Last updated

ANOM logo.jpg

Operation Trojan Shield Seal.png    Special Operation Ironside logo.png
ANOM app logo (top), the seal of the FBI's Operation Trojan Shield (bottom left), and the logo of the AFP's Operation Ironside (bottom right)
  • October 2018 (initial device distribution)
  • 8 June 2021 (search warrant execution)
Location100+ countries
MotiveSurveillance of criminal activity
Organised byU.S. Federal Bureau of Investigation, Europol, Australian Federal Police, and others
Outcome800+ arrests, seizure of 40 tons of drugs, 250 guns, 55 luxury cars, and over $148 million in currencies and cryptocurrencies

The ANOM (also stylized as AN0M or ΛNØM) sting operation (known as Operation Trojan Shield or Operation Ironside) is a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle clubs, drug syndicates and other organised crime groups.



The shutdown of the Canadian secure messaging company Phantom Secure in March 2018 left international criminals in need of an alternative system for secure communication. [1] Around the same time, the San Diego FBI branch had been working with a person who had been developing a "next-generation" encrypted device for use by criminal networks. The person was facing charges and cooperated with the FBI in exchange for a reduced sentence. The person offered to develop ANOM and then distribute it to criminals through their existing networks. [2] [3] The first communication devices with ANOM were offered by this informant to three former distributors of Phantom Secure in October 2018. [4]

The FBI also negotiated with an unnamed third country to set up a communication interception, but based on a court order that allowed passing the information back to the FBI. Since October 2019, ANOM communications have been passed on to the FBI from this third country. [1]

The FBI named the operation "Trojan Shield", [5] and the AFP named it "Ironside". [6]

Distribution and usage

ANOM app screenshot AnomChat.jpg
ANOM app screenshot

The ANOM devices consisted of a messaging app running on smartphones that had been specially modified to disable normal functions such as voice telephony, email, or location services. After checking that normal functionality was disabled, [7] the messaging apps then communicated with one another via supposedly secure proxy servers, which then copied all sent messages to servers controlled by the FBI. The FBI could then decrypt the messages with a private key associated with the message, without ever needing remote access to the devices. [3] [8] The devices also had a fixed identification number assigned to each user, allowing messages from the same user to be connected to each other. [8] According to a since-deleted Reddit post discovered by Motherboard, the ANOM app was "for Android"; [9] [ better source needed ] a WordPress blog post described the app as using a "custom Android OS". [10] [ better source needed ]

About 50 devices were distributed in Australia for beta testing from October 2018. The intercepted communications showed that every device was used for criminal activities, primarily being used by organised criminal gangs. [1] [3]

Use of the app spread through word of mouth, [3] and was also encouraged by undercover agents; [11] drug trafficker Hakan Ayik was identified "as someone who was trusted and was going to be able to successfully distribute this platform", and without his knowledge was encouraged by undercover agents to use and sell the devices on the black market, further expanding its use. [11] [12] After users of the devices requested smaller and newer phones, new devices were designed and sold. [4] The most commonly used languages on the app were Dutch, German and Swedish. [13]

After a slow start, the rate of distribution of ANOM increased from mid-2019. By October 2019, there were several hundred users. By May 2021, there had been 11,800 devices with ANOM installed, of which about 9,000 were in use. [1] New Zealand had 57 users of the ANOM communication system. [14] The Swedish Police had access to conversations from 1,600 users, of which they focused their surveillance on 600 users. [15] Europol stated 27 million messages were collected from ANOM devices across over 100 countries. [16]

Some skepticism of the app did exist; one March 2021 WordPress blog post called the app a scam. [10] [17] [3]

Arrests and reactions

ANOM website screenshot, 10 June 2021 ANOM Screenshot - 2021-06-10 - 01.png
ANOM website screenshot, 10 June 2021

The sting operation culminated in search warrants that were executed simultaneously around the globe on 8 June 2021. [14] It is not entirely clear why this date was chosen, but news organisations have speculated it might be related to a warrant for server access expiring on 7 June. [3] The background to the sting operation and its transnational nature was revealed following the execution of the search warrants. Over 800 people were arrested in 16 countries. [18] [19] [20] Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle gangs, drug syndicates and other crime groups. [18] [6] [21] In the European Union, arrests were coordinated through Europol. [22] Arrests were also made in the United Kingdom, although the National Crime Agency was unwilling to provide details about the number arrested. [23]

The seized evidence included almost 40 tons of drugs (over eight tons of cocaine, 22 tons of cannabis and cannabis resin, six tons of synthetic drug precursors, two tons of synthetic drugs), 250 guns, 55 luxury cars [20] and more than $48 million in various currencies and cryptocurrencies. In Australia, 224 people were arrested on 526 total charges. [21] In New Zealand, 35 people were arrested and faced a total of 900 charges. Police seized $3.7 million in assets, including 14 vehicles, drugs, firearms and more than $1 million in cash. [24] [25]

Over the course of the three years, more than 9,000 police officers across 18 countries were involved in the sting operation. Australian Prime Minister Scott Morrison said that the sting operation had "struck a heavy blow against organised crime." Europol described it as the "biggest ever law enforcement operation against encrypted communication." [18]


About 50 of the devices had been sold in Australia. Police arrested 224 suspects and seized 104 firearms and confiscated cash and possessions valued at more than 45 million AUD. [26]


In Germany, the majority of the police activity was in the state of Hesse where 60 of the 70 nationwide suspects were arrested. [27] Police searched 150 locations and in many cases under suspicion of drug trafficking. [28]


In the Netherlands, 49 people were arrested by Dutch police while they investigated 25 drug production facilities and narcotics caches. Police also seized eight firearms, large supplies of narcotics and more than 2.3 million euros. [13]


In Sweden, 155 people were arrested as part of the operation. [15] According to police in Sweden which received intelligence from the FBI, during an early phase of the operation it was discovered that many of the suspects were in Sweden. Linda Staaf, head of the Swedish police's intelligence activities, said that the suspects in Sweden had a higher[ discuss: higher than what? ] rate of violent crime than the other countries. [29]

United States

No arrests were made in the United States because of privacy laws that prevented law enforcement from collecting messages from domestic subjects. [30]

See also

Related Research Articles

Ndrangheta Criminal organization in Italy

The 'Ndrangheta is a prominent Italian Mafia-type organized crime syndicate based in the region of Calabria, dating back to the late 18th century.

Sting operation deceptive operation to catch a person committing a crime

In law enforcement, a sting operation is a deceptive operation designed to catch a person committing a crime. A typical sting will have an undercover law enforcement officer, detective, or co-operative member of the public play a role as criminal partner or potential victim and go along with a suspect's actions to gather evidence of the suspect's wrongdoing. Mass media journalists occasionally resort to sting operations to record video and broadcast to expose criminal activity.

Russian organized crime or Russian mafia, otherwise known as Bratva, is a collective of various organized crime elements originating in the former Soviet Union. The acronym OPG is Organized Criminal Group, used to refer to any of the Russian mafia groups, sometimes modified with a specific name, e.g. Orekhovskaya OPG. Sometimes the initialism is translated and OCG is used.

Europol Police agency of the European Union

The European Union Agency for Law Enforcement Cooperation, better known under the name Europol, formerly the European Police Office and Europol Drugs Unit, is the law enforcement agency of the European Union (EU) formed in 1998 to handle criminal intelligence and combat serious international organised crime and terrorism through cooperation between competent authorities of EU member states. The Agency has no executive powers, and its officials are not entitled to arrest suspects or act without prior approval from competent authorities in the member states. Seated in The Hague, it comprised 1,065 staff in 2016.

Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Transnational organized crime Organized crime across national borders

Transnational organized crime (TOC) is organized crime coordinated across national borders, involving groups or markets of individuals working in more than one country to plan and execute illegal business ventures. In order to achieve their goals, these criminal groups use systematic violence and corruption. Common transnational organized crimes include conveying drugs, conveying arms, trafficking for sex, toxic waste disposal, materials theft and poaching.

Illegal drugs in Puerto Rico are a problem from a criminal, social, and medical perspective. Located in the Caribbean, Puerto Rico has become a major transshipment point for drugs into the United States. Violent and property crimes have increased due in part to dealers trying to keep their drug business afloat, using guns and violence to protect themselves, their turfs, and drug habits.

National Crime Agency National law enforcement agency in the United Kingdom

The National Crime Agency (NCA) is a national law enforcement agency in the United Kingdom. It is the UK's lead agency against organised crime; human, weapon and drug trafficking; cyber crime; and economic crime that goes across regional and international borders, but can be tasked to investigate any crime. The NCA has a strategic role in which it looks at the bigger picture across the UK, analysing how criminals are operating and how they can be disrupted. To do this it works closely with regional organised crime units (ROCUs), the Serious Fraud Office, as well as individual police forces.

Telegram (software) Cross-platform instant messenging service

Telegram is a free and open source, cross-platform, cloud-based instant messaging (IM) software. The service also provides end-to-end encrypted video calling, VoIP, file sharing and several other features. It was launched for iOS on 14 August 2013 and Android in October 2013. The servers of Telegram are distributed worldwide to decrease data load with five data centers in different regions, while the operational center is based in Dubai in the United Arab Emirates. Various client apps are available for desktop and mobile platforms including official apps for Android, iOS, Windows, macOS and Linux. There are also two official Telegram web twin apps – WebK and WebZ – and numerous unofficial clients that make use of Telegram's protocol. All of Telegram's official components are open source, with the exception of the server which is closed-sourced and proprietary.

Operation Tovar is an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which is believed by the investigators to have been used in bank fraud and the distribution of the CryptoLocker ransomware.

The Farmers Market

The Farmer's Market, formerly Adamflowers, was an online black market for illegal drugs. It was founded by Marc Peter Willems in or before 2006, and moved operations to the dark web in 2010 using the Tor anonymity network. It was closed and several operators and users arrested in April 2012 as a result of Operation Adam Bomb, a two-year investigation led by the U.S. Drug Enforcement Administration (DEA).

Special Task Force On Organised Crime

Special Task Force On Organised Crime (STAFOC) are the specialized operation armed response units of the Royal Malaysia Police.

Hansa was an online darknet market which operated on a hidden service of the Tor network.

Joint investigation teams (JIT) are law enforcement and judicial teams set up jointly by EU national investigative agencies to handle cross-border crime. Joint investigation teams coordinate the investigations and prosecutions conducted in parallel by several countries.

Impact of the COVID-19 pandemic on crime Consequences of COVID-19 pandemic for crime

The COVID-19 pandemic has impacted crime and illicit economies such as organised crime, terrorism, street crime, online crime, illegal markets and smuggling, human and wildlife trafficking, slavery, robberies and burglaries.

EncroChat was a Europe-based communications network and service provider used primarily by organized crime members to plan criminal activities. Police infiltrated the network between at least March and June 2020 during a Europe-wide investigation. An unidentified source associated with EncroChat announced on the night of 12–13 June 2020 that the company would cease operations because of the police operation.

Sky Global was a communications network and service provider based in Vancouver, Canada. Its most notable products were secure messaging application Sky ECC and secure phones. A significant share of users of its systems were international crime organizations involved in drug trafficking, and the company management was suspected of collusion. In a series of raids against criminal organizations in several countries in early 2021, a part of Sky's infrastructure in Western Europe was dismantled, and US Department of Justice issued an arrest warrant against the company's CEO Jean-François Eap. On March 19, 2021, the company apparently shut down the operations after BlackBerry, Inc. cut it off from its services. Its website has been seized by the FBI.

Phantom Secure was a Canadian company that provided modified secure mobile phones, which were equipped with a remotely operated kill switch. After its shutdown, criminal users fled to alternatives including ANOM, which turned out to be a honeypot run by the FBI.

Hakan Ayik, also known as Hakan Reis is an Australian drug trafficker who has an estimated net worth of $1.5 billion. He was described in June 2021 as "Australia's most wanted man". Ayik was born in Australia to parents from Turkey.


  1. 1 2 3 4 Multiple sources:
    • Cheviron, Nicholas (17 May 2021). "Affidavit in support of application for search warrant". Archived from the original on 9 June 2021. Retrieved 8 June 2021.
    • "unsealed_trojan_shield_search_warrant_21mj1948.pdf". United States Department of Justice . Federal government of the United States. Archived from the original on 10 June 2021. Retrieved 10 June 2021.
  2. Corder, Mike and Perry, Nick, Global sting: FBI-encrypted app tricks organized crime Archived 8 June 2021 at the Wayback Machine , Associated Press, 8 June 2021
  3. 1 2 3 4 5 6 "ANOM global phone sting: What we know". Raidió Teilifís Éireann. Agence France-Presse. 8 June 2021. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  4. 1 2 Zhuang, Yan; Peltier, Elian; Feuer, Alan (8 June 2021). "The Criminals Thought the Devices Were Secure. But the Seller Was the F.B.I." The New York Times. ISSN   0362-4331. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  5. Harding, Luke (8 June 2021). "Hundreds arrested in global crime sting after underworld app is hacked". The Guardian . Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  6. 1 2 Westcott, Ben. "FBI and Australian Federal Police encrypted app trap ensnares hundreds of criminal suspects". CNN. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  7. Sharwood, Simon. "Australian cops, FBI created backdoored chat app, told crims it was secure – then snooped on 9,000 users' plots". The Register. Archived from the original on 8 June 2021. Retrieved 8 June 2021.
  8. 1 2 Robertson, Adi (8 June 2021). "The FBI secretly launched an encrypted messaging system for criminals". The Verge. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  9. "Trojan Shield: How the FBI Secretly Ran a Phone Network for Criminals". Retrieved 12 June 2021.
  10. 1 2 "ANOM Encrypted Scam Exposed". ANOM Exposed. Archived from the original on 6 June 2021. Retrieved 13 June 2021.
  11. 1 2 Taouk, Maryanne (8 June 2021). "Underworld figure Hakan Ayik unwittingly helped Operation Ironside, the AFP's biggest criminal sting". Australian Broadcasting Corporation. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  12. "Hakan Ayik: The man who accidentally helped FBI get in criminals' pockets". BBC News. 8 June 2021. Archived from the original on 8 June 2021. Retrieved 8 June 2021.
  13. 1 2 "49 NL arrests in international "encrypted phones" operation". NL Times. 8 June 2021. Retrieved 10 June 2021.
  14. 1 2 "Anom: The app at the heart of the FBI's major transnational sting". The New Zealand Herald . 8 June 2021. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  15. 1 2 Smed, Akvelina (8 June 2021). "155 tungt kriminella gripna i Sverige i stor insats" [155 serious criminals arrested in Sweden in large operation]. SVT Nyheter (in Swedish). Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  16. Chappell, Bill. "Drug Rings' Favorite New Encrypted Platform Had One Flaw: The FBI Controlled It". NPR. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  17. "Anom Encrypted App Analysis". 9 June 2021. Archived from the original on 9 June 2021. Retrieved 9 June 2021.
  18. 1 2 3 "ANOM: Hundreds arrested in massive global crime sting". BBC News. 8 June 2021. Archived from the original on 8 June 2021. Retrieved 8 June 2021.
  19. Cox, Joseph (8 June 2021). "Trojan Shield: How the FBI Secretly Ran a Phone Network for Criminals". Vice (magazine). Archived from the original on 8 June 2021. Retrieved 8 June 2021.
  20. 1 2 Светлова, Анна (8 June 2021). Европол задержал более 800 преступников в рамках международной операции [Europol detained over 800 criminals as part of an international operation] (in Russian). Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  21. 1 2 "AFP-led Operation Ironside smashes organised crime" (Press release). Australian Federal Police. 8 June 2021. Archived from the original on 8 June 2021. Retrieved 8 June 2021.
  22. "Trojan Shield: Europol details massive organized crime sting". Deutsche Welle. 8 June 2021. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  23. Davis, Margaret. "UK criminals among those duped into using secret message service run by the FBI". Belfast Telegraph. ISSN   0307-1235. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  24. Corder, Mike; Perry, Nick (8 June 2021). "FBI-encrypted app hailed as a 'shining example' of collaboration between world cops for tricking gangs". Stuff. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  25. "Anom: The app at the heart of the FBI's major transnational sting". The New Zealand Herald. Archived from the original on 9 June 2021. Retrieved 8 June 2021.
  26. "Checks and balances needed for new police surveillance powers". The Sydney Morning Herald. 9 June 2021. Retrieved 11 June 2021.
  27. "Nach Europol-Razzia: Verdächtige in Untersuchungshaft" [After Europol raid: Suspects in custody]. Die Welt (in German). 9 June 2021. Retrieved 10 June 2021.
  28. "Nach Europol-Razzia: Dutzende Beschuldigte in Deutschland" [After Europol raid: dozens of suspects in Germany]. (in German). 9 June 2021. Retrieved 10 June 2021.
  29. Smed, Akvelina; Jönsson, Oskar; Boati, David (8 June 2021). "Underrättelsechefen: "Sveriges användare stack ut"" [The head of intelligence: "Sweden's users stood out"]. SVT Nyheter (in Swedish). Archived from the original on 10 June 2021. Retrieved 9 June 2021.
  30. "The FBI played a huge role in Operation Ironside but haven't made a single arrest — here's why". 14 June 2021. Retrieved 15 June 2021.