When the take-down of one company that provided encrypted communication devices saw the birth of another, the FBI realised that creating an encrypted device of its own could solve many problems.
By Subhash Jangala
The Trojan war is a part of Greek mythology. When a young prince of the city of Troy (in modern day Turkey) elopes with the Spartan queen, the Greeks take offence. A siege is laid to the city of Troy but doesn’t cause much headway for 10 long years. The Spartans, as a final gambit, decide to dupe the trojan soldiers. They construct a mammoth wooden horse, hiding in it several of its best soldiers. On the chosen day, the Greeks pretend to retreat and leave behind the horse as a parting gift to the trojans to allow the greeks sail back safely to their homeland. The trojans fall for the bait and pull the wooden horse into the city as a trophy. In the darkness of the night, the hidden soldiers creep out of the horse, force open the gates of the city and beckon the waiting army that had sailed back to Troy’s shores in the dead of the night. The city of Troy is destroyed and the war ends.
The phrase Trojan Horse has since been used as an idiom to describe a deceptive ploy that involves a disguised breach followed by a chaotic, often destructive aftermath. More recently, the phrase has been used to describe malicious software programs which are intended to deceive unassuming users who click open e-mail attachments or files. The software program then creates a back-door in the user’s computer providing illegal access of the computer to the perpetrator.
In October 2018, the Federal Bureau of Investigation of the United States, unleashed a Trojan Horse on transnational crime organisations across the world and since probably, the intentions were noble, the FBI named the covert investigation, Operation Trojan Shield.
FBI’s focus was the sale of encrypted communication devices. Certain companies across the world specialized in the sale of modified Samsung and Blackberry devices. The USP of these devices was communication that could not be listened to by any government agency. As an example, SMS messages, in their standard form are not encrypted. So with a little effort, the content of an SMS and the phone numbers of the sender and the recipient can be easily spied on by the mobile carrier or by the government. A consumer or supplier of narcotics, or a viewer of child pornography or a human trafficker wouldn’t be too comfortable SMSing his upstream or downstream agents. So he prefers devices that provided encrypted communication. Wherein his messages and emails cannot be read by anyone other than the holder of the destination phone. These phones often had their GPS, cameras and microphones removed which would make them unhackable and/or untraceable by investigators. There would just be one application in the phone and that would be a messaging application with proprietary encryption software. These devices didn’t come cheap. They costed thousands of dollars every year in subscription fees.
The take-down of one company that provided encrypted communication devices saw the birth of another. This was when the FBI realized, that creating an encrypted device of its own would solve many problems.
The FBI took the services of a convicted criminal who offered to cooperate in return for a reduced sentence. The FBI funded the development of “Anom”, a device that was marketed as the next-gen fully encrypted anti-hack device. After FBI’s take-down of other devices in the market, there was a raging demand for such devices in the market. The device grew organically amongst drug traffickers, money launderers and criminal organisations. Anom covertly attached a master key to the messages sent from the device which allowed the FBI to decrypt the message and store it in a database with details of sender, timestamp and recipient.
Using Anom, the FBI was able to identify the modus of the drug cartels and intercepted sea cargo accurately recovering huge hauls of narcotics that were being transported through cans of tuna, bags of rice, bunches of bananas among others. The FBI coordinated with law-enforcement agencies across 16 countries and helped arrest close to 800 criminals in June 2021 who were caught using Anom for drug trafficking and money laundering.
Lessons for India
FBI’s assessment of Anom proliferation across the world included a certain number of units operating in India. While the details have not emerged, India will not be immune to the use of encryption for crime. In this background, Rule 4(2) of the recently issued Intermediary Guidelines by the Ministry of Electronics and Information Technology is significant. It requires social media companies to be able to identify the first originator of any piece of information. This is essentially providing the government a tool that “looks-through” encryption when an order is passed in this respect in cases where certain kinds of serious offences are committed or are expected to be committed. In addition to providing the government with reasonable control, this rule also provides several protections to the social media companies against abuse of the rule.
Secondly, Internet of Things has been blowing up significantly with smart cameras, smart TVs, smart bulbs and smart locks, all connecting entire houses to the internet and unwittingly making entire lives vulnerable to trojan horses. In addition, as technology seeps deeper into our strategic infrastructure like transmission grids, oil pipelines, tolls, banks, financial institutions and power generation facilities, the functional integrity of modern society’s most critical nodes gets questioned. As a country with two hostile neighbours on our borders, it is imperative that policies on cyber-threats are reassessed for their efficacy in the face of the fast-emerging philosophy of weaponization of technology.
(The views expressed in the Article are those of the author and do not represent the views of the Government of India. The author is a 2011-batch IRS officer and is presently posted as Joint Director (OSD) in the Directorate General of Administration and Taxpayer Services at New Delhi.)