Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Cellphones Android Communications Privacy

'We Got the Phone the FBI Secretly Sold to Criminals' (vice.com) 70

Motherboard bought an FBI "Anom" phone that the agency secretly sells to criminals to monitor their communications. Joseph Cox reports: The sleek, black phone seems perfectly normal. Unlocking the Google Pixel 4a with a PIN code reveals some common apps: Tinder, Instagram, Facebook, Netflix, and even Candy Crush. But none of those apps work, and tapping their icons doesn't do anything. Resetting the phone and typing in another PIN opens up an entirely different section of the device, with a new background and new apps. Now in place of the old apps sit a clock, a calculator, and the device's settings. Clicking the calculator doesn't open a calculator -- it opens a login screen.

"Enter Anom ID" and a password, the screen reads. Hidden in the calculator is a concealed messaging app called Anom, which last month we learned was an FBI honeypot. On Anom, criminals believed they could communicate securely, with the app encrypting their messages. They were wrong: an international group of law enforcement agencies including the FBI were monitoring their messages and announced hundreds of arrests last month. International authorities have held press conferences to tout the operation's success, but have provided few details on how the phones actually functioned.

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app. When booting up the phone, it displays a logo for an operating system called "ArcaneOS." Very little information is publicly available on ArcaneOS. It's this detail that has helped lead several people who have ended up with Anom phones to realize something was unusual about their device. Most posts online discussing the operating system appear to be written by people who have recently inadvertently bought an Anom device, and found it doesn't work like an ordinary phone. After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries.

This discussion has been archived. No new comments can be posted.

'We Got the Phone the FBI Secretly Sold to Criminals'

Comments Filter:
  • 'nuff said.

    • Yeah, I don't understand why they didn't wipe, install AOSP, and run ALL of their data through a VPN, and run encrypted messaging. Ultimately, this idea is based on the Android Open Source Project. I suppose there are opportunities in providing tech support to criminals.... It sounds like there is a market for actually secure, not governmental compromised, phones.
      • Re:F/OSS (Score:5, Informative)

        by Opportunist ( 166417 ) on Thursday July 08, 2021 @06:00PM (#61563881)

        Criminals are by no means any more tech savvy than the average Joe out there. Moreover, it sounds like the FBI managed to trick them into believing that they actually got that phone from a "supportive" source.

        • In fact, most criminals are idiots. Crime is easier than going to school and getting a job for most of them. Very few are actually organized, regardless of what Hollywood tells you.
          • Yeah, chronic criminal behavior tends to be correlated strongly with antisocial personality disorders that also tend to generate kids that do rather poorly in school due to conduct problems.

            Its not so much that they are stupid, rather they are illeducated and have developed attitudes and behaviors that select against high degrees of competency.

            Thats not to say they can't be "inteligent" at their field. For all those dumbasses that get caught and end up living out their days in prison, you also get the crimi

            • Re: (Score:2, Troll)

              by war4peace ( 1628283 )

              Yeah, chronic criminal behavior tends to be correlated strongly with antisocial personality disorders that also tend to generate kids that do rather poorly in school due to conduct problems.

              Explains why a lot of big, successful company CEOs are school dropouts. It's just that they managed to get into a niche area that legalizes (to some extent) their chronic criminal behavior.

          • Indeed. Clever non-idiots with the moral orientation of a criminal tend to wind up in state-sponsored programs, including and especially "career politician."

        • Criminals are by no means any more tech savvy than the average Joe out there.

          Which would be why the FBI's trying so hard to push the idea that they need to sell you a compromised phone in order to spy on you, which the tech savvy lnow is horseshit.

      • Re:F/OSS (Score:5, Informative)

        by MachineShedFred ( 621896 ) on Thursday July 08, 2021 @06:25PM (#61563955) Journal

        Because you are expecting criminals to know as much about technology and data communications as you do. This is a very bad assumption.

        This most likely went down like this:

        1. undercover FBI guy says "hey, I heard about these phones that can securely message each other without the police able to read it. And, it has this awesome thing where if you put in a fake unlock code, it shows a fake home screen and fake apps, so even if you get hooked up and forced to unlock your phone, you aren't really unlocking your phone!"

        2. criminals say "yeah let's check it out and be sure"

        3. They get a phone or two, and sure enough, looks like it does what the undercover FBI guy said. The crims then proceed to socialize this new "solution" among their other criminal friends, and suppliers of drugs, etc.

        4. The drug suppliers then socialize it among people at their level, as well as other "purchasers" of their products.

        5. The FBI happily sells pre-wiretapped phones to criminals, building out and documenting the criminal network the whole way, and collecting evidence the whole time.

        6. When the time is right, they take down the whole network and everyone involved. Successful operation is successful.

        • MachineShedFred makes the most logical assumption of the events. Clandestine operations are still the most effective means of infiltrating an organization. The implanted technology has just evolved.
        • by rtb61 ( 674572 )

          In this case not the police, it was more likely this place https://www.asio.gov.au/ [asio.gov.au] and this place https://www.asd.gov.au/ [asd.gov.au] and your visits will have been recorded and passed onto other anal retentive organisations.

          So launched in Australia, means it was created in Australia and passed out from there through their NSA partners. From there it went down to Law Upholding Agencies (technically by Law, only the courts enforce the law, police do not, they uphold the law).

          It was very likely planted in more than one

      • Well if your grandma can't do it, 99% of criminals can't either.
        • This is something that every AOSP idiot does not understand, or want to understand. Just because *YOU* find it interesting or fun or something you want to do, does not mean anyone else wants to do it, or is capable of doing it.
    • Which means dick if you’re not a comp.sci major.

      • It means that if there's not a single reddit page full of flashing complains and "hulp, bricked my phone" cries, it hasn't seen enough neiyral eyes. You don't need a comp major to figure out that much.

  • by AlanObject ( 3603453 ) on Thursday July 08, 2021 @05:44PM (#61563835)

    Why would they go to such lengths to decorate their Trojan Horse phone with all sorts of clues that it isn't safe?

    • Why would they go to such lengths to decorate their Trojan Horse phone with all sorts of clues that it isn't safe?

      Yeah that is strange. Especially since it appears that it's fairly obvious that it doesn't work like a normal phone.

    • "That's normal, it just LOOKS like an ordinary phone, but it's a superspecialawesome system that the feds can't monitor or hack, of course it's not like the Android crap where they already have all sorts of backdoors".

    • Re:I don't get it (Score:5, Insightful)

      by Brain-Fu ( 1274756 ) on Thursday July 08, 2021 @06:07PM (#61563911) Homepage Journal

      I think that they were marketing this phone as a special phone designed to have encrypted communications that authorities could not monitor. So the customers expected it to be a tricky phone that seems legit at a glance, but has a secret access mode they can use to engage special encrypted communications.

      It just so happens that the encrypted communications were wide-open to the FBI, because the company that sold these phones was entirely owned and run by the FBI, for the purpose of misleading customers into thinking they were beating the system.

      If you actually want a privacy-focused phone, then go with a librem 5 [puri.sm] or Pine Phone [pine64.org]. These are totally legal phones that run Linux (no Android or IOS to spy on you), give you privacy controls, the means to verify the source code, and the means to run your own Linux apps for secure encrypted communication. I have mentioned these before in prior posts....I promise I don't work for either company. I just think these phones are cool and would like to see them do well on the market.

      The Librem 5, in particular, has an option to buy a phone where all the chips are manufactured in USA, not China, so you don't have to fear the Chinese government putting spy chips in the hardware. They also provide images of what the phones should look like under x-ray, so you can, if you really want to, have your phone x-rayed and check out the chips yourself. That version of the phone is a bit pricey though. American labor isn't cheap.

      • How does the average person perform a checksum of every binary on their Pine Phone?

        • The average person doesn't audit their Android install either. Average people do not install OS nor are they remotely the market for the PinePhone.

          OTOH you could ask in their forum etcfor the best way to do that.

          https://www.pine64.org/pinepho... [pine64.org]

          • If you want to be criminal, you need to look very ordinary, and these phones are a dead giveaway. And there is no real way to know they are not compromised.

            Use standard apps like signal. "The groom is late for the wedding" means the shipment is late etc.

          • Any real criminal using this or similar is just begging to be caught, it is a dead giveaway, on top of that you have to be super vigilant for every vulnerability as since it is open source the authorities will also have instant access not to just the source code but every published security weakness. You want common phones, securely sources locked down hard with secure apps.
            • Ah well, I wasn't actually advocating these phones for criminal use. I can understand the confusion, given the context of the conversation. But I intended a subject switch to the more general topic of "privacy-focused" phones, and sending encrypted messages for legitimate reasons.

              Incidentally, the notion that an open source encryption algorithm is weaker than a closed-source encryption algorithm is a common myth. It's called security through obscurity [wikipedia.org], and it has been known to be weak for centuries. It

        • How does an average person know that a vaccine works?

          • How does an average person know that a vaccine works?

            I got the 5G vaccine and the FBI haven't knocked down my door even once!

      • by dryeo ( 100693 )

        The Librem 5, in particular, has an option to buy a phone where all the chips are manufactured in USA, not China, so you don't have to fear the Chinese government putting spy chips in the hardware.

        I guess that would be a selling point for Chinese criminals, but even then there is a chance of the Americans black mailing the criminals with whatever the Americans harvest with their back doored chips.

      • The Librem 5, in particular, has an option to buy a phone where all the chips are manufactured in USA

        Yeah, I'm totally reassured now...

      • I've been wanting to try the pine phone. The Librem is way out of my price range.

        How is it?

    • Re:I don't get it (Score:5, Informative)

      by Powercntrl ( 458442 ) on Thursday July 08, 2021 @06:15PM (#61563923) Homepage

      According to the articles about it, the weird behavior is typical of phones that are ostensibly "secured" for criminals to use for clandestine communications. What's even more outrageous, is that some of the people who worked for the company which put out these phones had no idea the company itself was an FBI front operation. The FBI actually arrested quite a few of the employees who weren't privy to the need-to-know info, for things like remotely wiping the phones at the request of customers, and selling the phones to known criminals (even though that was the whole point of the sting operation).

      Kinda reminds me of that movie American Made [wikipedia.org], where the CIA gets this pilot to run drugs and guns, then totally fucks him over. It's also a true story.

      • Whatever happened to entrapment being a bad and illegal thing?
        • Re:I don't get it (Score:5, Informative)

          by mamba-mamba ( 445365 ) on Thursday July 08, 2021 @06:36PM (#61563989)

          This is not entrapment. Communicating is not illegal. You cannot claim that by providing an allegedly secure communication mechanism, these law-abiding citizens were cajoled or enticed into running criminal enterprises with drugs and prostitution and whatever else they were doing.

          Entrapment would be if a cop seemingly befriended you, at a bar or whatever, then convinced you to commit insurance fraud so you could split the money, then arrested you for insurance fraud.

          Maybe people who bought the phones could sue for false advertising and get their money back, though.

          • Entrapment would be if a cop seemingly befriended you, at a bar or whatever, then convinced you to commit insurance fraud so you could split the money, then arrested you for insurance fraud.

            Even that might not be entrapment. It's only entrapment if the authorities get you to do something that you would otherwise not do.

            • So then it was entrapment, being that an effort was made to approach subjects, and place a suggestion in their ear, of something they otherwise would not have done unless convinced by a third party.
              If that us the standard it is entrapment.

            • by tragedy ( 27079 )

              Even that might not be entrapment. It's only entrapment if the authorities get you to do something that you would otherwise not do.

              Even then, the courts generally seem to accept the circular argument that if the authorities got you to do it, it's proof that you are inclined to do it anyway.

              Frankly, I'm not sure the courts would accept entrapment as a defense if undercover officers kidnapped someone's child and demanded they rob a bank.

              • by dougmc ( 70836 )

                Frankly, I'm not sure the courts would accept entrapment as a defense if undercover officers kidnapped someone's child and demanded they rob a bank.

                Well, that wouldn't be called entrapment ... that would be "duress", as described by the "Illustrated Guide to Law" [lawcomic.net].

                (The guide has a good description of entrapment [lawcomic.net] as well, many pages worth.)

                As always, the devil is in the details, and if the details of the case fit the local definition of entrapment or duress, that would usually result in charges being dropped, acquittal, etc. ... but there definitely are requirements.

  • ... doesn't beat my Nokia [i.redd.it].

  • by couchslug ( 175151 ) on Thursday July 08, 2021 @05:56PM (#61563867)

    I'd notify the FBI (it's no longer their property having been sold) that I'd bought the thing (supplying pics of proof) then auction it off.

    Doubtless some security professionals would like to own and tinker with one and would pay to play. It would also be an interesting artifact for a computer museum.

  • by gnasher719 ( 869701 ) on Thursday July 08, 2021 @06:35PM (#61563985)
    From what I've heard, the security of that phone was actually fine - with the exception that every message sent or received was sent to the FBI. But nobody else could break in. At least not easily.
    • by apraetor ( 248989 ) on Thursday July 08, 2021 @07:14PM (#61564101)
      Yea, the encryption wasn't broken, the device simply encrypted two copies of every message, one for the recipient and one for the FBI. That does make me wonder though, do 4th Amendment protections not apply here, at least to subjects within the US or with US citizenship? Anom was clearly acting as a government agent; the software was custom-tailored under pressure from the FBI.
      • No, you have no right to actually receive the product you paid for without fraud, because the government is allowed to break any laws they feel like.

      • No they do not. The FBI knows all too well that even the biggest cunts they deal with can have the most damning evidence thrown out if it was acquired illegally. This is no different from a cop dressing as a drug dealer and waiting for someone to approach him looking for a fix, or leaving a bike unattended and arresting anyone that steals it.

        • by tragedy ( 27079 )

          This is no different from a cop dressing as a drug dealer and waiting for someone to approach him looking for a fix, or leaving a bike unattended and arresting anyone that steals it.

          Except for the obvious difference that there's nothing actually inherently illegal about a secure phone. Also, for the bike analogy, they were selling in exchange for money, not waiting for people to steal it.

    • by Bert64 ( 520050 )

      Well that's typical of any client->server encryption. The endpoints will always be able to decrypt the traffic, where the company providing the service is such an endpoint.
      The service and device was exactly what it claimed to be, the users just made the mistake of choosing a technology reliant upon a third party vendor.

      It's not the fault of the FBI that the users of the system didn't understand enough about the technology to realise how the system worked, what the risks are, and what methods they could u

    • by ebvwfbw ( 864834 )

      Nothing like ratting on yourself.
      Wonder if anyone got whacked by others thinking they were a rat.

  • This is great and all, but there's one nagging little problem: Western governments are supposed to get warrants, before tapping your communications. This little formality seems to have been skipped, but it's rather important. Skipping formalities gets you Guantanamo, CIA torture programs, and other goodies.
  • Wouldn't you think something was wrong with your phone if those really popular apps didn't work? Why would you continue using it?
    • by tlhIngan ( 30335 )

      Wouldn't you think something was wrong with your phone if those really popular apps didn't work? Why would you continue using it?

      Not if it was advertised that way. The phone is advertised as a phone with a "special secret messaging app". If you boot it up the "dumb" way, it looks like a normal phone and acts like a normal phone. Who knows why the apps don't work - even in regular mode it doesn't always work.

      But criminals didn't buy the phone because of the fake "normal phone mode" stuff. They bought it for

      • by tragedy ( 27079 )

        Of course, functionality like that is not just useful for criminals. It's also useful for plenty of people. That includes, for example, people cheating on their partners, who don't garner a lot of sympathy, but are generally not criminals for it(aside from the few states that have never enforced laws on the books making adultery a felony). It may also include children who don't want their parents reading their communications. That may include adults living at home (or even away from home) whose parents have

  • "And then I labeled the send button..."
    laughingFBIman.jpg
    ""SEND SECURE MESSAGE""

Order and simplification are the first steps toward mastery of a subject -- the actual enemy is the unknown. -- Thomas Mann

Working...