Journalists Analyze the Source Code of Anom Messenger Created by the FBI
Last year, it was revealed that law enforcement agencies had created and operated their own encrypted communication platform, Anom, for several years. Similar to Encrochat and Phantom Secure, Anom was used to monitor all communications among criminals. Journalists from Vice Motherboard obtained access to Anom’s source code and explained how the app functioned.
Previously, we covered the large-scale operation known as Trojan Shield (also called Greenlight and Ironside by some agencies), which concluded last year with reports from the FBI, Europol, and intelligence services from other countries. As part of this operation, law enforcement developed and maintained the encrypted messaging platform Anom (also referred to as An0m or Anøm in various agency reports). This communication tool became extremely popular among criminals worldwide, allowing authorities to monitor all their communications.
Over the years, law enforcement managed to distribute more than 12,000 “secure” devices running Anom to criminals in over 100 countries. The operation resulted in more than 1,000 arrests, including major drug traffickers, and searches led to the seizure of large quantities of weapons, cash, drugs, and luxury vehicles.
How Anom’s Source Code Was Analyzed
According to Vice Motherboard, they recently obtained the source code for the Anom app from a source who wished to remain anonymous. The publication decided not to release the source code, as it contains information about the people who worked on the app. Most of the developers were unaware that Anom was a secret FBI project for monitoring organized crime, and revealing their identities could put them at risk. This situation arose because Anom originally existed as an independent company before law enforcement took control, and the coders hired by the company’s founder worked on early versions of the app before the FBI secretly took over.
This aspect of Anom’s development has been criticized by the Electronic Frontier Foundation (EFF). Senior technologist Cooper Quintin commented, “It’s like if Raytheon hired a neighborhood fireworks company to make rocket detonators, but didn’t tell the people they were making rocket detonators.”
How Anom Enabled Surveillance
Journalists, with the help of several cybersecurity experts, discovered that Anom used a special “bot” to duplicate all criminal communications to authorities. The messenger’s code included a special “ghost” contact, hidden from users’ contact lists and operating in the background. When the app scrolled through a user’s contacts and encountered the bot’s account, it filtered it out and removed it from the user’s view.
The idea of such “ghost” contacts had been discussed before. For example, in a 2018 article, staff from the UK’s GCHQ intelligence agency wrote that “a provider could silently and easily add a law enforcement officer to a group chat or call,” noting that end-to-end encryption would still be preserved, but there would be an invisible participant in the conversation.
It was also found that Anom attached location information to any message sent to the mentioned bot, and the AndroidManifest.xml file (which shows what permissions the app requests) included the ACCESS_FINE_LOCATION permission.
Technical Details and Code Quality
Most of Anom’s code was copied from an unnamed open-source messaging app. As a result, Anom’s codebase is quite messy, with large sections commented out, and the app constantly writes debugging messages to the device itself.