A Peek Inside Anom, the Phone Company Secretly Used in an FBI Honeypot

A video shows a row of jet black phones laying side by side on a wooden table. A white cable extrudes from each phone, loops on itself up to the table, and connects with a mess of other cables before linking with a nearby desktop computer. The camera pans to the right, revealing a cheap looking keyboard and more phones. There are maybe around 15 in all.

The person filming the video stretches out their hand and touches one of the devices, as if to show off their handiwork. They turn around and show a second table with another 15 phones plugged into another computer. A small bonsai tree sits at the top edge of the desk.

Finally, the video shows stacks and stacks of boxes, positioned one on top of the other, ready to send the products out.

This is a peek inside Anom, an encrypted phone company that, unbeknownst to its staff, secretly sent a copy of every message on the phones to the FBI and Australian police. Anom’s clients were members of hundreds of different organized crime groups globally, according to court records. This particular video was filmed by an Anom seller who loaded phones with the company’s custom software to then mail out to customers.

Videos, files, and other documents obtained by Motherboard lay out the bureaucracy and structure of Anom. When Reece Kershaw, the Australian Federal Police (AFP) Commissioner spoke in a press conference about the operation in June, he said that law enforcement had been “running” the company. But these documents complicate that narrative, and show that the company seemingly operated somewhat autonomously.

“We were never told that this project is going to be in the middle of this,” one developer who worked for Anom told Motherboard, referring to the secret that the phones sent their messages to the authorities. Motherboard granted the source anonymity to protect them from retaliation. The developer said Anom management told them that their customers were corporations. “Those are our customers. That’s what we were told,” they said.

Several years ago Anom’s creator, a convicted drug trafficker, offered Anom to the FBI for its own use in investigations during the early stages of the company’s creation, according to court records. Authorities and the creator then introduced the feature to surreptitiously intercept users’ messages. Earlier this year Motherboard obtained one of the Anom devices from the secondary market. As well as hiding the Anom communications platform behind the phone’s calculator app, the device also had a dummy operating system loaded with banal looking apps that could be used to trick a casual observer that the device was just an ordinary phone.

Anom’s creator used their trusted network of distributors who each spread the phones in different geographical regions, according to the court records. The rollout started as a beta localized to Australia, before expanding overseas and eventually globally with around 11,800 phones. Distributors also had their own agents who worked on their behalf, selling to individual users. The court records say that the creator controlled the distribution of the devices in consultation with the FBI.

Another person who worked for Anom told Motherboard that the people working at the company had no knowledge of the Anom creator’s intent to secretly intercept messages.

One new document obtained by Motherboard shows the number of phones being sent to different Anom distributors: 200 to a seller in Australia; 60 to another for Sweden; 10 for New Zealand, and so on. The document includes the distributor’s username on the Anom platform, and the type of phone they were shipped, such as a Pixel 4a. The document was used by Anom workers themselves to track distribution of the devices.

The document also shows it was edited by Hakan Reis, also known as Hakan Ayik. Ayik is an alleged international drug trafficker whose prolific sharing of his wealth and opulence on social media earned him the name “The Facebook Gangster” in the Australian press. He was one of the key distributors that seeded Anom’s popularity in the criminal world, according to the Australian authorities. Australian police have recommended he now hands himself in due to the risk he faces for inadvertently introducing a backdoored device to various criminal groups.

Do you know anything else about Anom? Were you a user? Did you work for the company? Did you work on the investigation? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Anom distributors could log into a panel showing all of their sold devices, along with each phone’s IMEI number, the time remaining on its subscription, the nickname of the user, the country the person was based in, and which agent was handling that particular customer, according to a video of the panel obtained by Motherboard. Here, distributors could assign specific customers to agents too. Distributors could also use the panel to generate a report of their work.

“This option allows you to generate a report of refunds, activations and renewals of yourself and your agents within a date range,” a pop-up shown in the video of the portal reads. This would allow distributors to see which of their sellers were the best performers or not.

Other documents show specific addresses Anom delivered phones to, including locations in the UK and U.S. The FBI says it did not monitor outgoing messages on devices in the U.S.; instead, the AFP monitored them for threats to life, according to the court records.

Screenshots show Anom workers had various group chats with each other for organizing the business. The developer said their team used the encrypted messaging app Wire to talk to one another.

Motherboard verified the video of the seller’s panel with a person who sold Anom phones; they said it was authentic. A person who worked on the Anom development team said that the video of the phones was not identical to another they had seen, but was similar.

In all, the documents and other interviews show that Anom operated as a functioning entity in its own right, with systems for keeping track of its sales, lists of resellers and which countries they operated in, and support for helping customers. That is, apart from the secret kept from its staff that the FBI and Australian police were using the system to monitor users.

“I didn’t have any suspicion that it can be used by some organisation like [the] FBI,” the developer said.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.

This post has been read 21 times!

0 0 votes
Article Rating
Like
Like Love Haha Wow Sad Angry
guest
Not Optional
Optional
0 Comments
Inline Feedbacks
View all comments