[HN Gopher] Australian Federal Police and FBI nab underworld fig...
___________________________________________________________________
Australian Federal Police and FBI nab underworld figures using
encrypted app
Author : ferros
Score : 400 points
Date : 2021-06-08 03:56 UTC (19 hours ago)
(HTM) web link (www.abc.net.au)
(TXT) w3m dump (www.abc.net.au)
| turbinerneiter wrote:
| I'm happy they are catching criminals, but now I wonder how many
| of my encryption and privacy software is actually an FBI front.
| upofadown wrote:
| That is why effective end to end encryption is so important. It
| doesn't matter who is behind it. That is the whole point. No
| trust required.
| brainwad wrote:
| The app can just leak your keys to a central database? Using
| code other people wrote/compiled always requires trust.
| upofadown wrote:
| The three requirements for effective end to end encryption:
|
| 1. All cryptographic keys controlled by the users.
|
| 2. Some way to confirm you are actually connected to who
| you think you are connected to.
|
| 3. A way to confirm that the code you are running is not
| leaking keys/content.
| tantalor wrote:
| Could the OS lock down the app's permissions to prevent
| that?
|
| Like, this app can ONLY send/recv e2e encrypted messages,
| and not log anything or talk to other apps.
| brainwad wrote:
| The app could still send your keys _as_ an e2e message
| (to the app author). OS enforcement would need to be
| pretty intrusive to stop this (e.g. a pop-up for every
| message sent, displaying the actual destination of the
| message). I bet users would get pretty blind to such pop-
| ups, and it would be easy to trick them into accepting
| the leaking of their private keys.
| tantalor wrote:
| Yeah good point, for that matter you need to trust the
| app isn't cc'ing the FBI on every message you send.
| Santosh83 wrote:
| The lesson here is complete trust in modern computing platforms
| is misplaced and impossible. Your hardware has backdoors, so does
| your OS, and encryption clients. In addition, popular apps,
| especially in the US, can always be commandeered by 3-letter
| agencies.
|
| You're only anonymous as long as you're not actively targetted,
| despite using "secure" apps and stuff like Tor, which media makes
| it seem are unbreakable.
| cylde_frog wrote:
| Not quite. They were using an app developed by the police as a
| honeypot. Someone else had even discovered this and blogged
| about it[0]. If they had used email and PGP they likely
| wouldn't have been caught in this way. 3-letter agencies are
| not going to use their trump card of backdoored OS or hardware
| to catch drug runners.
|
| [0]https://webcache.googleusercontent.com/search?q=cache:PwQXt6
| ...
| CTDOCodebases wrote:
| True.. however the three letter agencies are going to pass
| along any relevant information that they stumble across while
| filtering for money laundering in relation to terrorism.
|
| [0] https://en.wikipedia.org/wiki/Parallel_construction?wprov
| =sf...
| vkou wrote:
| If they used email and PGP, they wouldn't have been caught
| this way...
|
| That is because the usability of PGP is so bad, they wouldn't
| have any time to actually _operate_ their criminal
| enterprise.
|
| Also - email, PGP or not, leaks metadata, and the police will
| happily end your whole criminal career based on metadata.
| Zenst wrote:
| >The lesson here is complete trust in modern computing
| platforms is misplaced and impossible
|
| For me the lesson here is the same old lesson - Your security
| is only as good as the humans that interact with it.
| nexuist wrote:
| > Your hardware has backdoors, so does your OS, and encryption
| clients
|
| None of these were exploited to retrieve this data, and the
| third party app that was installed was not intended to encrypt
| conversations given that it was a honeypot.
|
| > popular apps
|
| This was a small app unknown by anyone outside of criminal
| orgs. It had no "legitimate" non-criminal users.
|
| > especially in the US
|
| The app was deployed in Australia.
|
| > can always be commandeered
|
| Why distribute a random app when they could have gotten the
| criminals to use Signal or Telegram and bust them there?
|
| > as long as you're not actively targeted
|
| How long did it take to find Bin Laden?
|
| > despite using "secure" apps
|
| This was not a secure app and any audit would have revealed
| this (audits such as the ones that Signal and friends have
| undergone).
|
| > and stuff like Tor,
|
| Tor was not involved.
|
| > media makes it seem are unbreakable.
|
| None of the apps hyped as "unbreakable" were broken here,
| so...point still stands, I guess?
|
| Honestly, if anything, the recommended approach from this
| incident would be to _use the walled garden_ - an FBI-backed
| honeypot would have a lot harder time getting from the App
| /Play Store onto a user's phone if it was obviously a scam to
| collect user conversations, asked for a bunch of permissions,
| had no reviews, and no apparent update history. Who would
| download some random chat app that nobody uses?
| lmm wrote:
| Agree with most of what you said but:
|
| > > especially in the US
|
| > The app was deployed in Australia.
|
| Australia has an even worse equivalent of US National
| Security Letters, allowing individual workers to be compelled
| to plant backdoors etc..
| ungamedplayer wrote:
| Not without notice of the company, and not for wide spreaed
| distribution, ie targeted enforcement.
| lmm wrote:
| > Not without notice of the company
|
| Oh? The reports I read were that they could compel an
| individual to do something and not tell their employer.
| ajdlinux wrote:
| The reports you read were likely based on commentary from
| techies who have no understanding about law, plus a
| handful of lawyers involved with digital rights
| organisations that have an incentive to play up the
| significance of the legislation a bit / talk about worst-
| case scenarios, worst possible interpretations of a
| dangerous law and the broadest possible interpretation of
| who constitutes a "designated communications provider".
| The government has stated that's not how they interpret
| the legislation, as the service provider will be the
| employer not the employee, and I don't think government
| lawyers are in the habit of arguing that the government
| _doesn't_ have power to do something.
|
| I'm as suspicious about the Assistance and Access Bill as
| anyone, but the "telling an employee to implement a
| backdoor without telling their employer" is really a red
| herring and I don't know why the Australian tech
| community was so keen to go along with that.
| Marsymars wrote:
| > I don't think government lawyers are in the habit of
| arguing that the government _doesn't_ have power to do
| something.
|
| Eh, from where I'm sitting, that's a pretty common tactic
| to pacify opposition to legislation that grants the
| government too much power.
| the-dude wrote:
| Why would such a law target an employee, when as you
| claim, it targets the employer indirectly too?
|
| Why not leave it at the employer? _Just because_ won 't
| cut it.
| tgragnato wrote:
| > How long did it take to find Bin Laden?
|
| Bin Laden used couriers in place of digital communications.
| And the trail that led to him began with his most trusted
| courier.
|
| Allegedly, al-Kuwayti was uncovered, some of his
| communications were intercepted, and then he was followed up
| to Bin Laden's refuge.
|
| > Who would download some random chat app that nobody uses?
|
| The only thing that slowed the capture was using a courier
| network. Are you a criminal? Do not use a phone.
|
| Seriously, criminals should know better, whether they are
| petty drug dealers or major terrorists.
|
| Misplaced faith in cryptography is the gift that keeps on
| giving.
|
| ... https://en.wikipedia.org/wiki/Crypto_AG
| cylde_frog wrote:
| From what I understand they targeted a high ranking member of the
| gang and he promoted the app, which was developed by the police
| to others. Since a high level member endorsed it, it become
| widely used.
| postingawayonhn wrote:
| You're broadly correct though they are saying this app ended up
| being used by criminal organisations all over the world.
| Arrests took place across 18 countries including NZ, Australia,
| the UK, Germany, and the US.
| AlexCoventry wrote:
| I'm curious how this works constitutionally, in the US.
| Presumably the FBI did not have warrants for all the
| conversations they were listening in on, so it at least
| superficially seems like a fourth amendment violation.
| LeFever wrote:
| They're claiming not to have analyzed comms in the US:
|
| > "This data comprises the encrypted messages of all of the
| users of Anoms with a few exceptions (e.g., the messages of
| approximately 15 Anom users in the U.S. sent to any other Anom
| device are not reviewed by the FBI)," the document reads.
|
| From From https://www.vice.com/en/article/akgkwj/operation-
| trojan-shie...
| AlexCoventry wrote:
| Thanks.
| emc3 wrote:
| Depends where they are prosecuted. In the US, we'll use the
| EU's copy of the data, vice versa (wish this was \s)
| michaelmrose wrote:
| Does anyone find it funny that each criminal group could have
| been better off relying on a "kid who knows computers" level of
| expertise and bog standard devices running open source software
| which at least wouldn't be trivially systematically turned
| against them all at once quite so easily.
| JumpCrisscross wrote:
| > _anyone find it funny that each criminal group could have
| been better off relying on a "kid who knows computers" level of
| expertise and bog standard devices running open source software
| which at least wouldn't be trivially systematically turned
| against them all at once quite so easily_
|
| Tradeoffs. Traditional tradecraft would inhibit such discovery
| methods. But it's slow and expensive. Your competitors would
| outmaneuver you in the short term.
|
| To enable the "kid who knows computers," you also need to train
| your people in opsec and digital sanitation. That might
| similarly be expensive and growth inhibiting enough to invite
| more daring competition.
| simondotau wrote:
| Nothing wrong with inhibiting growth in return for long term
| stability. Does it matter if your competition is more daring
| --if they aren't going to last very long? If anything, they
| might serve as a useful distraction.
| gonzo41 wrote:
| Your thinking like a lifestyle business criminal enterprise
| when you should be thinking like a hungry startup. If you
| go slow and steady someone will try and eat your lunch. Big
| criminal enterprises have all the same scaling issues that
| regular companies do.
| hervature wrote:
| Yes, we are seeing precisely this in action. The short term
| guided organization has gone down and the long term stable
| strategy remains uncaught and now has one less competitor.
| JumpCrisscross wrote:
| > _Nothing wrong with inhibiting growth in return for long
| term stability_
|
| For long-term plans to pay off, they must survive a series
| of short terms. Criminal gangs and dictators don't ignore
| the long term because they're stupid. They ignore them
| because they must. A drug gang practicing classical
| tradecraft would be decimated by one coordinating
| electronically. The latter will be caught faster. But a
| series of short-term motivated actors is the equilibrium
| state of illicit and physical trading systems.
| simondotau wrote:
| I can't help but imagine that what you're describing are
| the criminal gangs we know about; the ones which are well
| documented. If there are criminal gangs which we don't
| know about, that aren't well documented, perhaps they're
| better at maintaining long term stability.
| [deleted]
| dolmen wrote:
| Criminal gangs that authorities don't know about are the
| ones that don't do significant activities.
|
| Any criminal activities needs customers and so
| communicate about its activities.
| 542354234235 wrote:
| To add, we are just looking at one of a thousand aspects of
| tradecraft. They aren't just dealing with this. They are
| dealing with moving goods, moving goods across borders, in
| person meetings, transferring money, recruiting new members,
| avoiding physical police bugs, avoiding police tails,
| securing good and money against other criminals, and on and
| on and on. Each one of those things has a learning curve and
| takes time, energy, and money.
|
| Of course after a bust, you could go back and say "well
| obviously they should have done this differently and doubled
| their security here" but they can't double their security
| everywhere and they can't know every single possible way that
| every single aspect of everything could become compromised.
| jay_kyburz wrote:
| This whole things makes me wonder why the criminals don't
| just put their communications in an envelope and wack a 50c
| stamp on it.
| na85 wrote:
| "Kids who know computers" are still vulnerable to evil maid
| attacks and badUSB and stuff. The kid's gotta sleep and eat and
| do whatever else kids do when they're employed by cartels.
|
| There's a reason that classified processing and data storage
| employs layered physical security too. There's that old saying
| about what happens when you give someone physical access to the
| machine.
| XorNot wrote:
| Still, the damage is purely local and limited and much more
| likely to be detected. Human intelligence operations are
| among the most risky and expensive.
| cylde_frog wrote:
| I wonder about this too. What sort of people do international
| criminal organisations hire to manage their info-sec? A
| criminal that became a computer expert or a computer expert
| that became a criminal?
| bryanrasmussen wrote:
| Codefellas https://www.wired.com/2003/12/mafia/
| cheschire wrote:
| Kids born after that article are nearly finished with high
| school. I'm pretty sure the dynamic has changed a little
| since then. Interesting to at least see how it used to be
| though.
| imhoguy wrote:
| Nice! Is there some follow up story after years?
| worik wrote:
| "Organised crime" is a bit of a oxymoron.
|
| These people are organised in that they make deals with each
| other in friend networks. But the people involved are not the
| sharpest knives in the draw. They get their positions via
| violence and intimidation more than cunning and planning.
|
| There are cleaver crooks, but we do not often hear from them.
| A lot of them work at Wall Street, which contains the biggest
| and most profitable criminal gangs
| sumedh wrote:
| I would imagine its more of a computer expert who then
| becomes a criminal because of the money.
| 9wzYQbTYsAIc wrote:
| From 2003, an inside look at the mafia IT:
| https://www.wired.com/2003/12/mafia/
| Gibbon1 wrote:
| You hire people you can burn is what you do.
|
| Shipping coordinators got busted? How sad.
|
| Over my life Ive met people who while they seem competent and
| can tie their shoe laces appear to make bad decisions because
| they have trouble with judging likely outcomes. Those are the
| people getting hired to do this sort of work.
| cdogl wrote:
| I suspect that people don't fall into such neat categories.
| You could pose a similar question re: lawyers whose bread and
| butter is protecting and representing people associated with
| organised crime (the kind of individuals represented by Maury
| from The Wire or Neil Mink from The Sopranos). Are they
| lawyers who developed a slippery version of ethics &
| morality, or people with loose ethical standards who entered
| law?
|
| I'd bet good money that the truth is usually quite banal:
| these individuals make a series of small and highly
| contingent decisions over time that gradually push them in
| the direction of criminality or culpability, reinforced over
| time by social & financial reward for doing so.
| liquidify wrote:
| What? Representing criminals is not unethical or 'immoral'.
| Period. Protecting criminals legally is not unethical
| unless you are knowingly doing something illegal yourself.
|
| I imagine that most layers are just doing their job and
| getting paid for it. Bringing morality into that equation
| makes no sense in a legal system that has little to nothing
| to do with morality.
| fshbbdssbbgdd wrote:
| Representing criminals is fine, but aiding them in
| committing future crimes isn't. If you do that, you're
| just part of a criminal conspiracy, and being a lawyer
| doesn't give you an exception from moral culpability.
| xwolfi wrote:
| Doing their taxes okay, but representing them in court
| with the goal to free them is the purpose of the justice
| system...
| remus wrote:
| I think the GP meant 'aiding them in commiting future
| crimes' in the literal sense (e.g. helping launder money,
| abusing attorney privilege etc.) rather than implying
| that by defending them in court the lawyer would then be
| culpable.
| spoonjim wrote:
| You don't get to declare what is unethical by adding the
| sentence "Period." after your claim. Ethics is a matter
| of opinion; I believe that knowingly aiding violent
| criminals is wrong; if you feel otherwise, that's just
| like, your, opinion, man.
| worik wrote:
| Lawyers have a code of ethics. Written down and codified.
| Not a matter of opinion.
|
| You are thinking of morals. That is a matter of opinion
| MakersF wrote:
| They aren't criminal until the court system declares them
| criminal. The lawyer is defending them before they are
| declared criminals. That is what "presumption of
| innocence" means. Everyone has the right to be
| represented in court, even people that later on will be
| convicted. Otherwise we can just go back to use
| pitchforks and similar (and actually it's happening on
| social media, and it's not looking good)
| WalterBright wrote:
| Everyone is entitled (in the US) to due process and a
| lawyer to defend them. There is nothing unethical or
| immoral about it. It's a fundamental _right_.
| yawaworht1978 wrote:
| It is a thin line, most of these groups are in contact
| with lawyer teams before they start the operations and
| the lawyers are in the know. These groups do risk
| assessment before going ahead.
| ta135135135 wrote:
| Which is good and fair. I think the example was Tony
| Soprano though and the (imaginary) lawyer in question
| knew full well the kind of shennanigans he was up to,
| these lawyers know they're defending murderers and people
| that ruin lives.
| rhaps0dy wrote:
| But that's the point of lawyers. When they defend a
| guilty party, most of the time they know that the party
| is indeed guilty. They need to, to prepare a good
| defence.
| spoonjim wrote:
| Again, ethics are a matter of opinion, laws are a matter
| of fact. Yes, in the US you have the legal right to an
| attorney. Whether that attorney is behaving ethically
| depends on the attorney's behavior and the person making
| the judgment on the ethics. You and I don't have to have
| the same opinion on what's ethical. We can each advocate
| for our own ideas of ethics to be codified into policy.
| 9wzYQbTYsAIc wrote:
| I'd highly recommend that you study formal ethics. Ethics
| is not built on a platform of opinions.
|
| Unless you are the sort of person that claims that
| reality is just an opinion, too, in which case you should
| also study formal philosophy.
| WalterBright wrote:
| What happens when you are accused of a heinous crime, the
| evidence points at you, and yet you are innocent?
|
| I bet you change your mind about the ethics of having a
| lawyer represent you.
| fvold wrote:
| Lawyers, even in the United States, are bound by rules of
| conduct, and will stop being lawyers very quickly if the
| overstep the rules of ethical conduct.
|
| The standards of ethics they are checked against are not
| yours or mine, they are the rules they agreed to. To
| pretend like ethics aren't a thing for lawyers is
| surprisingly uninformed for HN.
| 9wzYQbTYsAIc wrote:
| Rhetorically, yes he/she/they do get to do that.
|
| Ethics is a matter of philosophy, which has a bit more
| going for it than just being composed of raw, uneducated
| opinion.
| michaelmrose wrote:
| Your life as a human being can't have little to do with
| morality unless you are a sociopath. On the one hand we
| need someone to provide all accused with adequate
| representation to ensure we don't wrongly convict
| innocent men however at the mob boss level we are
| virtually always talking about trying to protect horrible
| people everyone knows are guilty from punishment.
|
| A system that didn't need to hold a trial or give the mob
| boss a lawyer would be irredeemably immoral but one in
| which they go free is a shittier world. I don't envy
| anyone trying to remain moral while walking that line. I
| don't see how anyone who specialized in such clients
| could live with themselves.
| [deleted]
| scintill76 wrote:
| I haven't seen all of The Wire, but as to the character
| cited as an example, Wikipedia says, "[Maury] is corrupt
| and unscrupulous, willing to aid his clients in
| furtherance of their criminal activity." So he crosses
| your line, and I think that's what the GP post meant.
| devilbunny wrote:
| Or, as the line from Breaking Bad went - you don't need a
| criminal _lawyer_. You need a _criminal_ lawyer.
| flukus wrote:
| Well the criminal organizations can offer a whole range of
| addictive non-monetary incentives that a computer expert may
| desire, so I'd guess that's the main path in.
|
| There's more unemployed tech people out there than many here
| realize though. People that don't present well in interviews,
| people that didn't stay employ-ably current in tech, hardware
| guys replaced by the cloud, people in less hot locations for
| tech, etc. Criminal organizations are much less picky and
| judgmental than your average tech startup and in some cases
| may be the only one's willing to give them a chance.
| adolph wrote:
| > People that don't present well in interviews
|
| Those are the worst. There was this one candidate who gave
| all the interviewers mousepads with his picture and aol
| email address on it. Who even wants that kind of stuff? The
| best ones give some candy, like there was someone who gave
| us gum with a custom printed wrapper "Hope I 'stick' in
| your mind!"
| srmarm wrote:
| Never mind people who struggle to get a job in IT because
| of a previous criminal record. Those people may also have
| been in prison and made connections while inside.
| Nextgrid wrote:
| In some countries, getting into tech is impossible if
| you're not lucky to have the right credentials. In France
| for example, any even remotely technical job will require
| years of higher education and experience (yes there's an
| obvious catch-22 here). You can have perfectly serviceable
| skills that would put you at a junior/mid developer or
| sysadmin level and be completely unemployable - at this
| point crime doesn't sound _that_ bad if you have no other
| alternative despite otherwise having no propensity
| /attraction to participate in criminal activities.
|
| For what it's worth, I would _still_ be completely
| unemployable in France despite having 7 years of successful
| commercial experience under my belt in some well-known
| companies. Thankfully I played my cards right and managed
| to move to a saner country where tech is still more or less
| a meritocracy.
| csunbird wrote:
| Tbh, illegality aside, creating a very highly secure
| system like this from scratch as an one or two person
| project sounds very exciting and fun.
| stef25 wrote:
| Protip to the cartels - pay top dollar to some world class
| engineers to setup a dark web market and you'll make buckets.
|
| Most if not all markets until now have been run by geeks with
| limited knowledge and skills, wading in to the criminal
| underworld and inevitably making rookie mistakes.
|
| Both Ross and the guy in Bangkok had their personal emails tied
| to the markets. Some kids running a big market from Germany
| connected to the server on their mom's wifi. The list goes on.
| adriancr wrote:
| Setting up a dark web market is something most people would
| want to get anywhere close to...
|
| Imagine being responsible for facilitating murder-for-hire,
| sex trafficking and so on...
| Chris2048 wrote:
| I'm sure there are plenty of people who wouldn't care.
| Anyone who buys diamonds has blood on their hands too.
| michaelmrose wrote:
| I think there is a material difference between buying a
| diamond and directly facilitating the activities of the
| drug cartels. In theory everyone buys things that are
| made by people in shitty conditions because there isn't
| much direct visibility on the front end as to what kind
| of nastiness happened elsewhere in the supply chain.
|
| If you want that to change you have to make it illegal to
| do business with such folks not hope consumers fix it for
| you via the magic of the market.
| Chris2048 wrote:
| It's unclear to me those shitty conditions (e.g. those of
| iphone manufacture) are net harmful to the poverty-
| stricken areas they affect - but I'm not sure that's not
| true of diamonds.
|
| I think it's also more jarring that diamonds are
| otherwise useless symbols of status. At least iphones
| trickle down in some way (e.g. allowing the proliferation
| of older gen smartphones even in poor countries).
| saba2008 wrote:
| Imagine having employer, who has no qualms about killing
| people and for whom you are a loose end.
|
| You need to be either professional criminal (skill set
| completely orthogonal to IT, so chance of somebody
| possessing both at professional level is miniscule), or a
| moron.
| ldiracdelta wrote:
| We don't know how Ross and other dark web folks were caught,
| despite all the official stories. We know what the FBI
| _tells_ us was the security issue. However, the Snowden doc's
| reveal that they are instructed to construct other legitimate
| stories for how to implicate a criminal after the have
| compromised him in order to not reveal their tactics. The
| exact term they used in the docs escapes my memory, but we
| only know that Ross _was_ captured, but we have no clue how.
| Perhaps he had perfect op-sec, but the real security issue
| was a raft of 0-day attacks and then they signed up something
| in his name, later legally gagging him. We really have no
| clue.
| stef25 wrote:
| Ross did post on shroomery and stackoverflow with
| identifiable information ... In the case of the former it
| was clearly linked to the site. And those posts are still
| up.
|
| The guy in Bangkok had his personal email in reply-to
| headers of the the "welcome" emails being sent out. If that
| wasn't true, everyone who received the mail could have
| proven that.
|
| Parallel reconstruction may have been a occurred, it's true
| we won't know.
| poooogles wrote:
| >The exact term they used in the docs escapes my memory
|
| Parallel reconstruction is the phrase you're after.
| [deleted]
| girvo wrote:
| For what it's worth: some do. Signal (and Wickr) are used
| extensively.
| mardifoufs wrote:
| Yep, and for some reason wickr is Imo even more popular than
| signal in those circles. It's curious since I've basically
| never heard of wickr here or in any cybersec community &
| signal seems to be the daily messaging app for tons of
| people. I guess it's something to do with the phone
| verification required by Signal... and I'd guess both apps
| are pretty similar when it comes to security?
| vbezhenar wrote:
| I've heard that in Russia and Kazakhstan drug dealers use
| Telegram. It just might be a local fashion, when few people
| started using it and spread it around. I don't think that
| it's difficult to find phone number tied to unrelated
| person. Just ask some homeless guy to buy one.
| wruza wrote:
| Western naivety. Unbound / fake data SIM cards are sold
| in boxes by carrier's employees.
| jeltz wrote:
| You can still buy SIM cards in Sweden in stores without
| presenting an ID.
| RyJones wrote:
| Iceland as well.
| Mediterraneo10 wrote:
| Even in countries where you can still buy a SIM card
| without ID, once you use your bank card to buy more
| credit for the SIM (and in Sweden you always will,
| because cash is basically dead there), it is trivial for
| the authorities to link the phone number to your real
| identity.
| worik wrote:
| People do. Lots of people.
|
| These ones, who were busted, are greedy violent thugs. They do
| not know who to trust because they are untrustworthy.
|
| Good riddance to bad rubbish.
| 31tor wrote:
| So the big question is if would have been better to strike fast,
| silently gain more intel och strike in some kind of statistical
| analysis maner to not blow their cover a la Alan Turing and the
| enigma
| marlor wrote:
| It's been running for three years. I suspect something changed
| recently (perhaps some imminent threat) that meant they needed
| to act now.
| goatsi wrote:
| One of the warrants they were using to legally collect the
| information ran out today.
| PinkPigeon wrote:
| Random nitpick, but I think it's a la. Do correct me if I'm
| wrong though.
| ternaryoperator wrote:
| it is indeed a grave accent, just as you say
| [deleted]
| yawaworht1978 wrote:
| Well, in hindsight, this is not a big question any more, they
| are all in jail now and will drag most of the supply and micro
| distribution chain with them. More careful actors are still out
| there and conducting business as usual. I have read a book on
| one of the main Italian groups, they have very efficient micro
| storage procedures to avoid big losses and at least the higher
| ups will not use phones or computers, they will meet in person.
| They have or used to have rules of conduct which are very
| strict, like, stay home with family and don't be seen in bars
| etc. The opposite of the green horns flaunting the cars and
| watches, or the Turkish guys wife documenting their lifestyle
| on Instagram up until yesterday. Sure, mass arrests happen in
| Italy as well, and some other countries the whole network works
| different. But using phones is too dangerous and it is
| avoidable to run efficient logistics. Not only for
| traceability, but a compromised or confiscated phone will have
| a lot of let's say problematic evidence on it. Even the Mexican
| and Colombian groups operate from remote areas, even if
| affiliated with some parts of governments. I think the usage of
| digital devices is just lazyness, another attribute like the
| flaunting of the illicit gains.
| grouphugs wrote:
| it's weird that the nazis have distributed almost as much heroin
| as they've taken in. the united states flooded afghanistan with
| heroin in the 70's and 80's, so much that it's still such a large
| regional issue. but why was the united states never prosecuted?
| hell, for fucking 50 years people called it a conspiracy
| Tabular-Iceberg wrote:
| This seems to be just a messaging app, but is there a market for
| more full-featured ERP, CRM and project management software for
| criminal enterprises?
|
| I'm sure they would benefit from those just the same way
| legitimate enterprises do. The only difference is that they do
| more illegal stuff and use more violence, but the fundamental
| business dynamics should be the same.
| i386 wrote:
| What the fuck is wrong with you.
| neither_color wrote:
| I think this comment is unnecessarily hostile. OP is not
| offering to build services; he's just asking. It's a valid
| question. Did you know ISIS had what amounts to an "HR
| department" ?
|
| https://en.zamanalwsl.net/news/article/23994/
| i386 wrote:
| Oh boohoo. Calling out a completely immoral business idea
| isn't hostile. It's moral.
| Synaesthesia wrote:
| Maybe some IBM consultants can help them sort out their tech
| business strategy.
| arthur_sav wrote:
| Trello?
|
| The only aspect that would stand out to use a "criminal
| specific" CRM would be hosting & security.
| caf wrote:
| I'm sure the FBI is keen to come up with a suitable product
| offering.
| asimpletune wrote:
| This is how police should get around the problems presented with
| encryption. This is real policing.
|
| The PR barrage and faux posturing by the FBI to weaken encryption
| has always seemed like just lazy policing to me.
|
| If anything, the hacking attacks on industrial centers has better
| illustrated than anything why encryption is necessary, and this
| new triumph has demonstrated that police _can_ continue to
| function, even thrive in a world that permits encryption.
| sorbits wrote:
| _> This is how police should get around the problems presented
| with encryption._
|
| By adding a backdoor to E2E encryption? That is pretty much
| what they have been asking for :)
|
| Amazing that criminals still pick some unknown device over an
| existing solution with a proven track record.
|
| This is not the first time something like this has happened:
|
| - https://en.wikipedia.org/wiki/EncroChat
|
| - https://en.wikipedia.org/wiki/Sky_Global
| asimpletune wrote:
| tl;dr hacking is allowed, abusing gov't authority to compel
| is cheating.
|
| I don't think it's really the same as "what they were asking
| for" at all.
|
| a.) they didn't compel a company to _secretly_ do it for them
|
| b.) the back door is targeted, I.e. not mass surveillance
|
| As far as I understand, they did the work themselves
| (modified android OS), and their methods were targeted. A
| "bad guy" could only get this special, hacked phone, from
| other "bad guys". This wasn't the same thing as, sending a
| mole to get work at Cisco and install an undetectable zero-
| day in all communication infrastructure switches world-wide.
| And it's definitely a far cry from forcing apple to make a
| modified iOS on their behalf.
|
| No, they pretty much did what hackers do, and as far as I'm
| concerned, that's fair game.
| junon wrote:
| Agreed entirely. This sort of thing is how it should be done,
| and clearly quite effective to boot. Hopefully this sends a
| loud message.
| mdeck_ wrote:
| Further details on the background/history of the operation here:
| https://www.nytimes.com/2021/06/08/world/australia/operation...
| femto wrote:
| The Australian Broadcasting Corporation is covering it in more
| detail than the Reuters article, including some of the mechanics
| of how it was pulled off:
|
| https://www.abc.net.au/news/2021-06-08/fbi-afp-underworld-cr...
|
| Apparently it revolved around duping Hakan Ayik, one of
| Australia's most wanted drug dealers now operating as an
| international kingpin from Turkey, to trust the app and recommend
| it to his associates. It's a double whammy, in that the network
| has been blown wide open and the AFP is now telling Ayik to hand
| himself in to avoid recriminations from his associates. No doubt
| there will be a movie about this one.
| Zenst wrote:
| You have to respect this type of policing approach, the ironey
| is just delicious when you consider: 1) They socialy engineered
| their target just like scammers would 2) They got the target to
| install and trust some 3rd party app they supplied 3) Then the
| victim pyramid pushed the scam app onto others.
|
| We often read (1) and (2) all the time with various scams from
| call centres, now the law has used that approach against a
| criminal and taken it too another level.
|
| I have a lot of respect for this approach against such
| criminals on many levels.
|
| But one take away from all this - IT security is often limited
| by humans and this highlights that perfectly. Just nice too
| read about criminals falling foul to the law who have taken one
| of their play-books and used it against them. Sure makes a
| change from reading about some old person loosing all their
| savings as somebody convinced them to install some random app
| just because they said they was from the bank/Microsoft etc.
| [deleted]
| foobar1962 wrote:
| > They got the target to install and trust some 3rd party app
|
| I just heard on the radio (I'm an Aussie) that it's not a
| phone app, it's some kind if dedicated device that doesn't do
| sms, mail or voice, only encrypted messages (that the law
| enforcement had the keys to).
| duxup wrote:
| > it's some kind if dedicated device that doesn't do sms,
| mail or voice, only encrypted messages (that the law
| enforcement had the keys to).
|
| I gotta be honest, I would find the idea there kind of
| appealing ...
| Zenst wrote:
| Oh that's even more delicious - it's like a modern version
| of
| https://en.wikipedia.org/wiki/The_Emperor%27s_New_Clothes
| story or the drug dealers new phone in this instance - That
| the dealer was sold on the aspect that it would be
| invisible to the law. It just get's better and better.
| worik wrote:
| It was much more than drug dealers.
|
| Generally drug dealers are servants of their community,
| providing goods and services to people in a collegial
| manner.
|
| These were viscous, murderous, gangsters. Their greed and
| hubris bought them down as much as cleaver policing.
| Which is not to minimise the cleverness of the coppers,
| very cleaver, very smart. Get these parasites out of our
| communities.
| ComodoHacker wrote:
| Aka customized (and backdoored) Android firmware.
| 1cvmask wrote:
| Many times it comes out much much later that the kingpins were
| in on it. The spy world equivalent of the double agent.
| m3kw9 wrote:
| Can they actually just pin that on him just to get him? They
| need a scape goat and may as well
| WJW wrote:
| Not to say that they might not "may as well", but why exactly
| would the police need a scapegoat for arresting criminals?
| FatalLogic wrote:
| >the AFP is now telling Ayik to hand himself in to avoid
| recriminations from his associates
|
| The Australian Federal Police premise that he would be safer
| from reprisals in prison is an extremely shaky one [1]
|
| Although if they can cut him off from all funds, it might
| become true.
|
| [1] edit:
| https://www.aic.gov.au/sites/default/files/2020-05/tandi103....
| - "homicide rate ... is up to 7 times higher [than outside]"
| cromka wrote:
| > "homicide rate ... is up to 7 times higher [than outside]"
|
| This is based on assumption that a regular "free" person has
| not made thousands of criminals at the same time.
| skhr0680 wrote:
| Prison sure kept Carl Williams safe. Safe from dying of old
| age!
| Clewza313 wrote:
| That study computes that you're 7x more likely to get
| murdered in prison than in the "comparable non-prison
| community", but "comparable" here seems to be only for
| age/gender.
|
| I imagine the homicide rate is a wee bit higher than average
| for drug kingpins, particularly those seen to have ratted out
| 100+ people, even unintentionally.
| duxup wrote:
| Yeah this guy presumably had a wide ranging network of
| people who he knows, who haven't been caught, but may be
| exposed ... by him. This dude now poses a risk to a lot of
| very worried people right now and presumably the people he
| relies on are running for cover / maybe less likely to
| protect him.
| gonzo41 wrote:
| He would be going to Golbourn Gaol, very very high security.
| stef25 wrote:
| So they got to this most wanted man and instead of arresting
| him they fed him an app to help catch all his buddies while at
| the same time put a target on his back? Pretty daring move.
| yawaworht1978 wrote:
| I don't think that was the story.he fled to Cyprus and
| escaped prison there. Someone somehow got him to believe the
| app is safe, he took kickbacks for the distribution, even. My
| main question is, how is this man living free in Turkey
| despite there being an interpol warrant?
| csunbird wrote:
| If he is living in the Turkish Republic of Northern Cyprus,
| which is actually a different country than Turkey and not
| recognized by other countries, it would be nearly
| impossible to extradite him without Turkey's cooperation.
|
| I doubt that Turkey would extradite her own citizen as
| well.
| pc86 wrote:
| Living free in Turkey doesn't necessarily mean he isn't in
| hiding, and/or hasn't paid off enough locals to be
| protected from extradition or capture.
| bostonsre wrote:
| It seems like kind of an evil move for law enforcement to put
| a target on his back like that. But I assume all of the bad
| guys knew which guy was pushing the phones, so he was
| probably going to be a target no matter what.
| at-fates-hands wrote:
| >> It seems like kind of an evil move for law enforcement
| to put a target on his back like that.
|
| This is actually a very old method of getting criminals to
| cooperate with law enforcement.
|
| The FBI used to do this with mob guys all the time in the
| 1980's. Show up, arrest them publicly, put out false
| newspaper articles saying he was close to flipping. He
| starts getting heat from the outfit and sooner or later,
| distrust is sown and suddenly he becomes a marked man. Word
| gets back to him they put a hit on him, or things get dicey
| with the underbosses and suddenly, he's like a cat in a
| cage with nowhere to go - so he turns on his associates in
| order to save his own life.
|
| Cops used to do the same thing with low level drug dealers.
| Pressure them to flip on their supplier by pseudo arresting
| them, taking him away. They'd drive around a bit, then drop
| him off without cuffs in the middle of the neighborhood in
| broad daylight. Word gets around what happened, and
| suddenly the heat gets turned up because now he was seen
| getting out of a cop car with no cuffs? Must mean he's
| turned informant. Same thing, he gets too much heat and
| feels he needs to save himself and flips anyways.
| bostonsre wrote:
| Fun.. I guess that's one way to figure out if someone is
| guilty or not. Either he's innocent and nothing happens
| or he's guilty and he dies or flips. The whole side
| stepping the judge/jury to go straight to the executioner
| part seems like it should violate some kind of law.
| lotsofpulp wrote:
| I think it is more accurate to say that this is simply a
| risk of engaging in activities with people who will kill
| you if they think you will tell the truth.
| bostonsre wrote:
| Yea.. I can see some people thinking that, but that
| sentiment kind of goes against the rule of law. If all of
| the criminals committed crimes that everyone agreed
| should be punishable by death I could see it being more
| acceptable, but if these are lesser crimes that wouldn't
| be punishable by death but where the individual could be
| killed by other criminals that believe them to be a
| snitch, having law enforcement risk a person's life seems
| to go against the rule of law.
| dang wrote:
| Ok, we'll change to that from
| https://www.reuters.com/article/australia-crime/australian-p...
| above. Thanks!
| sorenjan wrote:
| The Vice and the NYT articles are better, and of course
| there's a Wikipedia article about it. This article is too
| focused on the Australian part of the operation with too
| little detail about how it actually worked.
|
| https://www.vice.com/en/article/akgkwj/operation-trojan-
| shie...
|
| https://www.nytimes.com/2021/06/08/world/australia/operation.
| ..
|
| https://en.wikipedia.org/wiki/ANOM_sting_operation
| martyvis wrote:
| Well this 145 second animated explainer by the Australian
| Federal Police covers it pretty well
| https://youtu.be/qq9wnMXvgOc
| motorocool wrote:
| Never never use a mobile phone if you're a dirty criminal
| cromka wrote:
| What we've learned is only what was in Austrlia's piece of the
| cake, given they started their day already. New Zeland had theirs
| already, too. I imagine thousands of arrests are still happening
| worldwide and several press conferences are going to be held
| today. Looking at the seal of the operation
| (https://www.anom.io/trojan_shield_seal.jpg), following countries
| participated in the operation: Canada, Australia, US, Sweden, The
| Netherlands, Lithuania, Finland, Hungary, Norway, Austria, UK,
| New Zeland, Estonia, Scotland, Germany, Denmark.
|
| I expect this to be bigger than Panama Papers. Way bigger. I
| expect a few prominent politicians to be soon either arrested or
| "convinced" to step down. I expect the US to have gained a lot of
| intel and leverage over those from the countries who did _not_
| participate in this. We will absolutely _not_ learn about
| everything they discovered. CIA will and the respective
| intelligence agencies will.
|
| EDIT: Europol will hold their conference live on YouTube at 10 AM
| CST: https://twitter.com/janoorth/status/1402164252266409987
|
| EDIT 2: given how Serbia was in the top 4 of messages sent, I
| really hope that the info gathered will help Interpol fight child
| trafficking and exploitation in the EU.
|
| From the VICE article
| (https://www.vice.com/en/article/akgkwj/operation-trojan-shie...)
| quoted elsewhere here:
|
| "Additionally, the review of Anom messages has initiated numerous
| high-level public corruption cases in several countries. The most
| prominent distributors are currently being investigated by the
| FBI for participating in an enterprise which promotes
| international drug trafficking, money laundering, and
| _obstruction of justice_. "
|
| "Late Monday, the FBI said that it would be holding "a news
| conference announcing a massive worldwide takedown based on the
| San Diego FBI's unprecedented investigation involving the
| interception of encrypted communications" on Tuesday."
| dagw wrote:
| Sweden just announced 155 arrests:
| https://www.svt.se/nyheter/inrikes/europol-berattar-om-det-o...
| Ovah wrote:
| Which amounts to almost 20% of those arrested. Maybe it's
| partly due to Sweden historically having strong computer
| literacy. Only time will tell.
| nemetroid wrote:
| Note that 155 is the grand total over the entire duration of
| the operation. The tally (given in your linked video) is:
|
| * 70 yesterday in Sweden
|
| * 5 yesterday in Spain (related to Swedish investigations)
|
| * 80 earlier, candidly
|
| I believe 70 is the figure that should be compared with the
| 800 total [1].
|
| > A series of large-scale law enforcement actions were
| executed _over the past days_ across 16 countries resulting
| in more than 700 house searches, more than 800 arrests [...]
|
| 1: https://www.europol.europa.eu/newsroom/news/800-criminals-
| ar...
| cheph wrote:
| > I expect a few prominent politicians to be soon either
| arrested or "convinced" to step down.
|
| Won't happen because the media and FANG runs cover for
| politicians in the west as opposed to reporting on them.
|
| They keep burring anything that can be slightly damaging to
| politicians while they dox private individuals with impunity.
| mdoms wrote:
| I think you're drawing an extremely long bow on this.
| 9wzYQbTYsAIc wrote:
| Qantas was just implicated as being corrupted from within,
| complaining that no one had told them who or what corruption
| until the day before this was announced.
|
| There isn't much of a stretch of the imagination required to
| see that there is a deep rabbit hole that just got filled
| with cement.
| mweatherill wrote:
| I was thinking about that same story when I saw the mention
| of "trusted insiders"
| dash2 wrote:
| Hee hee! The parent domain now has a useful form for criminals
| to turn themselves in with: https://www.anom.io/
|
| "To determine if your account is associated with an ongoing
| investigation, please enter any device details below:"
|
| and then it asks for your username, country and IMEI....
| emc3 wrote:
| Honey pot?
| Crosseye_Jack wrote:
| The police are so considerate. Not that long ago they were
| offering to test your meth to see if it contained coronavirus
| ;-) https://www.news4jax.com/news/weird-news/2020/03/03/is-
| your-...
| Vespasian wrote:
| That is a law enforcement mic drop and it's well earned by
| doing good police work.
| vinay427 wrote:
| The shield and your comment list the UK and Scotland separately
| here, which (at least for now) is not accurate as I'm sure
| you're aware. Are there separate agencies involved that merit
| including both flags?
| swlp21 wrote:
| Scotland has an entirely distinct legal system with a single
| unified police agency (with it's own serious and organised
| crime division). There has never been a connection between
| the legal system in Scotland and that of England and Wales.
| Scots laws are primarily passed by the independent Scottish
| Parliament with only a small number of matters reserved for
| the UK Parliament in London which passes distinct statutory
| instruments for Scotland to create approximate equivalence
| between the 'English' and 'Scottish' laws. These result in
| anomalies like the violent imagery laws in Scotland are more
| strict than those of England, meaning a cartoon image in
| England can be legal to possess but have strict liability
| severe punishment in Scotland; Scotland retains a right to
| silence upon arrest but in England remaining silent can be
| considered by a court to be an admission of guilt (sorry US
| readers, there is no 5th amendment in England and Wales; you
| do not have the option of "never talk to the police").
|
| The difference has long irritated 'the English Establishment'
| so much that an informal verse was sung at one point as an
| adjunct to what is now the UK National Anthem (but was not
| officially added contrary to some popular belief[1]).
|
| It also gave rise to the deeply racist phrase "Scot Free" in
| relation to people being acquitted in trials - during 'show
| trials' to crush anti-establishment figures, Scots juries
| would regularly return 'not proven' verdicts as it was
| necessary for all parts of an indictment to be 'proved' and
| juries used the verdict to rebel against unjust trials of
| English opponents. The phrase was used to denigrate those
| thus freed by juries and persists throughout the English
| speaking world today and is in common usage despite it's
| origin as a racist epithet towards Scots and the Scottish
| legal system.
|
| [1] http://www.sath.org.uk/edscot/www.educationscotland.gov.u
| k/s...
| agurk wrote:
| To save everyone a google, the etymology of scot free is
| not based in Scottish juries.
|
| The phrase in its oldest form literally refers to getting
| away without paying tax. Scot is cognate with the Danish
| (Scandinavian) word skat which means both tax and treasure
| - the latter meaning incidently being why it can be used as
| a term of endearment.
|
| This later was broadened to mean getting away without any
| punishment. I could find no reference online to its use for
| show trials.
|
| Sources:
|
| https://www.etymonline.com/word/scot-free
|
| https://www.phrases.org.uk/meanings/scot-free.html
|
| https://www.theguardian.com/notesandqueries/query/0,5753,-2
| 7...
|
| https://www.gingersoftware.com/content/phrases/scot-free/
|
| https://www.worldwidewords.org/qa/qa-sco1.htm
| mdiesel wrote:
| For those interested in what the gp could be referring
| to: There is a Wikipedia article and other sources on the
| "not proven" verdict of Scottish juries which was/is in
| practice an acquittal. It's apparently still used in
| roughly 1/3rd of cases. There is a list of significant
| cases for which the verdict was used, though none seem to
| be related to political protest.
| foldr wrote:
| > There has never been a connection between the legal
| system in Scotland and that of England and Wales. Scots
| laws are primarily passed by the independent Scottish
| Parliament
|
| To add some important context here, the Scottish Parliament
| came into existence in 1999. So it's by far not the case
| that the majority of laws in effect in Scotland were passed
| by the Scottish Parliament.
| hamilyon2 wrote:
| Bitcoin price might take a hit or two.
| toss1 wrote:
| It already dropped significantly after the Feds announced
| that they'd seized most of the Colonial Pipeline ransom [1]
|
| Right now $31,916/BTC, down over 11% from ~$36,100 24 hours
| ago... and falling.
|
| [1] https://www.cnbc.com/2021/06/08/bitcoin-btc-price-slides-
| as-...
| varispeed wrote:
| > I expect this to be bigger than Panama Papers. Way bigger. I
| expect a few prominent politicians to be soon either arrested
| or "convinced" to step down.
|
| I highly doubt it. The main drug operations run with state
| approval. If anything this was just an attempt to either clean
| the country from competition or just keep law enforcement busy.
| If you read the reports, what they have collected, this is
| nothing if you compare what kind of volumes are being moved
| every day.
|
| For example, in the UK alone it is estimated that yearly volume
| of illegal cannabis sales is in the region of 6 billion of
| pounds and the haul of entire operation was like how much, a
| 100 million?
|
| What it is going to achieve is a slight vacuum, new youth "get
| rich quick type" will take place and resume operations.
|
| If this wasn't announced in the media, I doubt drug consumers
| would have ever noticed something happened. If someone is using
| illegal market, they have plenty of alternative contacts if
| their main dealer goes bust.
|
| Also these things are already included in the pricing, so this
| will be just written off as cost of doing business.
| Scoundreller wrote:
| In other words, police and customs forces never bother to
| measure their "success" (seizures) in percent.
|
| If they did, they'd get defunded. We'd get more off the
| streets by just buying it.
| vkou wrote:
| When you put a bounty on dead rats, you don't get a
| reduction in the amount of rats in your town. What you do
| get is people breeding rats, to turn in for the bounty.
|
| Drug markets will operate with similar incentives.
|
| If you want to kill the drug trade, what the government
| needs to do is to start _selling_ drugs. When drugs are
| cheap, violence and interest in the drug trade plummets.
| Nobody wants to go to jail over their drug dealing 'job',
| when its earning them $8/hour.
| cromka wrote:
| > When you put a bounty on dead rats, you don't get a
| reduction in the amount of rats in your town. What you do
| get is people breeding rats, to turn in for the bounty.
|
| The "Cobra effect".
| cromka wrote:
| > If you read the reports, what they have collected, this is
| nothing if you compare what kind of volumes are being moved
| every day.
|
| I saw this. Watched the whole Europol conference. Those
| numbers are indeed low: 9 tons of cocain, 5 tons of
| cannabis/hashish. Some guns and 15m USD, if I remember
| correctly.
|
| I still don't think I exaggerated. There's no way that's all
| they got from it after 3 years of eavesdropping. There's just
| no way that those tens of thousands of messages only
| incriminated some drug lords. What they did with these press
| conferences was a pure PR, they just wanted something for the
| press, but I still believe that the actual aftermath of this
| will much larger.
| donalhunt wrote:
| Europol press conference is available for playback now at
| https://youtu.be/e443mE8l-_0
|
| There is another press conference at 09:00 PDT too (FBI I
| believe).
|
| Side note: Scotland is recognised separately from the UK in the
| list of participating countries. ;)
| cronix wrote:
| The first 14:30 of that video has no audio and basically
| B-roll footage. I'm sure a lot of people wont watch the whole
| thing and miss the actual conference.
| [deleted]
| worik wrote:
| Scotland has a separate police force.
| yawaworht1978 wrote:
| The comments on the video of the people who call this
| operation communist and so forth are infuriating, i must say.
| janmo wrote:
| I've been reading a lot about these "encrypted phones recently".
| What really shocks me is how in the last years police has been
| going after operators of such services under the premise that
| they would help criminals.
|
| - Sky ECC (Shutdown, owner is facing criminal charges)
|
| - Phantom Secure (Shutdown and owner got 9 years in prison)
|
| - Encrochat ("Hacked" by french police)
|
| So it seems like those "Encrypted phones" were very effective for
| Law Enforcement to put such an effort to go after them.
|
| I think that criminal organizations will now rely on a do it
| yourself technique. Not buying phones online which is a very bad
| idea as law enforcement could just trap the phones at the postal
| facility, something they already do.
|
| Going to an old fashion phone retailer, then removing the camera
| and GPS module yourself and installing some encrypted open source
| software.
|
| Probably they are also going to fake messages. For 2 purposes:
|
| - Talk about a fake huge drug deliveries or an imminent mass
| shooting to verify if the network has been compromised, I am
| pretty sure police has no choice other than to act in such a
| situation.
|
| - This could be used as a strategy defense, if some messages turn
| out to be fake, then they can use plausible deniability on the
| others. And perhaps even claim police has faked them.
| chii wrote:
| > I am pretty sure police has no choice other than to act in
| such a situation.
|
| if the crying wolf method worked, terrorists would have a much
| easier time executing their plots.
| xwolfi wrote:
| It s not that they were so effective that police forces got
| scared of them, it's that the ratio criminals vs normal users
| is so high that it's a no brainer to spend a few millions on
| hacking/infiltrating them to collect a huge reward.
|
| Whatsapp or Telegram which your grandma uses would be very low
| reward compared to amount of conversations to parse.
| janmo wrote:
| Makes me wonder if those aren't already compromised.
| sfifs wrote:
| WhatsApp is trivially compromised to law enforcement
| already if you have backups setup which most people have
| for message recovery and switching phones. The backup is
| not encrypted with a private key.
| grumblenum wrote:
| >imminent mass shooting may prompt interdiction
|
| Pulse night club comes to mind as a counterpoint. A lot of
| people died to keep an informant happy. I think a more cynical
| outlook on law enforcement is appropriate.
| Thorentis wrote:
| > Talk about a fake huge drug deliveries or an imminent mass
| shooting to verify if the network has been compromised
|
| Surprised this wasn't done more. It's the classic tactic you
| see in the movies: give false intel to the suspected mole and
| see if they snitch on you.
| specialist wrote:
| > _I think that criminal organizations will now rely on a do it
| yourself technique._
|
| Ya, acknowledging the role of compromised encryption feels like
| burning their source.
|
| Speculation: Churchhill chose to let Coventry get bombed rather
| than disclose that German encryption had been cracked.
|
| Wouldn't the long game be to allow criminals to believe their
| communications remain secure, for law enforcement to do
| parallel construction for their cases?
|
| I can't imagine the calculus that goes into these decisions.
| jliptzin wrote:
| I wonder how much crime would be left if the drug trade were
| legalized
| bart_spoon wrote:
| Black markets exist and are extensive for products that are
| available through legal means.
| koheripbal wrote:
| To a much lesser extent though. I cannot think of any time
| I've used a black market for something that was otherwise
| available on the regular market.
|
| It's not common, and not very profitable.
| jliptzin wrote:
| Also has anyone ever been shot or had their arm chopped off
| with a chainsaw over cigarette smuggling to avoid sales
| tax?
| Zenst wrote:
| Alcohol and tobacco are legal in many countries and yet you
| still get counterfeits and illegal production.
|
| Also drug use is often not down to that user having a fair
| happy reality and oh so often the product of bigger issues that
| go untackled and addressing those social injustices would do
| far more to address crime overall than just legalising drugs.
|
| Now if they legalised drugs and used that tax income to address
| those social issues, then we would see progress and more so,
| some fairness restored.
| Scoundreller wrote:
| We've legalized marijuana in Canada. While the illegal market
| is still pretty big (likely over 50% by volume), the illegal
| prices have cratered.
|
| So you don't just have a big shift out of the black market,
| but what's left of the black market has also been decimated,
| and spends more on marketing/quality/experience.
| JulianMorrison wrote:
| Depends if the legal version ends up really expensive, compare
| cigarettes which are still smuggled because of the sin taxes.
| standardUser wrote:
| The fact that a small black market will still exist does not
| negate the argument that legalizing drugs would end the
| gargantuan black market that currently exists, and most of
| the ills that come along with it.
| Synaesthesia wrote:
| One day we will realise the war on drugs was mostly destructive
| to ordinary people. It's important to realise the US has
| historically played a huge role in the global drug trade, and
| that really stopping the drug trade means going after banking
| executives, politicians and chemical corporations. However that
| is never done.
| ComodoHacker wrote:
| > legal authorities prevented the app from being covertly used
| for a longer time frame.
|
| I can see how strong was the temptation to continue and see how
| far it could go.
| bloqs wrote:
| From the Vice Motherboard article:
| https://www.vice.com/amp/en/article/akgkwj/operation-trojan-...
|
| "This data comprises the encrypted messages of all of the users
| of Anoms with a few exceptions (e.g., the messages of
| approximately 15 Anom users in the U.S. sent to any other Anom
| device are not reviewed by the FBI),"
|
| Any ideas as to why?
| Cthulhu_ wrote:
| Maybe undercover agents? Diplomats?
| ChrisKnott wrote:
| They might have been IDed as non-criminal. You get the odd
| crime/drugs reporter who uses the devices, e.g. this
| interview was conducted on a SkyECC phone
| https://www.vice.com/en/article/93wj5d/prison-drug-dealer-
| cr... (another CDSC platform that was recently hacked).
| WJW wrote:
| The FBI can't inspect data about Americans without a warrant,
| which they presumably don't have. The other countries who were
| in on this have no such restrictions and will read the messages
| by American citizens just fine. They may or may not decide to
| tip off the FBI if there is evidence of crime in the messages,
| and the FBI at that point would have "reasonable suspicion" and
| could acquire a warrant based on that.
| yawaworht1978 wrote:
| It seems like there is a bust of these "safe" devices every other
| month. And the groups trust them again, when will they learn, do
| not use a phone or computer. One of the last Italian capos would
| pass on messages on pieces of paper or verbally. And still got
| busted, but after a life time.
| rbobby wrote:
| I find this a bit concerning. Catching bad guys is all well and
| good but I wonder whether the various governments are
| overreaching.
|
| Selling a bugged phone to a known criminal is likely fine (cite:
| The Wire).
|
| But is it acceptable to sell a bugged phone to
| unknown/unidentified/random people and then use the phone's
| communications to determine if the owner is a crook and the
| owner's identity? The sole basis of suspicions seems to be
| "bought phone", or maybe "bought phone using bitcoin", or even
| "bought phone on TOR using bitcoin".
|
| It will be interesting to see how many of these cases hold up in
| court.
| astura wrote:
| These phones weren't "normal" in a way that non-criminal would
| just happen to buy/use - all of their functionality was
| stripped out except the ANOM app which was disguised as a
| calculator app and you needed to input a code to access it.
|
| I'd also assume they don't just take orders from anyone, I'd
| imagine you'd need a referral.
| 542354234235 wrote:
| I suspect it was likely a multi-step process to actually get
| authorization to track a new phone and decrypt messages. For
| example:
|
| >Step 1: Confirm known bad guy has phone through some other
| means.
|
| >Step 2: Decrypt phone messages of known bad guy. Confirm they
| are criminal activities.
|
| >Step 3: Note all previously unknown phones that exchanged
| criminal messages with known criminal.
|
| >Step 4: Those phones are now considered belonging to known
| criminals. Return to Step 2.
|
| Now, its totally possible they were just saying "someone bought
| a phone through TOR, they are probably bad so we can decrypt
| their messages" but that doesn't have to be true for them to
| have worked their way through this criminal network.
| lazyasciiart wrote:
| Yes, and the court documents released include FBI reasoning
| based on previous sampling of users showing that the people who
| bought _these_ phones were criminals. They 're not ordinary
| phones, and distribution is intentionally limited. Drug
| smugglers don't want to let just anybody buy a phone for their
| encrypted network, you know
| Scoundreller wrote:
| > Drug smugglers don't want to let just anybody buy a phone
| for their encrypted network, you know
|
| I mean, if it's well encrypted, it should be strong enough to
| not worry about any random being on the network too, no?
|
| I guess that's too counterintuitive for those sweating right
| now.
| flerchin wrote:
| Log it all, and use network discovery and the legal process to
| access each new device? The main problem for the feds is that
| the data will be gone. Since it's not gone, they can use the
| legal process at their leisure.
| lm28469 wrote:
| From what I read you could only buy/activate this phone(or
| app?) if you knew someone using one and they were only sold on
| the black market by people who knew the criminal organisations
| gpm wrote:
| I haven't read the court documents, but this seems
| theoretically solvable by just only accessing the backdoor on
| any particular phone once you've seen it send an incriminating
| message to a phone you are already accessing (and getting
| judges to sign off on warrants for it, paperwork is probably a
| nightmare).
|
| You start with the head honchos phone, someone texts him about
| a drug shipment, so you get a warrant to access the backdoor on
| that phone as well, and so on.
|
| As long as there aren't isolated cells, you get every cell
| phone. Since you're relying on the head honcho to push the
| phones, there probably aren't isolated cells.
| graderjs wrote:
| The takings are just insane. In EU they seized 8 tonnes (!) of
| cocaine and 22 tonnes of marijuana.
| Scoundreller wrote:
| 8t, but global production is 1000-2000t per annum.
| woeirua wrote:
| Odds that this is how the US nabbed the key to the Bitcoin from
| the Colonial Pipeline ransom? That'd be pretty wild, but makes
| sense...
| Scoundreller wrote:
| Well, both the warrant looking for an an0m user's gmail account
| and the judge's warrant for seizing the Bitcoin were from
| Northern California.
| reedjosh wrote:
| Why is the burner on high heat in like the fourth photo?
| [deleted]
| janmo wrote:
| I think this is very problematic.
|
| Let's say police claims you did something with only the chat log
| as an evidence and they run the chat software. Then they could
| very well have just faked it, because they have a high incentive
| to do so.
|
| If the messages were on a third party platform you would at least
| have a neutral third party involved.
| bagacrap wrote:
| I don't think it will hold up in court if the only evidence is
| chat logs. After all, it's basically impossible to prove who
| was holding the phone when a message was sent. But this should
| be enough information to make arrests and collect additional
| evidence, e.g. a stash of illegal firearms.
| yawaworht1978 wrote:
| I wonder how the police linked the devices to real world
| identities, the exact procedures would be interesting to know.
| janmo wrote:
| Perhaps if the WLAN module was not disabled they could have
| used the mac addresses of the WLAN router. But that's a good
| question.
| yawaworht1978 wrote:
| Indeed, sure some might have shared personal info etc, and
| this case shows that the English guy recently arrested
| because of a cheese image was a lie, but finding the real
| user behind the device must have taken a lot of work, the
| authorities seem hesitant to share this info. Each one had
| also to pay a subscription and make a payment, perhaps this
| helped a great deal.
| Scoundreller wrote:
| Jokes on you, my WLAN MAC is
| B00B1E55:B00B1E55:B00B1E55:B00B1E55 and yours should be
| too.
| janmo wrote:
| This doesn't help a lot if you have a neighbor WLAN in
| reach. They would just used that one to locate you.
| yawaworht1978 wrote:
| So they seized 130 million, arrested 1800 people. Assuming even
| wealth distribution, that is 72k Eur. The distribution is of
| course not even, as some of the confiscation images show cars
| worth way more than that, also watched and many bags filled to
| the brink with money. Some of the arrest images show the bedrooms
| and they do not look better than a prison cell. This means many
| of the involved do this for very bad ROI ratio, considering that
| most will face 20plus years sentences.
| lfmunoz4 wrote:
| Anyone know how these applications work the architecture of them?
| To me it seems that encryption apps are trivial. Yet they keep
| getting compromised. You have a public key and private key you
| give public key away. You keep private key safe, what is so
| difficult?
| raldi wrote:
| Next: "We've secretly been torturing people for the last three
| years -- look at all the cases it helped us crack!"
| na85 wrote:
| Text of TFA uses the term "infiltrating" in lieu of "cracking".
| Not that I necessarily expect Reuters to keep their infosec
| terminology straight but I wonder if this was a novel hack or if
| was a simple matter of a judicial gag order, seizing the
| developer's account and then pushing out a malicious update that
| enabled MITM or something.
| senectus1 wrote:
| from what I understand they developed the app themselves...
| marketed and pushed the app to certain "dark markets" and let
| them use the apps and devices as if they were secure. they were
| in fact real time monitoring every transaction.
|
| amazing really. and pretty funny if you asked me :-P
| stef25 wrote:
| If I present some device to my local street dealer and tell
| him to "use this it's secure I swear" he'll probably punch me
| cause he suspects a trap.
|
| Amazing that these "world class" criminals fall for this
| stuff.
| lazyasciiart wrote:
| Not if you're his supplier. This whole thing works on pre-
| existing connections.
| Gibbon1 wrote:
| Sounds like they busted down an established provider of
| secure comm devices and then took over it's distribution
| network to push their own devices.
| iJohnDoe wrote:
| Not funny. Pretty much worse fucking case scenario.
|
| Imagine Signal, Telegram, or any other app that touts
| themselves as a secure app is really just the creation of the
| FBI, NSA, CIA, and NRO.
|
| Remember, yesterday's conspiracy theory is today's reality.
| nexuist wrote:
| If you're not already operating under the assumption that
| TLAs have full access to your entire online history,
| there's really no point in trying to start now. Use secure
| apps like Signal to hide your information from hackers,
| thieves, and generic script kiddies, not to hide from
| national security agencies. Especially when said agency can
| send a van to your house to take all your digital equipment
| (fully legally if backed by a warrant) until you comply and
| give up all your passwords and encryption keys.
|
| You cannot defeat the legal system through technical means,
| your only hope is having some kind of escape submarine or
| private jet to get yourself extracted to a non-extradition
| country like Russia (or, if you're Snowden, trolling
| journalists with your flight so all the goons get on the
| wrong plane).
|
| https://xkcd.com/538/
| inigojonesguy wrote:
| Many people like me wish to hide from Google and
| Microsoft, not from NSA. Because of two widespread
| reasons.
|
| - I don't want to have a personalized experience on the
| net.
|
| - I don't want Google algorithms to hide my new bike
| frame invention because I also posted an opinion about
| bing censoring tank man, or about Google cache as
| commons.
| nucleardog wrote:
| For a slightly humorous take on this, James Mickens'
| paper _This World of Ours_[0] is enjoyable:
|
| > In the real world, threat models are much simpler (see
| Figure 1). Basically, you're either dealing with Mossad
| or not-Mossad. If your adversary is not-Mossad, then
| you'll probably be fine if you pick a good password and
| don't respond to emails from ChEaPestPAiNPi11s@virus-
| basket.biz.ru. If your adversary is the Mossad, YOU'RE
| GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT.
| The Mossad is not intimidated by the fact that you employ
| https://. If the Mossad wants your data, they're going to
| use a drone to replace your cellphone with a piece of
| uranium that's shaped like a cellphone, and when you die
| of tumors filled with tumors, they're going to hold a
| press conference and say "It wasn't us" as they wear
| t-shirts that say "IT WAS DEFINITELY US," and then
| they're going to buy all of your stuff at your estate
| sale so that they can directly look at the photos of your
| vacation instead of reading your insipid emails about
| them. In summary, https:// and two dollars will get you a
| bus ticket to nowhere.
|
| [0] https://www.usenix.org/system/files/1401_08-12_micken
| s.pdf
| ganzuul wrote:
| This is pretty much my understanding too. We have not
| progressed one iota in civilization and everything comes
| down to torture and murder when the going gets tough.
|
| My only hope for a future for humankind lies with this
| socialist software ideal I have been musing about...
| fouc wrote:
| Yeah, sometimes I wonder if Tor is already co-opted like
| this.
| dt3ft wrote:
| Food for thought: Telegram estimated costs for 2021 based
| on 675 million monthly active users (MAU) are $220 Million.
| Yet, the app is somehow free to use. Where does the money
| to cover the costs come from?
| viraptor wrote:
| At least the story of them being dodgy (in terms of
| origin/funding) and playing up encryption which is not
| enabled by default is pretty well documented by now. I
| get that people really like the UX of the app, but I wish
| more of them approached Telegram with "Russian gov has
| access to my unencrypted messages, but maybe the
| encrypted ones too" mindset.
| rorykoehler wrote:
| If that is the case normies living outside of the sphere
| of Russian influence have little to worry about surely.
| Better Russia than your own government.
| fragileone wrote:
| Telegram isn't end-to-end encypted except for some 1:1
| chats. The unencrypted chat data is likely being sold, as
| their privacy policy allows.
| jakub_g wrote:
| $220M is not pocket money, but Durov's net worth is
| apparently $17.2B, so he could afford it for a few more
| years
|
| https://www.forbes.com/profile/pavel-durov/
| yawaworht1978 wrote:
| Thanks for this, what about Moxie? Who covers those
| costs?
| kenneth wrote:
| Signal is funded by a $50M donation from Brian Acton, who
| made billions selling WhatsApp to Facebook.
| stef25 wrote:
| He was listed on the Forbes Billionaires List in 2021,
| with a net worth of $17.2 billion. His fortune is largely
| driven by his ownership of Telegram
|
| - Wikipedia.
|
| So billions from Telegram, a free app. What am I missing?
| jakub_g wrote:
| That's a valid point. It's free now but they do have some
| plans for monetization (ads in channels with huge numbers
| of subscribers etc.)
| Thorentis wrote:
| Except that we can see exactly what is being sent from our
| devices since Signal is open source. Even if the servers
| are run by the FBI, at best they have a whole bunch of
| encrypted messages (which they could get by wire tapping
| anyway).
| scoopertrooper wrote:
| I'd say it's just a good argument for using a popular app
| (like one you mentioned) because it is likely to be subject
| to the critical eyes of security researchers.
| walrus01 wrote:
| If moxie marlinespike is a deep cover agent he's been
| cultivating a whole character and persona for a very long
| time. I'd lean towards the "not a NSA plant" view myself.
| XorNot wrote:
| And that is why open source is important (and Signal's
| server and open source integration should be viewed very
| skeptically).
| marlor wrote:
| They covered themselves by ensuring that the devices could
| only be ordered after private referral from another user.
| All of whom were underworld figures (the devices were
| initially "seeded" to "underworld influencers").
|
| I'm sure that added to the credibility of the device among
| criminal groups, but it also ensured that the platform
| wasn't adopted by your average privacy-conscious user.
| ferros wrote:
| Looks like the app's domain was also seized.
|
| https://www.anom.io/
| olalonde wrote:
| Funny how that form is essentially asking users to dox
| themselves. I wonder how many will take the bait.
| Scoundreller wrote:
| My mother-in-law better watch out
|
| Overall, a very clean website source. No trackers in the
| source at all.
|
| Countries list is interesting. Lists Puerto Rico, American
| Samoa and Virgin Islands (US). Didn't know PR seceded, thank
| you FBI for confirming. Lists various French territories.
| Missing South Sudan. Missing Kosovo. Includes Taiwan.
| Includes Palestine.
| [deleted]
| dalbasal wrote:
| " _To determine if your account is associated with an ongoing
| investigation, please enter any device details below:_ "
|
| Seems like they're flexing.
| Vespasian wrote:
| It probably directs to a static page saying "YES" because
| after entering all that information your account will be
| under investigation for sure ;)
| marlor wrote:
| It's bizarre, because news reports state that the entire app
| and monitoring system was created by the FBI and Australian
| Federal Police.
|
| If it's their system, why would they need to seize its domain?
| Scoundreller wrote:
| The whois shows no updates for 11months:
|
| Updated Date: 2020-07-07T06:01:35.21Z
| lmm wrote:
| If they were trying to get criminals to start using it,
| hosting it on the (seized) website of some reputable criminal
| organisation might have been helpful?
| diamondhandle wrote:
| Can someone explain what flag in the top left corner is?
| There's probably another non-country flag I missed in there
| too.
|
| https://www.anom.io/trojan_shield_seal.jpg
| marlor wrote:
| Europol: https://www.europol.europa.eu/
| postingawayonhn wrote:
| The Europol logo.
| rukuu001 wrote:
| Love the AFPs effort at branding Operation Ironsides
| pelasaco wrote:
| Nice one, but i guess if this whole operation was still a secret,
| we could pull this trick over and over again? Now will be hard to
| disguise an app like that.
|
| Probably the next season of the "StartUp" TV series
| WJW wrote:
| This is already the third or fourth such app that was either
| infiltrated by the police, taken over by the police or outright
| constructed by them. Criminals have a vested interest in
| getting access to encrypted communications and they know that
| all of the common phone OSes and chat apps are compromised, so
| they will be looking to join such secure networks. This need
| for security is what makes the continued use of these
| operations by law enforcement viable, since criminals have no
| choice but to seek out these encrypted apps.
| usrusr wrote:
| My impression is that in all those cases the root weakness
| was that those criminals liked to feel sophisticated, "in the
| know". So those special apps (special, from our perspective,
| as in euphemism for birth defect) could spread by fashion.
| The smalltimes like to imitate the big ones while the big
| ones try to stay ahead of the curve, eager to pick up
| anything new from upstarts before they become big.
|
| It might be my Hollywood education speaking, but criminal
| networks are supposed to lean strongly on status and respect
| (how could they not, given the absence of law enforcement
| which makes trust the only option) and this makes them
| vulnerable to fashion as a malware vector.
| Scoundreller wrote:
| That's what I'm thinking too. A lambo looks faster, but in
| reality the beat up Toyota will get you around faster. You
| can park it in the sketchiest neighbourhood, go over 3'
| potholes without slowing down, take a dirt road, park 1'
| away from the next car and bash your door against it to get
| out, etc.
| WJW wrote:
| I think it is also just a natural "feature of the terrain".
| Criminals need to communicate with their customers and each
| other to coordinate, but they cannot use "normal" apps
| because those can be presumed to be compromised by the
| police. This creates a natural funnel where criminals are
| driven to these custom apps, similar to how old-time armies
| would fight over things like river crossings and mountain
| passes because the opponent had no choice but to go there
| if they wanted to invade at all.
| Cederfjard wrote:
| Presumably it would've come out during legal proceedings
| anyway.
| dboreham wrote:
| They forgot to review the app's source code.
| intricatedetail wrote:
| > and seized more than 3,000 kilograms of drugs and $45 million
| in cash and assets.
|
| Excuse me, but I can't stop laughing. Three years effort to catch
| a small fish and they sell it as if they got bust of the century.
|
| Why don't they investigate politicians that facilitate
| prohibition and enable these gangs to work in the first place?
|
| Police can't see they run fool's errands.
| fvold wrote:
| The big blow isn't the amount of drugs or cash taken, it's the
| grabbing of relatively high ranking people in the organization,
| and the absolute shattering of their communication.
|
| I bet a bunch of them will go back to in-person communication
| only for a long while after this, slowing things down
| considerably.
| rorykoehler wrote:
| Are they just catching nobodies though?
| rorykoehler wrote:
| This was exactly my thought too. The numbers they quoted in the
| Europol press conference are a drop in the ocean.
| premium-komodo wrote:
| As is often the case with the FBI, they were apparently
| facilitating the crimes. It's easy to argue that the crimes might
| not have taken place without the FBI's help. Somehow this is
| never entrapment when the FBI is doing it.
| [deleted]
| emsign wrote:
| People were onto Anom already figuring out it wasn't what it
| pretended to be. Site got deleted shortly after the raid.
|
| https://webcache.googleusercontent.com/search?q=cache%3APwQX...
| rohanstake wrote:
| Good that they arrested the culprits. But infiltrating the
| encrypted messaging app isn't the best thing I guess.
|
| The argument, it is used by criminals is flawed. Because
| everything is - water pipelines, cash, facebook, and so on.
| fvold wrote:
| This was specifically seeded into the criminal world. It's not
| like they cracked Signal, or whatever.
|
| It's not an infiltration of the app, it's an infiltration of
| the criminal organizations, using an app they made.
| usrusr wrote:
| Makes me wonder if "invite only" could eventually be read as
| a red flag indicating possible honeypot? Guess no secret tool
| is forever.
| tcbasche wrote:
| maybe read the article ;)
| hemloc_io wrote:
| Seems like duplication and infiltration is becoming a more common
| tactic amoung LE.
|
| There's some pretty convincing speculation Dream market was setup
| as a similar operation to this. [0]
|
| If this proves anything it's that the fear mongering by LE about
| encryption was overblown and they're just lazy lol.
|
| 0: https://youtu.be/1VZkiQUzITU
| Taniwha wrote:
| not just Australia, it's world wide and likely led by the FBI
| (but possibly data being collected outside the US to avoid the
| need of having actual warrants)
|
| The following thread looks at some of the opened court documents
| today:
|
| https://twitter.com/ericgarland/status/1402100449013125123
|
| (and points out that the Trump organisation might be in trouble
| ....)
| [deleted]
| lazyasciiart wrote:
| Being outside the US doesn't avoid the need for actual
| warrants. That thread mentions several, both in the US and out
| of it.
| Scoundreller wrote:
| Unless they found a pushover country and structured as much
| data to be sent there in the app. Have them get the warrant
| and review the data and inform you of anything good.
|
| Arbitrage isn't just for bankers.
| Sleepytime wrote:
| >(and points out that the Trump organisation might be in
| trouble ....)
|
| Thanks for that line, I was starting to worry that there were
| things going on in the world that weren't about Trump.
| galaxyLogic wrote:
| The tweet says: "... remember that Dipshit McSonInLaw used
| these exact "technologies" to communicate with the Saudis and
| stuff. ... ".
|
| But, I don't see how he the tweeter could be sure or know that
| Trumps used this app?
| marlor wrote:
| I'm sure he has no idea. This is far from the only encrypted
| messaging system out there.
| anigbrowl wrote:
| Eric Garland is a massive blowhard/self-promoter (and I say
| this despite sharing his dislike of Trump). Even when his
| claims are accurate he's so obnoxious and annoying that I
| can't be bothered to evaluate his other claims. I save a lot
| of time and mental agitation by ignoring e-personalities and
| assuming that if something is important I'll hear about it
| from a quality source before very long.
| nyokodo wrote:
| > I save a lot of time and mental agitation by ignoring
| e-personalities and assuming that if something is important
| I'll hear about it from a quality source before very long.
|
| We've had 4 years of media personas announcing Trump's
| imminent incarceration. Call me when something sticks.
| flashman wrote:
| As to how the FBI got access to the messages, Vice says[1] after
| Vincent Ramos of Phantom Secure was arrested in 2018, a
| confidential human source offered Anom, which the source was
| developing, to the FBI (probably in exchange for immunity or a
| reduced sentence, in my opinion). The source then seeded Anom
| phones to his existing distributors as a replacement for Phantom
| Secure phones, and from their they made their way into criminal
| organisations.
|
| [1] https://www.vice.com/en/article/akgkwj/operation-trojan-
| shie...
| RachelF wrote:
| Makes you wonder how many commercial VPN services are just FBI
| honeypots?
| deadalus wrote:
| This is exactly why I tend to use VPNs from country's with
| which the US is not in good terms with : Russia, Iran,
| Belarus, China
| tlb wrote:
| First-order strategy (do something that works as long as
| the other side hasn't also thought of it) only works until
| the other side thinks of it. My guess is that the
| intelligence complex (CIA +) thought of this around 1995,
| and the domestic law enforcement complex (FBI +) around
| 2005.
| walrus01 wrote:
| If I was a US intelligence agency I would specifically
| establish colocation presences with ISPs in Russia,
| Belarus, Uzbekistan, china, etc, on commercial ISP terms,
| and admin the servers remotely to set them up as a
| commercial vpn service. There's plenty of datacenter
| operators in Russia that will take your money.
| stef25 wrote:
| > There's plenty of datacenter operators in Russia that
| will take your money.
|
| Wouldn't they have some uncomfortable questions to answer
| when Putin finds out they've been cooperating with the
| Feds?
| walrus01 wrote:
| The feds would pose as a slightly shady hosting/Colo
| company or similar.
| kryptiskt wrote:
| Presumably the feds wouldn't say who they were and would
| pose as common criminals, because they wouldn't have any
| reason to suppose that the datacenter operator would keep
| quiet if they were open about their identity.
| 542354234235 wrote:
| But yours assumes that Russia doesn't do counter-intel
| and wouldn't be looking for exactly these kinds of
| infiltrations. If it is obvious to us that these things
| would be targets, I'm pretty sure it is obvious to
| Russian intelligence services.
| md_ wrote:
| Bellingcat appear to routinely buy data from Russian
| blackmarket data brokers.
| emc3 wrote:
| Shady fly by night data hosting doing counter-intel, or
| better, Putin spending his precious rubles on running
| counter-intel ops for shady fly by night hosting
| companies, are both hilarious.
| pueblito wrote:
| Russian govt has always held counter intel to be a top
| priority and they devote an enormous amount of resources
| towards it, so why is that hilarious?
| dannyw wrote:
| Especially VPN services that got acquired, like Private
| Internet Access, acquired by what many people describe to be
| a malware company.
| Loughla wrote:
| Wait, what? What did I miss?
| astura wrote:
| It was acquired by Kape Technologies, which used to go by
| the name of Crossrider and has a sketchy history
|
| https://hiddenrouter.com/private-internet-access-vpn-to-
| be-a...
| killingtime74 wrote:
| Or even foreign state actors
| andruby wrote:
| The FBI, from the viewpoint of 95% of the world, is "a
| foreign state actor".
| Thorentis wrote:
| Not country-wise. The US has many first world allies that
| cooporerate with the FBI on a second party basis.
| wallaBBB wrote:
| One of the (publicly unspoken) conditions to offer VPN
| services in western countries is to keep logs and provide on
| their request, regardless of the marketing stories. There are
| several verifiable cases where Nord has cooperated with FBI
| and Interpol and provided logs, but this is a fairly small
| lie, compared to the time when they tried to keep quiet about
| a breach.
|
| Not saying that having a VPN service from Russia or China is
| a better solution...
| ocdtrekkie wrote:
| Generally speaking, they all have to have relatively short
| term logs to operate and protect their services. This tends
| to defeat things like piracy, where commercial actors need
| time to file paperwork and get subpoenas, by which time the
| logs are gone, but obviously the feds can move a lot faster
| and tend to get what they need to catch serious criminal
| activity.
|
| This would, to me, suggest VPN services are a general
| societal good, as they prohibit annoying corporate IP
| enforcement behaviors, while not meaningfully helping
| pedophiles and terrorists.
| x86_64Ubuntu wrote:
| Russia and China would in fact be a better solution as most
| Westerners are never going to be subject to Russian or
| Chinese authorities.
| jorblumesea wrote:
| Sure until you visit a geopolitically aligned airport and
| get detained and propositioned by a foreign intelligence
| agency. Then you end up spying against your own country
| because your VPN provider was just a honeypot for a
| foreign intelligence agency. Blackmail, forced detention,
| "crimes against the Chinese state", jail without due
| process or civil rights, who knows. Maybe you didn't even
| break US law but Chinese or Russian law.
|
| I would never willingly trust a country like Russia or
| China with my information.
| x86_64Ubuntu wrote:
| That stuff already happens to people in the West, and
| people who visit non-Western but Western aligned
| countries. The fact of the matter is that if you are a
| Westerner, you are going to spend more time in the
| Western sphere of influence, of which Russia and China
| are not a part of.
| JumpCrisscross wrote:
| > _most Westerners are never going to be subject to
| Russian or Chinese authorities_
|
| Coercible locals are a valuable asset. Not sure why
| countries with zero rule of law would be attractive to
| someone valuing a principle like privacy.
| vkou wrote:
| Any locals in any country are coercible to their
| government, if it really wants to.
| x86_64Ubuntu wrote:
| I'm not sure what you are trying to say, especially with
| the "coerciable locals", other than trying to say China
| and Russia have "zero rule of law".
| acoard wrote:
| His point is that foreign states could blackmail you or
| exert pressure in other ways, even if they aren't gonna
| extradite and throw you in jail following due process.
| Thus, Russia/China would have "coercible locals" in
| western countries.
| x86_64Ubuntu wrote:
| In the US a "coercible local" is given a far less scary
| descriptor of confidential informant, or state's
| evidence. There are far more of those than there are
| "coerced locals" in the service of Russia or China.
| xwolfi wrote:
| 1, but this is exactly the point. Use them for netflix not to
| coordinate heroin sales.
| Cthulhu_ wrote:
| I'm confident the big ones like Nord are just that. And even
| if they're not, they can just be taken over or backdoored -
| nobody will ever be the wiser.
| hansor wrote:
| Very plausible. A lot of "western" VPNs are run by Chinese
| companies.
|
| https://www.computerweekly.com/news/252466203/Top-VPNs-
| secre...
| Cederfjard wrote:
| The AFP says that this Mr Ayik should turn himself in for his
| own safety, but surely the one with an enormous target on their
| back is this person. It can't be too difficult for these
| criminal organizations to piece together who that is.
| cromka wrote:
| So Vice says that an external source came to offer the app,
| while the Australian Police "said the plan to use an encrypted
| app was hatched overseas over a few beers with FBI agents in
| 2018, before police figured out how to decrypt all messages."
|
| I wonder how this all ties together. As someone mentioned here,
| there surely be some movie about it.
| marlor wrote:
| It's likely the FBI mentioned they had an app they could
| leverage, Australia noted that there was a gap in the local
| market after Phantom had been taken down, and the two
| agencies decided to seed the app into the Australian criminal
| underworld to see how far it would spread.
| cromka wrote:
| Yep, sounds plausible.
| nneonneo wrote:
| There are more details in a recently unsealed search warrant
| against a GMail user:
| https://storage.courtlistener.com/recap/gov.uscourts.casd.70...
|
| An informant (confidential human source, or "CHS") helped the FBI
| and AFP (Australian Federal Police) develop and distribute Anom
| to criminal gangs (transnational criminal organizations, or
| "TCOs"):
|
| > The CHS offered this next generation device, named "Anom," to
| the FBI to use in ongoing and new investigations. The CHS also
| agreed to offer to distribute Anom devices to some of the CHS's
| existing network of distributors of encrypted communications
| devices, all of whom have direct links to TCOs.
|
| Anom was specifically designed from the ground up with an
| encryption backdoor:
|
| > Before the device could be put to use, however, the FBI, AFP,
| and the CHS built a master key into the existing encryption
| system which surreptitiously attaches to each message and enables
| law enforcement to decrypt and store the message as it is
| transmitted. A user of Anom is unaware of this capability. By
| design, as part of the Trojan Shield investigation, for devices
| located outside of the United States, an encrypted "BCC" of the
| message is routed to an "iBot" server located outside of the
| United States, where it is decrypted from the CHS's encryption
| code and then immediately re-encrypted with FBI encryption code.
| The newly encrypted message then passes to a second FBI-owned
| iBot server, where it is decrypted and its content available for
| viewing in the first instance.
|
| Naturally, the FBI can't spy on domestic communications without a
| warrant, so they got the AFP to do it for them:
|
| > FBI geo-fenced the U.S., meaning that any outgoing messages
| from a device with a U.S. MCC would not have any communications
| on the FBI iBot server. But if any devices landed in the United
| States, the AFP agreed to monitor these devices for any threats
| to life based on their normal policies and procedures.
|
| Closing Sky Global and Encrochat drove criminals to Anom:
|
| > Since March 12, 2021, as a direct result of the Sky Global
| charges, there are now close to 9000 active Anom users. The
| criminals who use hardened encrypted devices are constantly
| searching for the next secure device, and the distributors of
| these devices have enabled criminals' impenetrable communications
| on these devices for years.
|
| Finally, the FBI quite directly admits their goal is to shake
| confidence in encrypted messaging:
|
| > A goal of the Trojan Shield investigation is to shake the
| confidence in this entire industry because the FBI is willing and
| able to enter this space and monitor messages.
|
| There's also a number of sample conversations in the warrant
| application showing criminals openly talking about moving drugs
| and other illegal activities with absolutely no code. Definitely
| worth a read.
| _trampeltier wrote:
| Wonder what other chat apps like Encrochat and this one does
| exist. Might be fun to take a closer look.
| yread wrote:
| Thanks for sharing really cool stuff. Criminals discussing
| logistics of shipping 1.5t of cocoine in banana boxes or tuna
| cans
| spicyramen wrote:
| Can't find the article but Mexican drug cartels hired Cisco
| certified experts to setup their encrypted communications. Not
| just your average CCNA guy from test king, but industry experts
| working for Service Providers and Government.
| te_chris wrote:
| Reminds me of the character from Narcos who was working to
| secure the Cali cartel's communications. No doubt lots of work
| for people who know how to harden networks for criminal orgs.
| xtracto wrote:
| If by "hired" you mean kidnapped and made them decide between
| killing their families and them or paying them to secure their
| networks then you are correct.
|
| Drug cartels over here are terrible.
| hsbauauvhabzb wrote:
| How would this be any different to creating a global back door in
| signal, wikr or slack?
| fvold wrote:
| The main difference is that by building their own honey pot,
| they did not have to rely on an external actor to maintain any
| secrecy.
|
| If they dug their claws into wikr, they'd have to worry about
| leaks from every single person involved with wikr on top of all
| potential leaks from law enforcement personnel.
|
| Also, I suspect it's easier to get the warrants needed to
| create a sting from the ground up than it is for several
| different law enforcement agencies around the world to each get
| separate warrants to access wikr/slack/discord/whatever's data.
|
| Once the data legally exists in a law enforcement database, it
| is relatively simple bureaucracy to share it with allied
| organizations.
| hsbauauvhabzb wrote:
| What I mean is they're effectively breaching the privacy of
| any perfectly legit users. They've done this in the past with
| stuff like mobile tower spoofing. Why is this ok, and mobile
| spoofing not, ethically?
___________________________________________________________________
(page generated 2021-06-08 23:03 UTC)