July 23, 2021

Volume XI, Number 204

Advertisement

July 23, 2021

Subscribe to Latest Legal News and Analysis

July 22, 2021

Subscribe to Latest Legal News and Analysis

July 21, 2021

Subscribe to Latest Legal News and Analysis

FBI Privacy App Lures Criminals

If you want to keep tabs on criminals, build them a clubhouse. Provide them a comfortable place to relax and discuss their business, and you can learn about their contacts and activities.

The strategy is not new.

Well over a century ago, the Russian Okhrana – the Czar’s secret police – organized labor unions so they could trick workers and government enemies into their web. Decades later, under Soviet rule, security chief Iron Felix Dzerzhinsky’s Cheka secretly sponsored anti-communist Russian expatriate committees, then arrested (and shot) their leaders.

The United States and other Western Governments have offered technology protection to the people it wants to monitor, assuming that a desire to pay for secrecy means that the people are hiding things we want to know. For example, from 1970 until 2018, the CIA was the founder and at least part owner of a Swiss company called Crypto AG which manufactured encryption machines and other cypher devices. Crypto AG sold its products to companies and governments in 120 countries around the world, never revealing that it had incorporated back doors into the products that allowed US, British, and German intelligence to read messages encrypted with the machines.

According to a CIA report on Crypto AG, “It was the intelligence coup of the century. Foreign governments were paying good money to the U.S. and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries.” According to the Washington Post, “From 1970 on, the CIA and its code-breaking sibling, the National Security Agency, controlled nearly every aspect of Crypto’s operations — presiding with their German partners over hiring decisions, designing its technology, sabotaging its algorithms and directing its sales targets. Then, the U.S. and West German spies sat back and listened. They monitored Iran’s mullahs during the 1979 hostage crisis, fed intelligence about Argentina’s military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.

Recent news describes a similar intelligence operation aimed at criminals rather than espionage. Police in 17 countries, led by the FBI and Australian law enforcement, created a secure communications platform that also fed encrypted messages directly to law enforcement. Criminals adopted the security tech to keep their phone/text conversations private. Announcing this intelligence coup last week, law enforcement arrested more than 800 people due to this communications security app. They claim that many more arrests are likely to follow.

The Washington Post reports, “For nearly three years, law enforcement officials have been virtually sitting in the back pocket of some of the world’s top alleged crime figures. Custom cellphones, bought on the black market and installed with the FBI-controlled platform, called Anom, circulated and grew in popularity among criminals as high-profile crime entities vouched for its integrity. The FBI in the past has dismantled encrypted platforms used by criminals to communicate and infiltrated others. This time, it decided to market an encrypted app of its own to target organized crime, drug trafficking, and money laundering activities across the globe.”

Recent raids based on the information from Anom messages have lead law enforcement to impound tons of drugs, 250 firearms, and nearly $50 million in cash and cryptocurrencies. The entire operation based on the criminals’ use of Anom lasted 18 months and involved messages in over 45 languages.

Law enforcement started by shutting down rival networks such as EncroChat and Sky Global, leaving Anom as the remaining choice for criminals seeking a hardened communications platform. One goal of this operation was to destroy the confidence of criminals in hardened encrypted devices as safe methods to communicate, helping drive them into more vulnerable forms of communications.

It has always seemed like the technologies used by cybercriminals to market their stolen information and to accept payment for illicit deeds may be quietly penetrated by law enforcement. Using the Tor technology and moving around the dark web has seemed to be the quickest way to catch the attention of the FBI. The most hidden and nefarious corners of the internet are likely to be crawling with law enforcement seeking nefarious people trying to hide their activities.

Similarly, doing business in cryptocurrency also leaves a trail – a trail that law enforcement has learned how to follow. The supposed advantage to transactions on the blockchain is that they are widely available and retain a permanent record to prove your ownership of the bitcoin or other coin. Granted, transfers can happen quickly across borders and be moved on again, but the recent recovery of the Continental pipeline ransomware payment demonstrates that police can track these payments down when properly motivated. It leads one to wonder how much of cryptocurrency payment systems and the corporate infrastructure that supports them is really in the hands of authorities, or at least easily accessible to them. 

The smartest, boldest strategy for catching people in secret activities may be to help finance those activities, providing a clear view into the thoughts and actions of your adversaries. Security technologies seem to make this strategy easier, at least as far as people find it difficult to pull apart their encrypting systems and truly understand how they work. Rely on advanced security technology at your own risk. It may be the latest offering developed by the FBI.

Copyright © 2021 Womble Bond Dickinson (US) LLP All Rights Reserved.National Law Review, Volume XI, Number 166
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Theodore Claypoole, Intellectual Property Attorney, Womble Carlyle, private sector lawyer, data breach legal counsel, software development law
Senior Partner

As a Partner of the Firm’s Intellectual Property Practice Group, Ted leads the firm’s IP Transaction Team, as well as data breach incident response teams in the public and private sectors. Ted addressed information security risk management, and cross-border data transfer issue, including those involving the European Union and the Data Protection Safe Harbor. He also negotiates and prepares business process outsourcing, distribution, branding, software development, hosted application and electronic commerce agreements for all types of companies.

...

704-331-4910
Advertisement
Advertisement