fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI and AFP Created a Fake Encrypted Chat Platform to Catch Criminals

FBI and AFP Created a Fake Encrypted Chat Platform to Catch Criminals

In the “largest and most sophisticated law enforcement operations to date,” a joint international law enforcement created a fake end-to-end encrypted chat platform designed solely to catch criminals.

The FBI and the Australian Federal Police started cooperating three years ago in Operation Ironside (aka Operation Trojan Shield), creating a fake encrypted messaging platform called Anom that was sold exclusively to criminals, allowing law enforcement to listen in on their messages and conversations.

“Since 2019, the US Federal Bureau of Investigation, in close coordination with the Australian Federal Police, strategically developed and covertly operated an encrypted device company, called ANOM, which grew to service more than 12 000 encrypted devices to over 300 criminal syndicates operating in more than 100 countries, including Italian organised crime, outlaw motorcycle gangs, and international drug trafficking organisations,” says a press release by Europol.

After reviewing 27 million messages where criminals discussed their activities on the Anom platform, law enforcement was able to arrest 800 people and seize 8 tons of cocaine, 22 tons of cannabis and cannabis resin, 2 tons of synthetic drugs (amphetamine and methamphetamine), 6 tons of synthetic drugs precursors, 250 firearms, 55 luxury vehicles and over $48 million in various worldwide currencies and cryptocurrencies.

Europol states that the following countries participated in the international coalition: Australia, Austria, Canada, Denmark, Estonia, Finland, Germany, Hungary, Lithuania, New Zealand, the Netherlands, Norway, Sweden, the United Kingdom incl. Scotland, and the United States.

The AFP released the following explainer video to explain how the operation was conducted.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

The Anom platform created to snare criminals

Criminal organizations commonly use hardened encrypted messaging platforms to prevent law enforcement from monitoring their communications. 

In 2018, the FBI arrested the CEO of encrypted messaging platform Phantom Secure for marketing customized communication devices to criminal organizations and aiding them in their illegal activities.

The FBI states that after the arrest, they recruited a Confidential Human Source (CHS) who had previously distributed Phantom Secure and Sky Gobal communication devices and was creating their own “next generation” communications device.

According to court documents filed by the FBI and unsealed yesterday, the CHS agreed to work with the FBI in the hopes of a reduced sentence and helped the FBI and the AFP to create a new encrypted messaging platform called Anom.

The CHS also agreed to market the Anom devices to distributors who are known to work with criminal organizations.

To help promote the devices, the operation created the website Anom.io that included a teaser video illustrating the customized messaging device.

When Anom users sent messages, the device would quietly attach a master key to each message that allows law enforcement to decrypt and view the sent messages.

“Before the devices could be put to use, however, the FBI, AFP, and the CHS built a master key into the existing encryption system which surreptitiously attaches to each message and enables law enforcement to decrypt and store the message as it is transmitted. A user of Anom is unaware of this capability.”

“By design, as part of the Trojan Shield investigation, for devices located outside of the United States, an encrypted “BCC” of the message is routed to an “iBot” server located outside of the United States, where it is decrypted from the CHS’s encryption code then immediately re-encrypted with FBI encryption code.”

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

“The newly encrypted message then passes to a second FBI-owned iBot server, where it is decrypted and its contents available for viewing in the first instance.”

The US Attorney’s Office for the Southern District of California will be live-streaming a press conference at 11 AM EST regarding Operation Trojan Shield.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us