Dark Wire: The Incredible True Story of the Largest Sting Operation Ever

Book Review by Steve Winterfeld

“Dark Wire: The Incredible True Story of the Largest Sting Operation Ever” by Joseph Cox is a true crime thriller that tells the story of the FBI’s Operation Trojan Shield, conducted from 2018 to 2021. The operation involved over 9,000 police officers in 18 countries monitoring over 10,000 phones and ultimately resulting in the arrest of over 800 suspects. The operation targeted taking over and/or intercepting messages sent over smartphones that criminals thought were encrypted and secure from law enforcement’s ability to monitor.  

The company Anom (AN0M) sold phones that were expected to be configured to encrypt messages, delete them, remove GPS tracking, remove camera functions, be remotely wiped and have other security features to facilitate secure operations for criminals. The FBI and Australian Federal Police had turned the phones into a sting operation and were able to intercept all the traffic. Thousands of smugglers, drug dealers, money launderers and hitmen unknowingly used them to coordinate crimes. 

While not a traditional cybersecurity book, “Dark Wire” offers great insights and a broader view of the criminal economy, providing an overview of the different investigations. 

Some of the topics and issues the book brings to life are: 

• Tension between privacy rights and law enforcement’s need to conduct surveillance of sophisticated criminal networks. 
• Ethical conflicts around topics like the need to protect lives by preventing plans to commit murder without revealing the fact that phones were the source of intel. 
• Legal policy by country to monitor phones that were designed for criminals but where police could not identify who was being monitored before they started using one. 
• Insights into joint police operations and law enforcement’s technological strategies.
• Broader questions of law enforcement’s role in criminal infrastructure.

The sting operation was groundbreaking because the FBI didn’t gain access to ANOM’s systems; they ran the company. The phone’s selling features – encrypted messages, voice scrambling, removal of GPS tracking and camera and remote wipe – provided desired OPSEC for the criminals.  

As to how they accomplished this, here is a brief excerpt from the book: “Just a day or two after Ramos Afgoo was caught, Young (FBI agent)  got a voicemail from Afgoo’s attorney. He was headed to the US. Once the attorney landed and met with Young and the team in San Diego, he offered a menu of different items that Afgoo could help with. One of those was Afgoo’s in-development phone, Anom. In a pitch that could have been a Silicon Valley PR event, the lawyer made the case that Anom was going to be the next generation of encrypted phone. Afgoo had already poured a substantial amount of his own money into Anom’s development and had planned it to be a successor to Phantom Secure. All the infrastructure for the phone network was ready to go. Afgoo, through his lawyer, was in effect making an extraordinary offer: Would the FBI like to use Anom in its own investigations? Would the FBI like to control Anom? In exchange for the possibility of a reduced sentence related to charges he was facing, that is.” 

While Anom was the focus, there were a number of companies focused on providing secure phones to criminals that were involved in police actions, including: Phantom Secure, EncroChat, Sky EEC, Ennetcom and MPC. The major expectation was none of the phones were in the U.S.; due to legal restrictions, the FBI could not get warrants. This list is a small sample of the criminal hardware technology as a service (i.e., phones, servers and botnets) that exists today.  

We can take a couple of lessons from the book: First, criminals had complete faith in the security of these phones, and I think right now a lot of us have complete faith in the security of our encrypted apps, especially the more popular ones. We probably shouldn’t; you should still be practicing good OPSEC even when you believe your communications are encrypted. Because Operation Trojan Shield was a success, there will be more like it. Nations, law enforcement agencies and criminals will break into the back-end infrastructure and farm data anywhere it’s in the clear. Second, we need to think about how malicious actors or employees can use the same OPSEC (encryption or deception) against our organizations. 

Unfortunately, the biggest sting in history did not make a macro-level dent in the drug trade. Rather, it was little more than a rounding error when looking at the international narcotics trade.