FBI's Backdoored Anom Phones Secretly Harvested GPS Data Around the World

Anom, an encrypted phone company marketed to criminals which the FBI secretly took over, surreptitiously recorded every message sent by the phones’ users. But the truly global undercover operation had another secret: The phones also collected users' precise GPS location and transferred that information to authorities, according to multiple documents reviewed by Motherboard.

The news provides more clarity on the scope and capabilities of the backdoor managed by the FBI. So far the operation, known as Trojan Shield in the U.S. and Ironside in Australia, has led to hundreds of arrests worldwide and disrupted organised crime, with major drug traffickers now either arrested or on the run.

One document reviewed by Motherboard is a set of thousands of pages of Anom messages sent by an alleged drug trafficker who was arrested during the operation. Next to many of the messages, which are sorted in a spreadsheet, is the alleged GPS location of the phone recorded when the message was sent. This also includes when the alleged trafficker sent a photo or other file attachment across the Anom platform.

A note written by authorities accompanying the material says that the Anom system was designed to always record this location information with the message data. Sometimes the system failed to record that data, the note adds. But during the operation, authorities confirmed in multiple cases that the successfully harvested GPS coordinates are generally reliable, because they accurately match location data collected in other ways, the note says. That, and there are also numerous cases where the actual content of the message, such as a photo, lines up with the GPS data, it adds.

Motherboard also obtained a series of screenshots that purport to show GPS coordinates being transferred from Anom devices in the system’s backend infrastructure.

In a marketing message Anom sellers sent to potential and new clients and obtained by Motherboard, Anom said its phones not only had location services disabled, but that all code governing their use was removed from Anom’s custom operating system called ArcaneOS.

In the settings for an Anom device obtained by Motherboard, there is no option to turn location services on or off. To the user, it appears that the phones are not collecting or using location information at all.

In 2018, the FBI arrested Vincent Ramos, the CEO of Phantom Secure, which was an established vendor in the encrypted phone industry. After that arrest, a confidential human source (CHS) offered the FBI their own in-development encrypted phone firm called Anom, Motherboard reported in July. Authorities and the CHS then introduced the backdoor to secretly capture users’ messages.

After the Phantom Secure shutdown, criminals moved to other platforms, including Anom. Then in 2020 and 2021, European authorities launched technical operations against two other providers called Encrochat and Sky. The U.S. Department of Justice also indicted Sky’s CEO Jean-François Eap. After both of these operations, which each obtained hundreds of millions messages from the respective platforms, more users migrated to Anom, catapulting its popularity in the criminal underworld. Eventually, Anom was a global enterprise with around 11,800 phones, according to court records.

In December Motherboard published material from inside Anom itself, including a video of an Anom seller loading phones with ArcaneOS. Other files showed the bureaucracy and structure of Anom: Workers recorded the number of devices to be shipped to various countries and to which distributors, such as 200 phones to a seller in Australia, or 60 for another in Sweden. Court records say that the CHS controlled the distribution of Anom devices in consultation with the FBI.

That file showed it was also edited by Hakan Reis, also known as Hakan Ayik. Ayik is an alleged drug trafficker who became famous in Australia for flaunting his wealth and successful escape from the authorities on social media. After announcing Operation Trojan Shield, the Department of Justice unsealed an indictment against Ayik and over a dozen other people who allegedly helped sell Anom phones.

The FBI declined to comment on the Anom devices also harvesting GPS data. Kelly Thorton, director of media relations at the U.S. Attorney’s Office for the Southern District of California, also declined to comment.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.