AN0M & Operation Trojan Shield is proof that a ban on encryption is not needed to catch criminals. Instead we need open source encryption for mainstream services!

A global sting operation leads to the arrest of criminals using AN0M "FBI" devices.

2021-07-13
In the early morning hours of June 8th, 2021 search warrants were executed around the globe and the users of custom devices with the encrypted messaging application AN0M were arrested on a wide variety of criminal charges. The application was developed by FBI, "secure" devices were distributed, and global law enforcement agencies got to work processing the remarkable amounts of data they were being freely given. This case shows why people interested in protecting their privacy must only trust open source applications.

AN0M & Operation Trojan Shield

The Operation Trojan Shield was one of the most sucessful operation executed by law enforcement agencies against organized crime around the world.

The encrypted messaging application AN0M was installed on customized mobile devices, before being introduced by undercover law enforcement agents into multiple criminal groups. It’s popularity and alleged security was further hyped by figures within organized criminal circles which led to the AN0M devices spreading throughout different organized criminal organizations.

Unprecendented crackdown

When the police raids began, millions of dollars were seized, over 30 tons of narcotics and hundreds of firearms were taken into police custody.

The FBI is reporting that they released nearly 12,000 devices which were used to gather the information necessary to bring about this unprecedented crackdown. Encrypted messages sent using one of these compromised devices were unknowingly forwarded to law enforcement agencies who were able to quickly read the contents of these messages by using their own decryption keys.

A lesson in the importance of open source software and services for everyone.

What lesson can we as privacy-focused citizens, those seeking to avoid the abuse, theft, or unauthorized distribution of their data, learn from these events?

Secure messaging and end-to-end encrypted programs can only be trusted if they are part of open-source projects. If it is not possible to disassemble and audit the programs we are entrusting with our privacy, we can never be sure that these applications are truly secure.

In the case of AN0M, users operated under the false assumption of security and anonymity, while their encrypted messages were being bcc’d off to law enforcement where they were decrypted and stored. But what about other commonly used proprietary services which only allow limited, if any, inspection of their source code?

Encrypted communication to protect privacy

It cannot be overemphasized that encrypted communications are not only used for criminal activity. Quite the contrary, the vast majority of secure encrypted communication is used everyday by regular people all throughout the world. Logging into an online bank portal, medical professionals storing and sharing patient information, and corporate VPNs facilitating the ability to work remotely are all forms of encrypted communication which we encounter on a daily basis.

The ability to encrypt our data is critical for maintaining privacy for everyone. If trust in encrypted services is lost, this will impact more than just criminal minorities.

If we continue weaving the digital fabric of our lives with unfounded promises of security, we are ultimately cheating ourselves out of our human right for privacy. In order to keep the promise of privacy alive, it is crucial that services claiming to protect user information with strong forms of end-to-end encryption open their source code for independent scrutiny.

Open source technology

Tutanota provides a transparent and open source alternative to Big Tech.

Tutanota has a long and proud open source history and is published publicly on GitHub under the GPLv3 license. Security analysts, researchers, and users can inspect the program's source code and rest assured that their emails are being sent and stored securely.

Don't just take our word for it! Check out our code yourself.