The Australian Federal Police made global news this week with the revelation its Operation Ironside helped sting organised crime gangs around the world.
This was part of a broader, three-year operation with the FBI and other law enforcement agencies. Home Affairs Minister Karen Andrews described it as the “most significant operation in policing history here in Australia”.
How did it start?
Operation Ironside started with an investigation and closing down by the FBI of a company called Phantom Secure in 2018.
The Vancouver-based company provided modified Blackberry phones that operated on an encrypted network that could not be decrypted or wire-tapped by police. These devices were used exclusively by criminal networks to conduct various criminal enterprises on a global scale.
Clients included the Mexican Sinaloa drug cartel and the Hells Angels outlaw motorcycle gang in Australia. Some 20,000 devices were believed to be in use at the time the company’s CEO, Vincent Ramos, was arrested in February 2018.
Next, the AFP and FBI worked together to fill the void left by Phantom Secure with a new encrypted device named AN0M.
Read more: How an app to decrypt criminal messages was born 'over a few beers' with the FBI
Under Operation Trojan Shield, police distributed AN0M among criminals, using a confidential human source — a convicted narcotics importer. This source had been working with FBI agents since 2018 in exchange for the possibility of a reduced sentence for other charges he was facing.
This source has previously distributed Phantom Secure devices and agreed to distribute the devices to his existing network of distributors and clients.
As the AFP explained:
You had to know a criminal to get hold of one of these customised phones. The phones couldn’t ring or email. You could only communicate with someone on the same platform.
Little did criminals know that law enforcement and the source had built a master key into the existing encryption system. This master key surreptitiously attached to each message, enabling police to decrypt and store messages as they were transmitted. So, AN0M was a Trojan horse, not with Greeks inside, but law enforcement.
Court records unsealed this week provide a fascinating insight into how the operation unfolded.
In October 2018, the source distributed 50 devices to targets in Australia. In this test phase, Australian police saw 100% of the AN0M users were using the app for criminal activity.
Intercepted conversations also showed targets were willing to provide the devices to senior members of organised crime groups overseas. So, a global criminal investigation was now underway.
Since October 2019, the FBI has catalogued more than 20 million messages from a total of 11,800 devices in more than 90 countries. The top five countries where AN0M devices are currently used are Germany, the Netherlands, Spain, Australia, and Serbia.
With the assistance of Europol - the European Union’s law enforcement agency — the FBI identified more than 300 transnational organised crime groups using the AN0M devices for criminal enterprises.
The sophistication of the criminal operations is revealed by the fact criminal organisations compartmentalised their activities with multiple brands of hardened encrypted devices.
For example, some users assigned different types of devices to different parts of drug trafficking transactions. In some instances, AN0M was used for the logistics of the drug shipments, but Ciphr or Sky were used to coordinate the concealment of the illicit proceeds.
This compartmentalisation shows how connected the encrypted communications device industry is to organised criminal activity.
Implications for Australia
The haul from Operation Ironside is impressive.
It has led to the arrest of 224 offenders on 526 charges in every mainland Australian state. Since 2018, 3.7 tonnes of drugs, 104 weapons, A$44,934,457 million in cash, and assets worth millions of dollars have been seized.
The AFP also responded to 20 threats to kill, potentially saving the lives of innocent bystanders, with intelligence referred to state police. For example, last week, police rescued former bikie Dillon Mancuso, who was allegedly snatched from his Sydney home by a group of armed men.
The challenge ahead
But the operation has also shown how Australia has become a destination of choice for transnational organised crime groups.
In its annual report, the Australian Criminal Intelligence Commission notes about 70% of Australia’s serious and organised criminal threats are based offshore or have strong offshore links.
There is also a strong market for illegal drugs. As AFP Commissioner Reece Kershaw acknowledged:
Organised crime syndicates target Australia, because sadly, the drug market is so lucrative. Australians are among the world’s biggest drug takers.
Examples of this are the Mexican drug cartels expanding into Australia’s lucrative methamphetamine market.
Law enforcement should be congratulated for the outcome of this operation — but this is far from the end of their work. While we have dealt transnational organised crime a heavy blow, the war will continue as law enforcement seek to stay one step ahead in the race against organised crime.