A G-Man's Guide to Influence Marketing

So It Turns Out, #29

Jun 10, 2021

Hi,

So here are some things I’ve been thinking about this week.

So It Turns Out the FBI Ran An Encrypted Chat App

In news that can best be describe as, “lol,” it turns out that the FBI, with cooperation from a range of international partners, launched and ran an encrypted chat app allegedly used solely by criminals.

Why did the criminals not just, well, “Use Signal, Use Tor” but rather demand custom devices? Thegrugq explains:

thaddeus e. grugq @thegrugq

@countrmeasure Because of complex issues with how criminals think and how networks work. They should use Signal and a simple android phone, but they don’t because they face network effects to move to Signal. Until everyone is using Signal they can’t start using Signal

And why does the network not start on Signal in the first place? Because they do not, currently, believe that beating up Moxie Marlinspike of Venice, CA, will meaningfully coerce Signal’s staff:

thaddeus e. grugq @thegrugq

@countrmeasure Their entire world is built on trust. You can’t punish open source if it betrays you, but you can punish someone who betrays you. Therefore it is safer to trust someone that you can retaliate against. — they have a very broken security model.

So, these criminals have a history of buying specialty, closed-source chat devices (usually stripped-down phones that can only run the messaging app, and maybe don’t even have microphones or phone antennas any more), and using them to communicate. And, hilariously, these apps keep on getting busted by the authorities, so there’s always demand for a new one.

But in order for this sting operation to work, you have to build a real company, with a product that (mostly) really works. You have all the problems a real company does, like fixing bugs, making sales calls, doing customer support, and making payroll. And as Vice reports, to convince your criminal users to trust you, you have to, and I can’t believe this is a sentence I’m really writing, engage in criminal influencer marketing:

But beyond using those highly incriminating messages for drug importation or other investigations, the DOJ is also charging the people who worked for Anom, albeit those who likely did not know Anom was secretly run by the FBI.
Those staff included "administrators" who were able to set up new subscriptions for customers, remove accounts, and remotely wipe the devices. As well as removing the microphone and camera functionality, some firms in the encrypted phone space can remove data from a device in case it is seized by law enforcement. The indictment says that Anom staff obstructed law enforcement by carrying out such wipes.
The workers also included "influencers," which the indictment says were "well-known crime figures who wield significant power and influence over other criminal associates. These influencers have also built a reputation for their knowledge and expertise in the hardened encrypted device field and use that power, knowledge, and expertise to promote, market, and encourage others to use specific hardened encrypted devices."

We’re not Going Dark… just yet

Okay, so how did the G-Men pull it off? After busting the sellers of other devices, they allegedly got a confidential source to launch a new competing product, called Anom, with a soft-launch in October 2018. Imagine you have two users, called by cryptographic convention “Alice” and “Bob.” Alice tries to message Bob, “Hello, I would like to sell you the cocaine.” Well, Anom sends the message to Bob’s Anom phone, and it does encrypt it. But it also separately encrypts a copy of the message with a different key that Alice and Bob don’t have, and sends it to an “Eve” server that is silently listening, and run by the FBI in partnership with some other nation, and forwards it along to the FBI.

In what is now clearly too-fucking-coincidental timing, the UK’s Ian Levy of its National Cyber Security Center had floated in November 2018 a proposal to do basically this for all legitimate encrypted apps by force of law by adding “ghost users” to every one of your encrypted conversations on iMessage, Signal, or any other encrypted messenger app.

But nonetheless, the Feds complain — constantly! — about “Going Dark,” their fear that the unprecedented level of surveillance they have over criminals due to our electronic emissions might become slightly less. And, well, we have the right to be skeptical:

thaddeus e. grugq @thegrugq

Given how successful the AN0M backdoor was, I can’t believe that the Feds still complain about encryption. It seems like encrypted phones are the best thing to ever happen to law enforcement.

Riana Pfefferkorn @Riana_Crypto

My spouse, on the Anom story: "Why push to make E2EE illegal, when you can use E2EE's legality as cover to run a honeypot service that *claims* to be E2EE and get organized criminals to use it? Honestly, I'm impressed."

Seamus Hughes @SeamusHughes

Let's advance the story a bit w/ some original reporting: An FBI informant introduced Anom to Phantom Secure & Sky Global users in 2018. The informant gave each user a unique ID number, the FBI had full access to that ID list. Working w/ AFP, it was called Operation Trojan Horse https://t.co/iH4GaTGF60

And, just in case you didn’t have enough nightmare fuel yet…if Western democracies see the value in hacking encrypted chat used by criminals, what do you think nation-states are willing to do to get into more common encrypted services like the iMessage app on your phone? Sure, they may face some challenges doing that under their current oversight, but how sure are you?