickers, hit men, money launderers, and smugglers. It starts in Australia and then gets popular in Europe. They’re using this app because it says it sends end-to-end encrypted messages; explicitly: “We are going to keep your communications out of the hands of law enforcement.”

But some weird stuff happens. Some drug shipments get seized, some drug labs get raided, and eventually it turns out that ANOM, the app, was run by the FBI. It was an audacious and brazen operation in which the FBI ran its own tech company for organized crime.

MF: That’s unreal. First of all, there’s a movie plot here for sure! But also, it’s just wicked fun to hear that the FBI went outside of the bounds of normal law enforcement to do something like this.

JC: It’s a crazy story. There are, of course, many cybersecurity and encryption implications but you can’t ignore that it’s a true crime thriller on a global scale. We’re talking more than a hundred countries with thousands upon thousands of devices, and thousands upon thousands of criminals.

“It’s a true crime thriller on a global scale."

MF: How did the FBI go from nothing to an app that had effectively infiltrated a criminal underworld?

JC: To step back a little bit, there’s what I call a shadow industry of encrypted phone firms. Most of us get our phones from Apple, Google, Samsung or some other kind of Android hardware. Back in the day, maybe we got Blackberries.

Around that time, companies started taking that hardware, especially Blackberries, and adding encrypted email software onto them so you could send messages that would not be susceptible to a normal wiretap. They also took out the microphone, the camera, the GPS, and radically modified the device.

Fast-forward a bit and these phones are very annoying to law enforcement, and the FBI shuts down a company called Phantom Secure that was used by the Sinaloa drug cartel. It was used by biker gangs in Australia. It was a real heavy-hitter in this industry. The FBI shuts the company down thinking: “Oh, there was a gold rush of selling phones to organized criminals. But maybe this is the end of it. Or maybe this is the start of the end of this industry.”

In the wake of that, a person who calls himself Afgoo – who was selling phones for Phantom Secure and another company called Sky – had been making what they called the “next generation of encrypted phone.” That was ANOM. They offered it to the FBI so they wouldn’t face prosecution for charges because of their involvement in the industry. That’s how ANOM fell into the FBI’s lap. The FBI didn’t go out and say, “Let’s make an encrypted phone company”. At least initially.

“ANOM fell into the FBI’s lap. The FBI didn’t go out and say, “Let’s make an encrypted phone company."

Afgoo was offering to provide the technical infrastructure and a very, very large slice of organized crime, rather than just one criminal organization. That’s what eventually happened. But it wasn’t clear when the organization first started that anybody would actually buy the phones.

MF: Was ANOM already used by criminal organizations at this point, or was that a step that the FBI then had to get to?

JC: It was exceptionally small at the start. It was more of a brainchild of Afgoo. I believe people had the devices but it was on absolutely no sort of scale.

Afgoo provided five phones, literally just a handful, to a seller in Australia, Domenico Catanzariti. Australian authorities alleged he was connected to the Italian mafia in Australia. The mafia is really big in Australia when it comes to money laundering and drug trafficking, and everything you would expect. Very quickly the Australians see that: “Everybody on this platform is using it a hundred percent for crimes.” Word of mouth spreads and the phones become more popular.

“The FBI let it develop on its own."

The FBI said they never got hands-on with the actual selling of ANOM because they didn’t want to be called out for entrapment. It’s one thing to have ANOM organically spread among criminals and then you piggyback on the back door, and you just listen to communications. It’s another to deliberately approach somebody and be like: “Hey, do your crimes on this platform.” That could be very dicey. That’s why the FBI let it develop on its own.

MF: It really revealed some interconnectedness and efficiency of the criminal networks that the FBI wouldn’t have had visibility into otherwise.

JC: A key thing about organized crime nowadays, is that it’s more globalized than ever. It no longer makes sense to talk about organized crime groups, which just operate on their own turf. You now have to talk about organized crime networks.

What that meant for the encrypted phone industry is that when the phones started to get a bit more popular in Australia, Afgoo and ANOM would get these requests asking: “Hey, can you ship phones overseas? Because I have people there who also need these phones.”

That especially happened, at least at first, in Europe. Europe is not just a massive consumer of drugs – I think it’s actually overtaken the U.S. for the consumption of cocaine – it’s now becoming a massive producer of drugs, including amphetamine and methamphetamine.

It has completely flipped from being a passive, or a transit hub, to being an epicenter of drug production. You can see why people on ANOM wanted to get phones over there, and that was the next step in ANOM’s growth.

MF: I’m assuming there was some intense investigative work that you had to do for this book. How do you even go about researching something like this?

JC: I’m not going to sugarcoat it. This was the hardest journalistic investigation I’ve ever done.

I spoke to people from every part of the operation. That included FBI agents, Australian law enforcement, European police officers. And then the criminal side. I spoke to drug traffickers who used the phones, who have used other encrypted phone devices, and people who sold ANOM phones to organized criminals.

I also spoke to some of the people who coded the ANOM app, who did not know they were working on a surveillance tool.

MF: What were some of the key ethical boundaries and dilemmas that law enforcement faced during the sting operation? You mentioned earlier not actually selling the phones, but I have to imagine that those boundaries were razor-thin throughout this.

JC: There’s a constant tension throughout the book and the operation. When the FBI starts to get intelligence from the ANOM platform – in addition to a ton of European partners who get involved and the Australians – there’s this constant question of: “Well, what do we do with this intelligence? Do we act on it? Do we go and seize this massive cocaine shipment? Do we raid this drug lab? Do we potentially arrest this person?”

Ordinarily those would be pretty straightforward considerations. “We’re police officers, we go and grab the cocaine.” But, if you do too much the criminals may start to suspect the phones and ditch the platform altogether.

“If you do too much the criminals may start to suspect the phones and ditch the platform altogether."

That was an ethical dilemma that these agents faced every single day. It’s like: “Well, if we let that cocaine walk, that’s tons of coke getting into Europe, or Australia, or wherever.”

Another major ethical consideration connected to that is that it’s one thing to decide whether to “let the drugs walk,” as they say, but it’s another when there are threats to life transmitted across the platform. This is when somebody is going to be planning an assassination on ANOM, which is a very common occurrence in the world of organized crime. Maybe they’re going to torture somebody, maybe they’re going to kidnap somebody.

The agents saw this constantly, and in order to get approval, they had to promise higher ups to the DOJ: “Whenever we detect a threat to life, we’re going to act to warn the relevant authorities. We’re going to try to do something.”

They said they did this in around 150 cases. Which is a great success. I reveal in the book that at least one person did die because of an assassination that was fully planned on ANOM.

MF: Can you walk through how it all came to an end for both law enforcement and the criminal world?

JC: In early 2021, the FBI had a bit of a problem. ANOM was too successful. They started to lose control of the platform. The FBI would push back against that statement. They would say: “We could turn it off whenever we wanted.”

But distribution of the phones was actually now under the control of a gangster and another very top-tier drug trafficker. They were making the phones whenever they wished and giving them to whomever they wanted.

Then, the court order that legalized the operation was going to expire in around June 2021. That’s when they decide to wrap it all up. June 7th, 2021 is going to be the big day, and the way they do that is by following the sun.

“The court order that legalized the operation was going to expire in around June 2021. That’s when they decide to wrap it all up."

It starts in Australia, and the Australian authorities, the AFP Federal Police, and the state agencies, they do a bunch of raids. They kick off the first dominoes in that line, which is then stretching across to Europe. As the day continues and the sun moves over there, European officials start arresting people as well.

Until eventually the sun moves to the West Coast in the U.S..

The prosecutors and the FBI in San Diego, they come forward and they clarify: “We’ve been running ANOM the entire time. This was not an ordinary phone company. We’ve been managing it and we’ve been getting all of the messages.” That drops a grenade among the organized criminal community – not just ANOM users themselves, who are now in really big trouble, but the wider underground.

The FBI, as was its goal, has now shattered the trust in the encrypted phone industry. They didn’t just want to arrest people, they wanted criminals to doubt whether they could trust these encrypted phones in the first place, so then maybe they would go back to more old school techniques that perhaps the FBI could surveil better. I don’t know, social media, ordinary phones, even face-to-face meetings, but not the end-to-end encryption. And in general, the FBI has been pretty successful at that.

“They didn’t just want to arrest people, they wanted criminals to doubt whether they could trust these encrypted phones in the first place."

MF: That’s a fascinating outcome. The FBI was able to sew fear, uncertainty, and doubt, and have probably capitalized on that since then.

JC: And even if they don’t feed it, the paranoia is still going to be there. After the FBI came clean, I was speaking to an encrypted phone seller from Europe, and they said it is basically impossible to build a customer base now. All of the users are thinking, “Well, what’s to say the FBI isn’t behind this one as well? Or maybe it’s the Australians this time, or maybe it’s the Dutch? Who knows?”

More and more criminals, at least the ones I’ve spoken to or the ones I’ve heard about, are moving to consumer platforms, like Signal, that we all use. And that brings up, obviously, a very key question, which I deliberately do not answer in the book, because I don’t think it’s my place.

“More and more criminals are moving to consumer platforms."

I think this is for people in InfoSec, cybersecurity, privacy, lawmakers, whoever, to discuss now. It’s: What happens in terms of privacy when more criminals move to a platform that’s used by all of us? Will the FBI then do some operation on that as well?

MF: Did completing the book change your perspective on the cybersecurity landscape?

JC: I’ve been covering surveillance and privacy for a long time. I’ve been covering how the FBI will use hacking tools or network investigative techniques in either a targeted fashion or in a very broad fashion, where they hack all of the users of a single site.

I see three different ways forward when it comes to encryption, data access, and cybersecurity of these platforms.

The first is the front door. That’s companies giving data to the authorities under a legal order. Discord does this all the time. It could be Twitter, Facebook, or whatever. The very normal: “We send you a subpoena or a search warrant depending on what the data is.”

For encrypted communications platforms, that would introduce a vulnerability. If Signal just provided a copy of the messages, I don’t think people would like that and it would have ramifications.

The second way is – if you’re not using the front door, then maybe the FBI is going to do these large-scale operations where they secretly run a tech company for organized crime. Maybe people are okay with that or maybe people aren’t, but we haven’t had that discussion yet.

To be clear, I think the ANOM operation is a consequence of companies not providing data to law enforcement. I’m not saying whether that’s good or bad, but that is the chronology of what happened. In this case, it was these sketchy encrypted phone companies who work for organized crime, but it could easily be a Telegram or a Signal next.

Then the third option, and the one which I probably lean towards, is targeted hacking. You get a warrant or a narrow legal order to collect a narrow piece of information about a specific user, from a specific device.

If those are the three options, that seems like the worst out of all of them. I think some people in cybersecurity, InfoSec, or privacy will just tell the cops: “Well, police harder.” When they do that, the consequence is ANOM.

I don’t think the status quo is sustainable, and we need to, collectively, at least discuss what we’re going to do. Otherwise, the FBI and partners are going to launch these massive operations.

MF: Where can folks go to learn more about you, the 404 Media Podcast, or to buy the book?

JC: If you enjoy listening to my rambling and you want to hear more from my co-founders of 404 Media, you can search for the 404 Media podcast. It’s everywhere you might expect. We talk about three stories that we published that week. They’re always original reporting. We don’t talk about other people’s stories, so you literally cannot get what we talk about anywhere else.

For the articles themselves, go to 404media.co.

For the book, just search for Dark Wire. It’s on Amazon and wherever books are sold. And I really, really hope more people get to read the story because I do genuinely think it’s an important case study for InfoSec. I’m not just saying that. I think this is a real chance for us to have a new debate about privacy, cybersecurity, encryption, and all of that.

Jenn Marshall

Contributing Writer