June 11, 2021
The good guys announced that they’d struck two heavy blows against the bad guys this week. In the first, 9000 crooks from more than a hundred countries were revealed to have spent two and a half years conducting criminal transactions on a police communications network.They exchanged some 27 million messages confident that they enjoyed total impunity in the secrecy of an encrypted app, planning murders and drug shipments worldwide.
Police agencies, led by the FBI and the Australian Federal Police, were reading and recording every message sent on the An0m app.Revelations from the operation included abuse of French diplomatic pouches for cocaine running and involvement of corrupt US police officers in crime networks.
Twenty one planned murders were foiled in Australia alone as a result of the communications, according to the AFP, and another 10 in Sweden, according to the Swedes. Altogether, 100 killings were averted around the world, the FBI’s Canberra representative, Anthony Russo, told my colleague Fergus Hunter. The crooks didn’t know how or why their plans were coming undone.
In one case the AFP followed the chatter between members of a gang driving a man to a warehouse to be murdered. They organised police to make a spurious traffic stop to disrupt the killing, an Australian official tells me. In another, the AFP could see photos of a man about to be killed in a house and sent a police patrol on an ostensible noise complaint.
“We were able to actually see photographs of hundreds of tons of cocaine that were concealed in shipments of fruit,” a senior FBI official in The Hague, Calvin Shivers, told reporters. “The results are staggering.”This week the authorities wrapped up the operation and swooped. More than 800 people were arrested, including more than 250 in Australia and 35 in New Zealand. Europol described it as the “biggest ever law enforcement operation against encrypted communication”.“Essentially, they have handcuffed each other by endorsing and trusting An0m and openly communicating on it — not knowing we were watching the entire time,” said AFP Commissioner Reece Kershaw.The app had been installed on dedicated handsets, concealed within a calculator program that could only be opened with a secret code, and sold by unwitting crooks to each other as a trusted communications tool. The handsets were not capable of normal phone or wifi or messaging, supposedly to make them more secure. They were developed for the FBI by one of its informers, in exchange for money and the possibility of a reduced sentence.The app was tricked up by the AFP’s tech experts in a co-operative effort inspired by an informal chat with some FBI officers over beers. In all they needed three critical elements to make it work: access to the communications; the ability to read the messages “in clear” – that is, unencrypted text; and a way of transmitting the information to the authorities. The handset supplied the access point; sophisticated codes allowed the ability to read messages in clear text; and more sophisticated tech tricks allowed the information to be transmitted from the handest without the user being able to detect it.The Australians used the legal powers created by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, shorthanded as TOLA, to get computer access warrants to allow them to read the crooks’ communications. The Australians and Americans worked together to pool their different legal powers and tech abilities to make it work as a seamless international surveillance operation.
Once An0m was proven to work, police agencies in a total of 17 countries actively joined the US-Australian effort and the net brought in Mafia groups, Mexican cartels, Triad gangs and illegal bikie gangs. The operation was named Ironside in Australia, Trojan Shield in the US and Greenlight in Europe.
It’s the digital equivalent of an old-school ruse. It reminded Peter Dutton of an American police trick to bring in elusive criminals – the police would phone the suspect to tell them they’d won a prize in a lucky draw. “The crooks were too stupid to realise it was a con and when they turned up to collect their free toaster they’d arrest them,” the former home affairs minister told colleagues.
The app-equipped handset is the 21st century equivalent of the 20th century toaster, a lure to bring the mouse within the grasp of the cat.In the second blow we saw this week, the FBI went after a $US4.4 million ($5.6 million) ransom payoff made by a US oil and gas company to a Russian cybercrime gang, and managed to grab most of it back. Even though it was paid in the digital currency, Bitcoin.
This demolishes the long-lingering myth that digital currencies are anonymous, untraceable and somehow beyond the reach of the law.
In this case, the Russian-based DarkSide group inserted malicious “ransomware” code into the systems of the Colonial Pipeline company, which supplied 45 per cent of US east coast petrol, diesel and jet fuel. That crippled the company and the pipeline shut down, causing immense disruption to the fuel supply. Colonial paid $US4.4 million ransom in Bitcoin to get its operations up and running.The FBI followed the digital trail of the ransom payment to a digital “wallet” or account specified by DarkSide and was able to recover $US2.3 million. The traceability of the Bitcoin transaction did not surprise experts, but the fact that the FBI somehow had possession of a private digital access key did.Again, there is an old-school equivalent. When a ransom was paid in cash in the pre-digital era, the police would try to stake out the drop-off point and lie in wait for the crooks who came to collect the money.
In both cases revealed this week, it’s the eternal cops and robbers routine, the same old game of cat and mouse, but written in computer code.
There are three bills before the Australian Parliament right now likely to be affected by the newly energised debate over police powers. The committee responsible for scrutinising such bills is the Parliamentary Joint Committee on Intelligence and Security, or PJCIS, one of the most effective and successfully bipartisan parts of the Australian legislature.
The committee on Friday continued its hearings into another bill before the Parliament, updating the Security of Critical Infrastructure Bill, to require utilities and essential services companies to demonstrate robust defences against cyber attacks, whether criminal ransomware like the DarkSide’s or Chinese or Russian government coercive attacks. And, in extremis, where the utility isn’t able to cope, to allow the Australian Signals Directorate to take control of their systems to restore services.Either way, the onus on scrutineers of state power is now heavier and the political argument in favour of enforcement is stronger.
An earlier version of this story said that Senator Paterson’s committee had sent the Surveillance Legislation Amendment (Identify and Disrupt) Bill to the government with 23 recommended amendments and was awaiting the government’s response. Infact, the committee hopes to finish its work on the bill this year.
