FBI HONEYPOT TOOK DOWN ENCRYPTED MESSAGING
Users of the Sky ECC encrypted messaging platform were no doubt surprised to log into their computers on the morning of March 12, 2021 and see a large banner across the page on SkyGlobal.com notifying them that the website, and 116 other domains owned by Sky Global, were seized by the Federal government.
They must have assumed that Sky Global had committed some heinous crime crime, some nefarious activity to warrant such an abrupt seizure of property.
They didn’t.
Sky Global, and its CEO, and other encrypted device companies were the targets of one of the largest cases of government overreach in modern prosecutorial history.
Sky ECC is an encrypted messaging app that was developed in 2013 to protect customers from hacking and espionage. Its encrypted platform offers clients the ability to send and receive encrypted messages through a secure pre-loaded device. Sky would pre-load its software onto this secure device which was then sold by third party resellers to consumers, some of them whom may have been involved in unlawful activity.
Providing encrypted messaging capabilities to consumers is not a violation of any federal or state law. Large companies such as Apple, Microsoft, WhatsApp, and plenty of smaller IT security companies offer end- to- end encrypted messaging. And, no doubt, those platforms are used to facilitate unlawful activity just as Outlook may be used to send an email that amounts to insider trading or an iPhone may be used to send a message setting up a drug deal. The fact that technology can be used for an improper purpose does not mean that the technology was designed or intended for that use.
But Sky ECC knew that the government was targeting encrypted messaging platforms such as Phantom, Secure, Encrochat and other companies, so it decided to be proactive. Knowing that its devices could be used for illicit activities, Sky prohibited its resellers and partners from selling to those known to engage in illegal businesses and actively terminated business relationships with those using the platform to violate the law. Despite its efforts, on March 12, 2021, Sky’s business operations were brought to an abrupt halt when the Federal Government indicted Sky’s CEO Jean-Francois Eap for, of all things, drug trafficking and engaging in corrupt activity (RICO). Along with its indictments, the Government seized a total of 116 internet domains belonging to Sky Global which denied it access to any control over its business.
Eap set up sky Sky ECC in 2010 and by march March of 2021 it had 120,000 users of its phones. The Department of Justice press release announcing the indictment against Eap alleged that Sky’s purpose was to create, maintain, and control a secure communication method to facilitate the trade of heroin, cocaine, and methamphetamine across Australia, North American, Asia, Europe and across the globe. Tthe DOJ alleged that Sky facilitated this trade of unlawful drugs for more than a decade.
Eap had reason to be concerned about a potential government investigation, in March of 2018, the DOJ charged Vincent Ramos, the CEO of Phantom Secure with similar charges. He is now at the long end of a nine-year prison sentence. Shortly after Phantom’s CEO was indicted, Sky beefed up its compliance policies, terms and conditions, and efforts to prevent the phones from being used by illicit users. This fact, according to the Government, is evidence of knowledge of an illicit purpose.
Yes, that’s right. The Government takes the position that the company did not do enough, but when it tried to do more it’s simply because it wanted to avoid criminal charges.
But Sky’s model is much different. But, unlike Phantom and other messaging apps, Sky didn’t sell its phones directly to consumers. Instead, it contracted with third party sellers who marketed and sold the phones to users. Their target market was celebrities, government contractors, security companies, and high-profile people in the healthcare and law sectors. One of the Federal Government’s biggest concerns was the ability to remote wipe phones at the request of the client. But Sky contends that it would not wipe phones at the request of a client if Sky knew that the phone was in the possession of the government or if wiping the phone would destroy evidence of a criminal investigation.
In addition to its efforts against Sky, the FBI was running its own encrypted phone network designed as a “honeypot” to catch suspected criminals.
The FBI’s operation, called “Trojan Shield,” netted nearly 20 million messages from over 11,800 devices used by suspected criminals. The operation was called “trojan shield” and Trojan Shield centered centered on exploiting the aforementioned Anom, a burgeoning cell phone encrypted messaging service, maintained with the help of a confidential informant who had created it. The FBI inserted a backdoor into the messaging platform which allowed it to monitor the messaging traffic of suspected criminal organizations.
In 2018, after the FBI arrested Ramos, the CEO of Phantom Secure, the FBI was working with a confidential informant who was creating their own encrypted messaging platform named “Anom”. When customers left Phantom after Ramos’ 2018 arrest and indictment, they flocked to Anom. And when each Anom user sent a message the FBI received a key which would allow it to decrypt and store the message in real time as it was transmitted. Obviously, users of Anom were unaware that this was occurring and, likely, the first time they learned of the decryption was after court filings were unsealed in 2021. The confidential informant then introduced undercover FBI agents to Anom’s its third party distributors, who were used to expand the FBI’s honeypot and ensnare other suspected criminals.
One of Anom’s advertisements reads:
“Introducing Anom-a Ultra-Secure Mobile-Cell-Phone Messaging App for Android. Your Confidentiality Assured. Software hardened against targeted surveillance and intrusion-Anom Secure. Keep Secrets Safe”
Eventually Anom’s use grew to over 10,000 devices in over 90 countries including over 300 distinct transnational criminal organizations. But when the FBI closed down Sky, Anom’s user base tripled. The cases against Sky and Phantom show that the government is willing to investigate and shut down providers of encrypted messaging software, but the Anom case provides a whole new spin: The Government is willing to go one step further and create a platform, secretly monitor the communications by its users, and shut down its competitors in order to increase the size and breadth of its honeypot.
In an unsealed application for a search warrant, Special Agent Nicholas Cheviron provides the explicit details for Operation Trojan Shield.
In 2018 after Ramos was arrested the After the 2018 shutdown of Phantom Secure, the FBI was concerned that other encrypted device companies would simply spring up and fill the void. It wanted to do something about it to fill this void itself, the FBI contacted its undercover informant, a distributor of Phantom phones, who was developing a new encrypted messaging technology. The FBI believed that it couldn’t just create its own company because criminal organizations who utilize such devices will only do business with those that they trust. The informant had been working with the FBI since 2018 and was “working off” charges involving the use of encrypted phones for illicit purposes. In addition, the FBI paid the informant $120,000 for his services and another $59,000 for “expenses”. The informant, in exchange for his freedom and a hefty sum of money, introduced the FBI’s new company — Anom — to his network of distributors. The FBI believed that it couldn’t just create its own company because criminal organizations who utilize such devices will only do business with those that they trust, hence a criminally trustworthy informant.
SA Cheviron explained in his affidavit that the FBI inserted a master key into each message sent by an Anom device that allowed the message to be stored by the FBI and decrypted. In the beginning, Anom offered three devices to prior Phantom customers known to the informant so that they could “beta test” and while the FBI and DOJ obtained a secret court order that which would allow the FBI to monitor the communications during the this “beta test.” Anom grew slowly over time but would grow to include users in over 300 international organized crime syndicates including the Outlaw Motorcycle Gang and the Italian Mob.
SA Cheviron further described in the sealed affidavit that each time an encrypted messaging platform was shut down, Anom’s user base grew due to criminal organizations’ legitimized communication insecurities, manipulated by the perception that Anom was, at that time, the only “safe” encrypted messaging platform amidst a swath of indictments and shutdowns. The goal of Operation Trojan Shield was to shake criminal organization’s confidence in the ability to send and receive encrypted messaging on encrypted platforms.
As the FBI began to monitor communications on its shiny new new shiny toy, it began sending those stored, decrypted communications to United States and international law enforcement. On January 4, 2020 the FBI intercepted communications from Domenico Catanzariti, who was identified as Salvatore Lupoi, who discussed a cocaine supply and sent a picture showing hundreds of kilograms of cocaine with a Batman label on the packaging.
On March 23, 2020, Baris Tukel and Shane “Real G” Geoffrey sent messages discussing the price of cocaine which apparently was at the “$200k mark.” Tukel further wrote that 2kg of cocaine would be delivered inside a French diplomatic sealed envelope coming out of Bogota Colombia. “Real G” sent messages on May 29, 2020 asking what the price was for a kilogram of cocaine coming out of Colombia. He further discussed that the cocaine shipments would be hidden in Bananas but that they did not yet have a corrupt official in Hong Kong who could move the product.
In October 2020, the FBI intercepted messages regarding a shipment, from an Ecuadorian shipping company, of tuna cans packed with cocaine, which led to the successful drug bust and seizure of the cocaine.
After the release of SA Cheviron’s the affidavit, the Government’s motivations in creating Anom and shutting down Sky and Phantom became apparent. The powers that be were interested in driving more users to its government- created honeypot, so much so that it led to the use of Federal powers in order to indict well-meaning entrepreneurs and shut down companies which began with a valiant purpose and its because of this that they turned the power of the federal government against Sky and Phantom indicting its owners and shutting down its companies.
Federal power is immense and in modern federal investigations, Supreme Court decisions regarding search and seizure have permitted investigators expansive latitude to engage in operations missions such as Operation Trojan Shield. The FBI and prosecutors in Trojan shield were able to create a dragnet and use its tools of prosecution such as indictment, asset seizure, wiretapping, and use of informants to target legitimate United States companies offering a service which may have been used by criminal enterprises. They did this to further their investigation of other criminal enterprises. And for these investigators and prosecutors the surreptitious monitoring of private conversations from legitimate parties was a tolerable byproduct of the government’s overall aims of shutting down criminal elements. But this is exactly what our constitution was designed to protect against — this “ends justifies the means” thinking.
After the release of the affidavit, the Government’s motivations in creating Anom and shutting down Sky and Phantom became apparent. They were interested in driving more users to its government created honeypot and its because of this that they turned the power of the federal government against Sky and Phantom indicting its owners and shutting down its companies.