It's a cops and robbers reboot

June 11, 2021

Peter Hartcher - The Sydney Morning Herald - Saturday 12 June 2021

The good guys announced that they’d struck two heavy blows against the bad guys this week. In the first, 9000 crooks from more than a hundred countries were revealed to have spent two and a half years conducting criminal transactions on a police communications network.They exchanged some 27 million messages confident that they enjoyed total impunity in the secrecy of an encrypted app, planning murders and drug shipments worldwide.

Police agencies, led by the FBI and the Australian Federal Police, were reading and recording every message sent on the An0m app.Revelations from the operation included abuse of French diplomatic pouches for cocaine running and involvement of corrupt US police officers in crime networks.

Twenty one planned murders were foiled in Australia alone as a result of the communications, according to the AFP, and another 10 in Sweden, according to the Swedes. Altogether, 100 killings were averted around the world, the FBI’s Canberra representative, Anthony Russo, told my colleague Fergus Hunter. The crooks didn’t know how or why their plans were coming undone.

In one case the AFP followed the chatter between members of a gang driving a man to a warehouse to be murdered. They organised police to make a spurious traffic stop to disrupt the killing, an Australian official tells me. In another, the AFP could see photos of a man about to be killed in a house and sent a police patrol on an ostensible noise complaint.

“We were able to actually see photographs of hundreds of tons of cocaine that were concealed in shipments of fruit,” a senior FBI official in The Hague, Calvin Shivers, told reporters. “The results are staggering.”This week the authorities wrapped up the operation and swooped. More than 800 people were arrested, including more than 250 in Australia and 35 in New Zealand. Europol described it as the “biggest ever law enforcement operation against encrypted communication”.“Essentially, they have handcuffed each other by endorsing and trusting An0m and openly communicating on it — not knowing we were watching the entire time,” said AFP Commissioner Reece Kershaw.The app had been installed on dedicated handsets, concealed within a calculator program that could only be opened with a secret code, and sold by unwitting crooks to each other as a trusted communications tool. The handsets were not capable of normal phone or wifi or messaging, supposedly to make them more secure. They were developed for the FBI by one of its informers, in exchange for money and the possibility of a reduced sentence.The app was tricked up by the AFP’s tech experts in a co-operative effort inspired by an informal chat with some FBI officers over beers. In all they needed three critical elements to make it work: access to the communications; the ability to read the messages “in clear” – that is, unencrypted text; and a way of transmitting the information to the authorities. The handset supplied the access point; sophisticated codes allowed the ability to read messages in clear text; and more sophisticated tech tricks allowed the information to be transmitted from the handest without the user being able to detect it.The Australians used the legal powers created by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, shorthanded as TOLA, to get computer access warrants to allow them to read the crooks’ communications. The Australians and Americans worked together to pool their different legal powers and tech abilities to make it work as a seamless international surveillance operation.

Once An0m was proven to work, police agencies in a total of 17 countries actively joined the US-Australian effort and the net brought in Mafia groups, Mexican cartels, Triad gangs and illegal bikie gangs. The operation was named Ironside in Australia, Trojan Shield in the US and Greenlight in Europe.

It’s the digital equivalent of an old-school ruse. It reminded Peter Dutton of an American police trick to bring in elusive criminals – the police would phone the suspect to tell them they’d won a prize in a lucky draw. “The crooks were too stupid to realise it was a con and when they turned up to collect their free toaster they’d arrest them,” the former home affairs minister told colleagues.

The app-equipped handset is the 21st century equivalent of the 20th century toaster, a lure to bring the mouse within the grasp of the cat.In the second blow we saw this week, the FBI went after a $US4.4 million ($5.6 million) ransom payoff made by a US oil and gas company to a Russian cybercrime gang, and managed to grab most of it back. Even though it was paid in the digital currency, Bitcoin.

This demolishes the long-lingering myth that digital currencies are anonymous, untraceable and somehow beyond the reach of the law.

In this case, the Russian-based DarkSide group inserted malicious “ransomware” code into the systems of the Colonial Pipeline company, which supplied 45 per cent of US east coast petrol, diesel and jet fuel. That crippled the company and the pipeline shut down, causing immense disruption to the fuel supply. Colonial paid $US4.4 million ransom in Bitcoin to get its operations up and running.The FBI followed the digital trail of the ransom payment to a digital “wallet” or account specified by DarkSide and was able to recover $US2.3 million. The traceability of the Bitcoin transaction did not surprise experts, but the fact that the FBI somehow had possession of a private digital access key did.Again, there is an old-school equivalent. When a ransom was paid in cash in the pre-digital era, the police would try to stake out the drop-off point and lie in wait for the crooks who came to collect the money.

In both cases revealed this week, it’s the eternal cops and robbers routine, the same old game of cat and mouse, but written in computer code.

The revelations flowing from both operations, widely publicised around the world, provide a forceful new argument in favour of equipping the state with new powers and tech abilities to stay apace of organised crime.They don’t fully satisfy the guardians of legal oversight, such as the Law Council. Its president, Dr Jacoba Brasch, QC, says that the level of disclosure from the authorities in the Ironside operation doesn’t justify the powers given to the police by the TOLA Act: “We have no information about which TOLA-related powers were used, how they were used, whether that use was in fact lawful and proper, and the extent to which the use of any of those powers contributed to the reported outcomes of the operations.”And, in particular, whether the powers “are proportionate to the legitimate objective to which they are directed”. She’s right that officialdom has not clearly spelled out enough detail to answer her concerns. Citing operational security, it does not intend to.

There are three bills before the Australian Parliament right now likely to be affected by the newly energised debate over police powers. The committee responsible for scrutinising such bills is the Parliamentary Joint Committee on Intelligence and Security, or PJCIS, one of the most effective and successfully bipartisan parts of the Australian legislature.

Its chair, Liberal Senator James Paterson, remarks: “Operation Ironside is a timely reminder of the sophisticated and constantly evolving tools criminals use to evade law enforcement, and the challenge Parliament faces in ensuring legislative powers keep pace.”For instance, there are many other encrypted apps running on dedicated devices and likely only being used by criminals. And they are not operated by the authorities, as far as we know. Some, like Ciphr, have many more subscribers than An0m had. Like An0m, they are distributed only by one criminal to another and can only be used to communicate with other subscribers on a closed system. In other words, there is a great deal more criminal activity organised through these systems; An0m was a small window into a vastly bigger underworld. But the authorities do not currently have the legal powers to break into them.So the Surveillance Legislation Amendment (Identify and Disrupt) Bill, now before the Parliament, is designed to give Australia’s authorities the powers they want to be able to crack such systems and to penetrate the dark web where the worst crimes are organised, perpetrated, bought and sold. Paterson’s committee hopes to finish its work on this bill later this year.

The committee on Friday continued its hearings into another bill before the Parliament, updating the Security of Critical Infrastructure Bill, to require utilities and essential services companies to demonstrate robust defences against cyber attacks, whether criminal ransomware like the DarkSide’s or Chinese or Russian government coercive attacks. And, in extremis, where the utility isn’t able to cope, to allow the Australian Signals Directorate to take control of their systems to restore services.Either way, the onus on scrutineers of state power is now heavier and the political argument in favour of enforcement is stronger.


An earlier version of this story said that Senator Paterson’s committee had sent the Surveillance Legislation Amendment (Identify and Disrupt) Bill to the government with 23 recommended amendments and was awaiting the government’s response. Infact, the committee hopes to finish its work on the bill this year.

Recent News

All Posts