FBI Targets Encrypted Platforms Used by Criminal Groups

Global partners announce results of innovative Operation Trojan Shield

Criminal organizations that rely on hardened, stripped-down devices to send encrypted messages may learn this week they have been using a platform operated by the very investigators they are trying to thwart.

In an innovative effort, the FBI, with the help of the Australian Federal Police, launched its own encrypted communications platform and supplied more than 12,000 devices to hundreds of criminal organizations that operate around the globe.

The FBI, along with the Drug Enforcement Administration, Australian Federal Police, Europol, and law enforcement partners in more than a dozen countries, are announcing the results of that covert effort, known as Operation Trojan Shield. In recent days and weeks, authorities have carried out hundreds of arrests in Australia and across Europe as a result of intelligence gathered during the operation. Law enforcement has also been able to mitigate direct threat-to-life situations.

The FBI’s San Diego Field Office was the hub for the more than 100 agents and analysts and 80 linguists who were pooled together for the operation that began with the takedown of the encrypted phone provider Phantom Secure. In 2018, the FBI and the U.S. Attorney’s Office for the Southern District of California pursued charges against the company’s executives for facilitating the transnational importation and distribution of narcotics by providing encrypted devices to criminals.


‘Together, We Can Get the Job Done’

Jannine Van den Berg, chief, Central Unit, Netherlands Police: “We will continue unabated to track down and dismantle criminal organizations—both nationally and internationally. Working together, we can get the job done.”
Andrew Coster, commissioner of New Zealand Police: “The operation has been a tremendous success, and it underscores the importance of our relationships to disrupt organized crime, which this operation has achieved in a significant way.”
Reece Kershaw, commissioner, Australian Federal Police: “The AFP and FBI have been working together on a world-first operation to bring to justice the organized crime gangs harming our communities with drugs, guns, and violence.”
Linda H. Staaf, head of intelligence, Swedish Police: “Thanks to valuable intelligence that the FBI has shared with us, we have been able to arrest a significant number of leading actors within the violent crime and drug networks in Sweden.”

While the charges shuttered a key device provider, FBI San Diego Assistant Special Agent in Charge Jamie Arnold said they watched the organizations quickly regroup: “When we took down Phantom Secure in 2018, we found the criminal organizations moved quickly to back-up options with other encrypted platforms.” After Phantom Secure, investigators came up with a solution that would do more than cause the organized crime groups to shift to different platforms, such as Sky Global and EncroChat.

“Encrypted devices have been and continue to be a safe haven for criminal organizations, in particular the leadership of these organizations—providing them a platform for their communications that we have not had access to,” said Arnold. “For the agents on the investigative team and our federal and international partners, this was a creative and innovative way for us to get behind that firewall and see what was happening among the leadership of these criminal organizations.”

These devices are typically purchased through word-of-mouth referral networks and offer robust data encryption tools. They can also be wiped clean remotely if they fall into the hands of law enforcement. Every feature of the devices, which sell for between $1,200 and $2,000, is designed for maximum secrecy and to avoid court-authorized access needed by law enforcement. The devices deployed in Trojan Shield, however, generated a carbon copy of each message for the FBI to assess and analyze.

When appropriate and authorized, the FBI sent information to partner agencies. As a result, law enforcement entities around the globe were able to seize thousands of kilograms of narcotics and millions of dollars in proceeds from criminal activity.

U.S. federal prosecutors may bring charges against additional providers of these platforms, and FBI San Diego said that the operation will have far reaching, long-term transnational effects on these organizations and their ability to communicate and coordinate their criminal activities.

Arnold said the erosion of trust in these networks was a primary goal, along with gathering invaluable investigative information. “Criminal groups using encrypted communications to thwart law enforcement should no longer feel safe in that space,” Arnold said. “We hope criminals worldwide will fear that the FBI or another law enforcement organization may, in fact, be running their platform.” He went on to stress that the FBI and its partners will continue to dismantle transnational organized criminal organizations, wherever they are and however they choose to communicate.



Operation Trojan Shield - Domain seized

Users who had adopted the platform deployed by law enforcement received this notification that their messages had been monitored.