Australian cops, FBI created backdoored chat app, told crims it was secure – then snooped on 9,000 users' plots - The Register

Posted: 07 Jun 2021 06:53 PM PDT

The Australian Federal Police (AFP) has revealed it was able to decrypt messages sent on a supposedly secure messaging app that was seeded into the criminal underworld and promoted as providing snoop-proof comms.

The app was in fact secretly built by the FBI, and designed to allow law enforcement to tune into conversations between about 9,000 users scattered around Earth.

Results in Australia alone have included over 500 warrants executed, 200-plus arrests, the seizure of AU$45m and 3.7 tonnes of drugs, and the prevention of a credible threat to murder a family of five. Over 4,000 AFP officers were involved in raids overnight, Australian time. Europol and the FBI will detail their use of the app in the coming hours.

The existence of the app — part of Operation Ironside, which quietly began three years ago — was revealed at a press conference in Australia today, where AFP commissioner Reece Kershaw said that, during informal meetings over beers, members of the AFP and the FBI cooked up the idea of creating a backdoored app. The idea built on previous such efforts, such as the Phantom Secure platform.

The app, called AN0M, was seeded into the organised crime community. The software would only run on smartphones specially modified so that they could not make calls nor send emails. These handsets were sold on the black market between criminals as secure messaging tools. The app would only communicate with other AN0M-equipped phones, and required payment of a monthly fee.

"We were able to see every handset that was handed out and attribute it to individuals," Kershaw said.

"Criminals needed to know a criminal to get a device," reads the AFP's announcement of the operation. "The devices organically circulated and grew in popularity among criminals, who were confident of the legitimacy of the app because high-profile organised crime figures vouched for its integrity."

But the software had a backdoor. Commissioner Kershaw said the organisation he leads "provided a technical capability to decrypt the messages," and that as a result his force, the FBI, and Europol were able to observe communications among criminals in plain text.

"All they talk about is drugs and violence," Kershaw said. "There was no attempt to hide behind any kind of codified information." Intercepts included comments about planned murders and information about where and when speedboats would appear to shift contraband.

Kershaw said the surveillance enabled by the app is legal under the terms of Australia's Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. Law enforcement agencies in other jurisdictions also had legal cover for their use of the software.

However, some of those authorities were set to expire. That, and an operational decision to end the operation due to the opportunity to act on intelligence gathered using AN0M, led to today's disclosures.

AN0M gave us insights we never had before

"The use of encrypted apps represents significant challenges," Kershaw said. "AN0M gave us insights we never had before."

The commissioner acknowledged that criminals will now adjust their behaviour as a result of this news, but suggested the AFP is working to develop similar capabilities. "This was a small platform. We know there are bigger ones. We will ensure we have the technology to disrupt criminals."

FBI International Operations Division legal attaché for Australia Anthony Russo offered similar comments, saying: "Criminals should be on notice that law enforcement are resolute to continue to evolve our capabilities."

Kershaw somewhat smugly suggested that organised crime will take a while to bounce back from this operation, as intercepts of AN0M conversations suggest that arrests made before the app was revealed have sparked internecine warfare and revenge plots.

By the way, it turns out someone was able to figure out the FBI's ruse in March this year, though they thought the software had been backdoored by its makers and not the Feds. A blog post describing the workings of the code was later deleted. ®

Apple's commitment to privacy expands in iOS 15 - Android Police

Posted: 08 Jun 2021 04:37 AM PDT

Article Contents

Google was recently lauded for its efforts to make Android a more privacy-driven platform. These changes are obviously a welcomed sight, and we've been wondering how Apple would respond. No longer just a flashy phrase you'll see on an Apple keynote slide, privacy has since become a cudgel to beat Google with every time it's found doing something sketchy. Here are just some of the ways Apple's new privacy features steal Android's lunch and eat it, too.

IP address masking

Just like with your home or work address, every device you use and your data connections have their own associated IP addresses that identify them across the web. To help shield these pieces of vital information from wandering eyes, Apple's adding IP address masking to both the Mail app and Safari. Not only does this make it difficult for the websites you visit or the emails you open to track your location, but it makes it harder for them to follow your online activity, as well.

App privacy reports

The new app privacy reports that are coming to iOS 15 this fall will be a huge boon for users. This new page within the Settings app will allow you to see how apps treat your privacy, listing critical information like how they track your location or if they have access to your photos, camera, or microphone. It will also show you how often apps use the permissions you've approved, as well as a list of all the third-party groups your information has been shared with.

Siri's going offline (finally!)

Nearly a decade after Siri launched on the iPhone 4S, Apple's finally giving it the ability to work without an internet connection via on-device processing. Not only does this ensure that many of your queries aren't transmitted to an Apple server for deciphering, but it also helps Siri carry out commands faster than before. Keep in mind, though, offline Siri support only works for system-level requests, like opening apps or adjusting settings. If you have a question that requires a web search, Siri will need to access the internet to complete it.

iCloud enhancements and iCloud+

As the backbone for all of Apple's connected services, iCloud is getting some huge privacy improvements this year. For starters, you can set your trusted contacts as recovery contacts, allowing them to receive authentication codes to help you get back into your Apple account if you get locked out.

Then there's Digital Legacy, a new feature that allows a close friend or family to take control of a loved one's iCloud account once that person has passed away. This allows that person's photos, passwords, and other important documents to be secured and preserved for a beneficiary.

Paid iCloud accounts are going to be converted into iCloud+ accounts at no extra charge. iCloud+ includes a VPN-like Safari service that utilizes two encrypted internet relays that mask your browsing activity from internet providers, websites, and even Apple itself. iCloud+ users can also set up an unlimited number of alias iCloud email addresses to be used for all of your junk mail needs. Finally, iCloud+ users can connect with an unlimited number of HomeKit-compatible security cameras around your home, which can save all the footage they record to your iCloud account for free.

Other notable privacy features found in iOS

These changes join an array of other privacy-focused features Apple's added to iOS over time. For example, app privacy "nutrition labels" force app developers to disclose the personal information they track and how it's used. Anti-cross-site tracking in Safari keeps advertisers from following you around the web as you browse. Apple also utilizes end-to-end encryption for its connected services, like iCloud, iMessage, and FaceTime.

More WWDC 2021 coverage

Want even more WWDC goodness? Check out our complete coverage of the event, including the latest software updates, feature announcements, and more.

Search This Blog

Android Full Encryption