The San Diego Federal Bureau of Investigation Tuesday announced a “massive worldwide takedown” involving encrypted communication devices used by criminal organizations across the globe to smuggle drugs and launder money.
Dubbed, “Operation Trojan Shield,” Acting U.S. Attorney Randy Grossman for the Southern District of California unveiled details of the investigation at a news conference held at the U.S. Attorney’s Office in downtown San Diego.
The investigation began way back in 2016.
“Operation Trojan Shield shined a light into the shadowy industry of hardened encrypted devices,” Grossman began.
Hardened encrypted devices can be used to secretly transfer messages between parties and is a known form of communication among criminal organizations, according to the FBI.
In 2016, Grossman said the San Diego FBI began investigating a Canadian company called Phantom Secure, which sold its hardened encrypted devices solely to criminal organizations. In this case, over 10,000 criminal users had their devices shut down when the company’s executives were indicted by a grand jury in San Diego.
With Phantom Secure out of the encrypted communications game, Grossman said criminal organizations moved onto other platforms: Sky Global and EncroChat.
Grossman said Europol – the European Union’s law enforcement agency headquartered in the Netherlands – worked to bring down EncroChat and did so in July 2020. The FBI would go on to indict the CEO of Sky Global.
At the same time, the FBI put together its own covert encrypted communications platform to appeal to criminal organizations using this method of communication. It was called ANOM, and thus, Operation Trojan Shield began.
Grossman said with EncroChat and Sky Global out of the game, the FBI saw an increase in the demand for ANOM.
“The demand for ANOM among criminal groups exploded as they sought to find the next brand of device safe from law enforcement intrusion,” he explained.
Grossman said every single user of ANOM used the platform – without knowing it was being operated by the FBI – for criminal activity.
“The criminals using these devices believed they were secretly planning crimes far beneath the radar of law enforcement,” Grossman said. "But in reality, the criminals were not underneath the radar – they were on it. The FBI was monitoring those conversations. The very devices the criminals were using to hide their crimes was actually a beacon for law enforcement.”
Within 18 months of ANOM’s existence, the FBI captured more than 27 million messages between users around the world, Grossman said.
ANOM was taken down by the FBI on June 7, 2021.
What Was Happening On the FBI-Run ANOM?
Over the course of ANOM’s run, Grossman said criminals sold more than 12,000 ANOM-encrypted devices and services to more than 300 criminal syndicates operating in 100+ countries.
“The worldwide implications of this are staggering,” he noted at the news briefing Tuesday in San Diego.
Grossman said criminal groups were using ANOM to “secretly plan and execute their crimes” and had so much confidence in the platform, they “openly marketed them to other potential users as ‘designed by criminals, for criminals.’”
Only, unbeknownst to them, the devices were being operated and monitored by the FBI in a coordinated, global investigation that Grossman said was “like none other in history.”
“Operation Trojan Shield has shattered any confidence criminals may have through the use of hardened encrypted devices,” he added.
In unsealed documents, Grossman said there are many examples of how ANOM was used.
In October 2020, ANOM users exchanged information on the platform about hiding a shipment of cocaine inside cans of tuna that would be shipped to Belgium by an Ecuadorian tuna company. The information was passed onto U.S. authorities in Brussels, Belgium, who worked with Belgian law enforcement to search a container that soon arrived in Brussels with the suspected drugs.
Inside the container, Grossman said authorities found 613 kilograms of cocaine – or about 1,351 U.S. pounds. The information about the tuna company in Ecuador was shared with law enforcement there and upon an investigation of the company, Grossman said officials there found another 1,523 kilograms (about 3,357 pounds) of cocaine that had been destined for Belgium.
In February 2021, Grossman said two ANOM users – one in Armenia and another in Australia – used ANOM to talk about plans to ship 6 kilograms (just over 13 pounds) of cocaine from Carlsbad in San Diego's North County to Australia using a legitimate business address to try to hide the deal.
Grossman said ANOM was used to exchange an invoice from a Lowes' store in Carlsbad and to send a photo showing the bricks of cocaine.
In April 2021, Grossman said a transnational criminal organization used ANOM devices to plan a shipment of 1,401 kilograms (about 3,088 pounds) of cocaine from Ecuador to Spain. The drugs were to be imported using shipping containers, hidden within refrigerated fish.
In May 2021, Grossman said a transnational criminal organization used ANOM devices to plan a shipment of cocaine from Costa Rica to Spain. The cocaine was going to be imported via a shipping container, hidden within a shipment of hollowed-out pineapples.
Like in each case, the FBI reviewed the messages between the users in Costa Rica and Spain and, on May 12, 2021, Grossman said the suspected container arrived in Spain.
Law enforcement in Spain searched the container and, inside, they found 1,595 kilograms of cocaine (about 3,516 pounds).
FBI's Big Bust: 'The Last 24 to 48 Hours'
With the shutdown of ANOM on June 7, Grossman said the last 24 to 48 hours of the investigation had netted huge results for the FBI. This included more than 500 arrests around the world, with authorities searching more than 700 locations tied to Operation Trojan Shield.
More than 900,000 law enforcement officers had been deployed worldwide, Grossman said, and they had seized “multi-ton quantities of illicit drugs” in the takedown.
The grand totals, per the FBI:
- 800 arrests
- The seizure of 8 tons of cocaine
- The seizure of 22 tons of marijuana
- The seizure of 2 tons of methamphetamines and amphetamines
- The seizure of 6 tons of precursor chemicals
- The seizure of 250 firearms
- The seizure of 48 Million in various worldwide currencies
Grossman said an unsealing of a federal indictment Tuesday all about Operation Trojan Shield charges 17 foreign nationals in facilitating drug trafficking, money laundering and obstruction of justice.
Grossman said all 17 defendants live outside of the United States and, as of 9 a.m. Tuesday, eight had been arrested and nine were still fugitives.
The acting U.S. Attorney said the cooperation among agencies worldwide included law enforcement in:
- New Zealand
- United Kingdom
He said the partners and team at the U.S. Attorney’s Office and San Diego FBI had put in long hours and many years on the massive operation and the cooperation, in his words, was “historic and undeterred by the coronavirus pandemic.”
The U.S. Office of the United States Attorney Southern District of California said these are the 17 defendants charged Tuesday, each with conspiracy to conduct enterprise affairs through pattern of racketeering activity (RICO):
- From Australia: Joseph Hakan Ayik (fugitive); Domenico Catanzariti (arrested); Maximilian Rivkin (fugitive); Edwin Harmendra Kumar (arrested)
- From the Netherlands: Abdelhakim Aharchaou (arrested); Omar Malik (arrested); Miwand Zakhimi (arrested); Osemah Elhassen (fugitive); Aurangzeb Ayub (arrested)
- From Spain: Seyyed Hossein Hosseini (fugitive); Alexander Dmitrienko (arrested); Baris Tukel (fugitive); Erkan Yusef Dogan (fugitive); Shane Geoffrey May (fugitive); James Thomas Flood (arrested); Srdjan Todorovic aka Dr. Djek (fugitive); Shane Ngakuru (fugitive)
Each defendant, if convicted, faces a maximum punishment of 20 years in prison.
Below is the unsealed grand jury indictment from the U.S. District Court of Southern California:
FBI: A Warning to Global Criminals
Suzanne Turner, FBI Special Agent in Charge, said Tuesday marked the end of more than five years of “innovative, complex investigative work” to dismantle cryptic communications services that help criminals work across the globe.
Turner said the mission refers to “a Trojan horse, of sorts,” which is exactly what ANOM was.
She further explained how encrypted communication devices work.
"Closed encryption devices may look like an ordinary cellphone but in fact, they are stripped of any outside application," Turner said. "There’s no GPS, no email, no connect to Facebook. The only practical use is for secure messaging. It’s a closed loop environment, meaning you can only message those who have the same brand device."
Turner said over the course of the operation, analysts and linguists across the FBI translated more than 45 languages within the more than 27 million encrypted messages exchanged via ANOM.
She said Operation Trojan Shield is a warning to criminal groups using encrypted communications across the world.
“Let this serve as a warning – to those criminals who believe they are operating under an encrypted cloak of secrecy – your criminal communications are not secure,” Turner said. “The FBI has brought together a network of dedicated international law enforcement partners who are steadfast in combatting the global threat of organized crime.”
Turner said the most surprising thing the FBI learned over the course of the large-scale investigation into encrypted communications is how “brazen and openly” groups were on the platforms when it came to the plotting of their crimes.
“It was exactly what car was coming to what location, what maybe vessel or ship, and they were very explicit in their detail because they believed it was secure communications,” she explained.
She said that based on the number of crimes being orchestrated through ANOM, the FBI decided to pull down the undercover platform on June 7 and “get the criminals off the streets.”
Read the unsealed warrants from Operation Trojan Shield below:
Law Enforcement Help From All Over the World
Tuesday’s news briefing in San Diego also included some words from law enforcement partners in other countries who worked on Operation Trojan Shield, including Commander Xenia Cotter from the Australian Federal Police.
Cotter called the operation a “true global effort,” and said it began three years ago, when Australian Federal Police developed a way to allow law enforcement to access, decrypt and read messages sent by suspected criminal groups via encrypted platforms.
Other global law enforcement leaders talked about the operation via pre-recorded videos, which can be seen here.