'We Got the Phone the FBI Secretly Sold to Criminals' (vice.com) 70
Motherboard bought an FBI "Anom" phone that the agency secretly sells to criminals to monitor their communications. Joseph Cox reports: The sleek, black phone seems perfectly normal. Unlocking the Google Pixel 4a with a PIN code reveals some common apps: Tinder, Instagram, Facebook, Netflix, and even Candy Crush. But none of those apps work, and tapping their icons doesn't do anything. Resetting the phone and typing in another PIN opens up an entirely different section of the device, with a new background and new apps. Now in place of the old apps sit a clock, a calculator, and the device's settings. Clicking the calculator doesn't open a calculator -- it opens a login screen.
"Enter Anom ID" and a password, the screen reads. Hidden in the calculator is a concealed messaging app called Anom, which last month we learned was an FBI honeypot. On Anom, criminals believed they could communicate securely, with the app encrypting their messages. They were wrong: an international group of law enforcement agencies including the FBI were monitoring their messages and announced hundreds of arrests last month. International authorities have held press conferences to tout the operation's success, but have provided few details on how the phones actually functioned.
Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app. When booting up the phone, it displays a logo for an operating system called "ArcaneOS." Very little information is publicly available on ArcaneOS. It's this detail that has helped lead several people who have ended up with Anom phones to realize something was unusual about their device. Most posts online discussing the operating system appear to be written by people who have recently inadvertently bought an Anom device, and found it doesn't work like an ordinary phone. After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries.
"Enter Anom ID" and a password, the screen reads. Hidden in the calculator is a concealed messaging app called Anom, which last month we learned was an FBI honeypot. On Anom, criminals believed they could communicate securely, with the app encrypting their messages. They were wrong: an international group of law enforcement agencies including the FBI were monitoring their messages and announced hundreds of arrests last month. International authorities have held press conferences to tout the operation's success, but have provided few details on how the phones actually functioned.
Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app. When booting up the phone, it displays a logo for an operating system called "ArcaneOS." Very little information is publicly available on ArcaneOS. It's this detail that has helped lead several people who have ended up with Anom phones to realize something was unusual about their device. Most posts online discussing the operating system appear to be written by people who have recently inadvertently bought an Anom device, and found it doesn't work like an ordinary phone. After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries.
F/OSS (Score:1)
'nuff said.
Re: (Score:3)
Re:F/OSS (Score:5, Informative)
Criminals are by no means any more tech savvy than the average Joe out there. Moreover, it sounds like the FBI managed to trick them into believing that they actually got that phone from a "supportive" source.
Re: (Score:3)
Re: (Score:3)
Yeah, chronic criminal behavior tends to be correlated strongly with antisocial personality disorders that also tend to generate kids that do rather poorly in school due to conduct problems.
Its not so much that they are stupid, rather they are illeducated and have developed attitudes and behaviors that select against high degrees of competency.
Thats not to say they can't be "inteligent" at their field. For all those dumbasses that get caught and end up living out their days in prison, you also get the crimi
Re: (Score:2, Troll)
Yeah, chronic criminal behavior tends to be correlated strongly with antisocial personality disorders that also tend to generate kids that do rather poorly in school due to conduct problems.
Explains why a lot of big, successful company CEOs are school dropouts. It's just that they managed to get into a niche area that legalizes (to some extent) their chronic criminal behavior.
Re: (Score:3)
Indeed. Clever non-idiots with the moral orientation of a criminal tend to wind up in state-sponsored programs, including and especially "career politician."
Re: (Score:2)
There is almost nothing scarier than an amoral genius.
Re: (Score:1)
Criminals are by no means any more tech savvy than the average Joe out there.
Which would be why the FBI's trying so hard to push the idea that they need to sell you a compromised phone in order to spy on you, which the tech savvy lnow is horseshit.
Re:F/OSS (Score:5, Informative)
Because you are expecting criminals to know as much about technology and data communications as you do. This is a very bad assumption.
This most likely went down like this:
1. undercover FBI guy says "hey, I heard about these phones that can securely message each other without the police able to read it. And, it has this awesome thing where if you put in a fake unlock code, it shows a fake home screen and fake apps, so even if you get hooked up and forced to unlock your phone, you aren't really unlocking your phone!"
2. criminals say "yeah let's check it out and be sure"
3. They get a phone or two, and sure enough, looks like it does what the undercover FBI guy said. The crims then proceed to socialize this new "solution" among their other criminal friends, and suppliers of drugs, etc.
4. The drug suppliers then socialize it among people at their level, as well as other "purchasers" of their products.
5. The FBI happily sells pre-wiretapped phones to criminals, building out and documenting the criminal network the whole way, and collecting evidence the whole time.
6. When the time is right, they take down the whole network and everyone involved. Successful operation is successful.
Re: F/OSS (Score:1)
Re: (Score:3)
In this case not the police, it was more likely this place https://www.asio.gov.au/ [asio.gov.au] and this place https://www.asd.gov.au/ [asd.gov.au] and your visits will have been recorded and passed onto other anal retentive organisations.
So launched in Australia, means it was created in Australia and passed out from there through their NSA partners. From there it went down to Law Upholding Agencies (technically by Law, only the courts enforce the law, police do not, they uphold the law).
It was very likely planted in more than one
Re: (Score:1)
Re: (Score:2)
Re: (Score:3)
Which means dick if you’re not a comp.sci major.
Re: F/OSS (Score:2)
It means that if there's not a single reddit page full of flashing complains and "hulp, bricked my phone" cries, it hasn't seen enough neiyral eyes. You don't need a comp major to figure out that much.
I don't get it (Score:3)
Why would they go to such lengths to decorate their Trojan Horse phone with all sorts of clues that it isn't safe?
Re: (Score:2)
Why would they go to such lengths to decorate their Trojan Horse phone with all sorts of clues that it isn't safe?
Yeah that is strange. Especially since it appears that it's fairly obvious that it doesn't work like a normal phone.
Re: (Score:2)
"That's normal, it just LOOKS like an ordinary phone, but it's a superspecialawesome system that the feds can't monitor or hack, of course it's not like the Android crap where they already have all sorts of backdoors".
Re:I don't get it (Score:5, Insightful)
I think that they were marketing this phone as a special phone designed to have encrypted communications that authorities could not monitor. So the customers expected it to be a tricky phone that seems legit at a glance, but has a secret access mode they can use to engage special encrypted communications.
It just so happens that the encrypted communications were wide-open to the FBI, because the company that sold these phones was entirely owned and run by the FBI, for the purpose of misleading customers into thinking they were beating the system.
If you actually want a privacy-focused phone, then go with a librem 5 [puri.sm] or Pine Phone [pine64.org]. These are totally legal phones that run Linux (no Android or IOS to spy on you), give you privacy controls, the means to verify the source code, and the means to run your own Linux apps for secure encrypted communication. I have mentioned these before in prior posts....I promise I don't work for either company. I just think these phones are cool and would like to see them do well on the market.
The Librem 5, in particular, has an option to buy a phone where all the chips are manufactured in USA, not China, so you don't have to fear the Chinese government putting spy chips in the hardware. They also provide images of what the phones should look like under x-ray, so you can, if you really want to, have your phone x-rayed and check out the chips yourself. That version of the phone is a bit pricey though. American labor isn't cheap.
Re: (Score:2)
How does the average person perform a checksum of every binary on their Pine Phone?
They're not for the average person. (Score:2)
The average person doesn't audit their Android install either. Average people do not install OS nor are they remotely the market for the PinePhone.
OTOH you could ask in their forum etcfor the best way to do that.
https://www.pine64.org/pinepho... [pine64.org]
Being special makes you stand out (Score:2)
If you want to be criminal, you need to look very ordinary, and these phones are a dead giveaway. And there is no real way to know they are not compromised.
Use standard apps like signal. "The groom is late for the wedding" means the shipment is late etc.
Re: Being special makes you stand out (Score:1)
That's what we in the trade called "veiled speech", and it doesn't work.
Really, it doesn't.
Re: Being special makes you stand out (Score:2)
Re: Being special makes you stand out (Score:1)
Works well enough as cops use it
Re: Being special makes you stand out (Score:1)
The crims are wiretapping the cops and poring over every work in their conversations.
It doesn't work.
Re: Being special makes you stand out (Score:1)
Are not wiretapping, that should read.
Re: (Score:2)
To be clear: the target market for these phones is law-abiding citizens who are interested in secure and private communication, and more control over tracking than android/IOS provide. I wouldn't actually know what one needs in order to be a successful criminal. That isn't my area.
But I DO know that buying a privacy-focused Android phone would be an oxymoron, and ANY closed-source solution leaves you with no means of auditing the code for unwanted scanning or weak security logic.
Re: (Score:2)
Re: (Score:2)
Ah well, I wasn't actually advocating these phones for criminal use. I can understand the confusion, given the context of the conversation. But I intended a subject switch to the more general topic of "privacy-focused" phones, and sending encrypted messages for legitimate reasons.
Incidentally, the notion that an open source encryption algorithm is weaker than a closed-source encryption algorithm is a common myth. It's called security through obscurity [wikipedia.org], and it has been known to be weak for centuries. It
Re: (Score:2)
How does an average person know that a vaccine works?
Re: (Score:2)
How does an average person know that a vaccine works?
I got the 5G vaccine and the FBI haven't knocked down my door even once!
Re: (Score:2)
The Librem 5, in particular, has an option to buy a phone where all the chips are manufactured in USA, not China, so you don't have to fear the Chinese government putting spy chips in the hardware.
I guess that would be a selling point for Chinese criminals, but even then there is a chance of the Americans black mailing the criminals with whatever the Americans harvest with their back doored chips.
Re: (Score:2)
The Librem 5, in particular, has an option to buy a phone where all the chips are manufactured in USA
Yeah, I'm totally reassured now...
Re: (Score:2)
I've been wanting to try the pine phone. The Librem is way out of my price range.
How is it?
Re:I don't get it (Score:5, Informative)
According to the articles about it, the weird behavior is typical of phones that are ostensibly "secured" for criminals to use for clandestine communications. What's even more outrageous, is that some of the people who worked for the company which put out these phones had no idea the company itself was an FBI front operation. The FBI actually arrested quite a few of the employees who weren't privy to the need-to-know info, for things like remotely wiping the phones at the request of customers, and selling the phones to known criminals (even though that was the whole point of the sting operation).
Kinda reminds me of that movie American Made [wikipedia.org], where the CIA gets this pilot to run drugs and guns, then totally fucks him over. It's also a true story.
Re: (Score:1)
Re:I don't get it (Score:5, Informative)
This is not entrapment. Communicating is not illegal. You cannot claim that by providing an allegedly secure communication mechanism, these law-abiding citizens were cajoled or enticed into running criminal enterprises with drugs and prostitution and whatever else they were doing.
Entrapment would be if a cop seemingly befriended you, at a bar or whatever, then convinced you to commit insurance fraud so you could split the money, then arrested you for insurance fraud.
Maybe people who bought the phones could sue for false advertising and get their money back, though.
Re: (Score:3)
Even that might not be entrapment. It's only entrapment if the authorities get you to do something that you would otherwise not do.
Re: I don't get it (Score:1)
So then it was entrapment, being that an effort was made to approach subjects, and place a suggestion in their ear, of something they otherwise would not have done unless convinced by a third party.
If that us the standard it is entrapment.
Re: (Score:2)
In this case all these
Re: I don't get it (Score:1)
That wasn't the context provided. I'm all for lowering crime, but if you have to become a criminal to do so, you perpetuate crime and totalitarian ism.
The question wasn't are these criminals, I think we can agree on that. It was a you put forth would they have engages in this activity if not first approached, violating their right to not incriminate themselves.
The ends justify the means is not a valid response.
What affect on noncriminal citizens will this have, if this is expanded as it probably is. Allo
Re: (Score:2)
Even that might not be entrapment. It's only entrapment if the authorities get you to do something that you would otherwise not do.
Even then, the courts generally seem to accept the circular argument that if the authorities got you to do it, it's proof that you are inclined to do it anyway.
Frankly, I'm not sure the courts would accept entrapment as a defense if undercover officers kidnapped someone's child and demanded they rob a bank.
Re: (Score:2)
Frankly, I'm not sure the courts would accept entrapment as a defense if undercover officers kidnapped someone's child and demanded they rob a bank.
Well, that wouldn't be called entrapment ... that would be "duress", as described by the "Illustrated Guide to Law" [lawcomic.net].
(The guide has a good description of entrapment [lawcomic.net] as well, many pages worth.)
As always, the devil is in the details, and if the details of the case fit the local definition of entrapment or duress, that would usually result in charges being dropped, acquittal, etc. ... but there definitely are requirements.
Still ... (Score:2)
Neat! I'd like to have one. (Score:5, Interesting)
I'd notify the FBI (it's no longer their property having been sold) that I'd bought the thing (supplying pics of proof) then auction it off.
Doubtless some security professionals would like to own and tinker with one and would pay to play. It would also be an interesting artifact for a computer museum.
Re: (Score:2)
You can bet your ass that I'd like to have one.
Re: (Score:3)
Re: (Score:3)
I’m not sure what high tech trickery you’re expecting. It’s probably some chat or message apps that send everything to an AWS instance.
Re: (Score:1)
Anom was exposed at the beginning of 2021, the blog where it happened had been taken down, but is now back up.
Basically it was all running on XMPP, with a bot resending every message to the FBI. As easy as it gets.
https://web.archive.org/web/20... [archive.org]
Re: Neat! I'd like to have one. (Score:1)
I wouldn't notify the FBI. Cointelpro still exists, and I like breathing more than proving a point. Quietly get rid of it.
It was actually secure! (Score:4, Interesting)
Re:It was actually secure! (Score:4, Insightful)
Re: It was actually secure! (Score:2)
No, you have no right to actually receive the product you paid for without fraud, because the government is allowed to break any laws they feel like.
Re: (Score:2)
No they do not. The FBI knows all too well that even the biggest cunts they deal with can have the most damning evidence thrown out if it was acquired illegally. This is no different from a cop dressing as a drug dealer and waiting for someone to approach him looking for a fix, or leaving a bike unattended and arresting anyone that steals it.
Re: (Score:2)
This is no different from a cop dressing as a drug dealer and waiting for someone to approach him looking for a fix, or leaving a bike unattended and arresting anyone that steals it.
Except for the obvious difference that there's nothing actually inherently illegal about a secure phone. Also, for the bike analogy, they were selling in exchange for money, not waiting for people to steal it.
Re: (Score:2)
Well that's typical of any client->server encryption. The endpoints will always be able to decrypt the traffic, where the company providing the service is such an endpoint.
The service and device was exactly what it claimed to be, the users just made the mistake of choosing a technology reliant upon a third party vendor.
It's not the fault of the FBI that the users of the system didn't understand enough about the technology to realise how the system worked, what the risks are, and what methods they could u
Re: (Score:1)
Nothing like ratting on yourself.
Wonder if anyone got whacked by others thinking they were a rat.
Little formalities (Score:2)
"But none of those apps work" (Score:2)
Re: (Score:2)
Not if it was advertised that way. The phone is advertised as a phone with a "special secret messaging app". If you boot it up the "dumb" way, it looks like a normal phone and acts like a normal phone. Who knows why the apps don't work - even in regular mode it doesn't always work.
But criminals didn't buy the phone because of the fake "normal phone mode" stuff. They bought it for
Re: (Score:2)
Of course, functionality like that is not just useful for criminals. It's also useful for plenty of people. That includes, for example, people cheating on their partners, who don't garner a lot of sympathy, but are generally not criminals for it(aside from the few states that have never enforced laws on the books making adultery a felony). It may also include children who don't want their parents reading their communications. That may include adults living at home (or even away from home) whose parents have
Pretend I posted an image macro (Score:2)
"And then I labeled the send button..."
laughingFBIman.jpg
""SEND SECURE MESSAGE""
Re: (Score:1)
The guy that sold it to you was very likely an FBI agent.
Could you imagine that spreadsheet?
Ser # Name
0001 Jimmy (The Fly) Corleone
0002 Rob (Face) Germbiota
0003 Francis (Junior) Strobiole
0004 Jacob (Smiley) Sicone
0005 Jackson (Ice Pick) Madina
0006 Ka-bob (stinky) Franklin
0007 Duwaine (Showboat) Johnson
0008 Jurell (Speedfoot) Washington
Re: So lots of false arrests... (Score:1)
TFS implies the criminals found out, and henxe sold off the phones. Those phones I meant.
Re: (Score:1)
TFS implies the criminals found out, and henxe sold off the phones. Those phones I meant.
LOL, I wanted to make you laugh. It was a joke.