The Criminals Thought the Devices Were Secure. But the Seller Was the F.B.I.

MELBOURNE, Australia — The cellphones, procured on the black market, performed a single function hidden behind a calculator app: sending encrypted messages and photos.

For years, organized crime figures around the globe relied on the devices to orchestrate international drug shipments, coordinate the trafficking of arms and explosives, and discuss contract killings, law enforcement officials said. Users trusted the devices’ security so much that they often laid out their plans not in code, but in plain language, mentioning specific smuggling vessels and drop-off points.

Unbeknown to them, however, the entire network was actually a sophisticated sting run by the F.B.I., in coordination with the Australian police.

On Tuesday, global law enforcement officials revealed the unprecedented scope of the three-year operation, saying they had intercepted over 20 million messages in 45 languages, and arrested at least 800 people, most of them in the past two days, in more than a dozen countries. Using the messages, U.S. court papers say, the authorities have opened a barrage of international investigations into drug trafficking, money laundering and “high-level public corruption.”

The operation, code-named Trojan Shield, represented a breakthrough for law enforcement, which has struggled in recent years to penetrate the increasingly high-tech covert communications of criminals. Although the authorities have cracked or shut down encrypted platforms in the past — such as one called EncroChat that the police in Europe successfully hacked — this is the first known instance in which officials have controlled an entire encrypted network from its inception.

Europol, the European police agency, described the effort as “one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities.”

“Countless spinoff operations will be carried out in the weeks to come,” Europol said in a statement. American law enforcement officials announced further arrests in a federal racketeering indictment unsealed on Tuesday.

In Australia, the effort ensnared domestic and international organized crime groups and outlaw motorcycle gangs, with more than 200 people arrested, officials said. In Sweden, the police arrested 155 people on suspicion of serious crimes and prevented the killing of 10 people, the authorities said in a statement. The operation also targeted Italian organized crime and international drug trafficking organizations, and hundreds more people were arrested in Europe.

“We have been in the back pockets of organized crime,” Reece Kershaw, the commissioner of the Australian Federal Police, said on Tuesday.

The F.B.I.’s operation, according to court documents that the Justice Department unsealed on Monday, had its origins in early 2018 after the bureau dismantled a Canadian-based encryption service called Phantom Secure. That company, officials said, supplied encrypted cellphones to drug gangs, like Mexico’s Sinaloa cartel, and other criminal groups.

Seeing a void in the underground market, the F.B.I. recruited a former Phantom Secure distributor who had been developing a new encrypted communications system called Anom. The informant agreed to work for the F.B.I. and let the bureau control the network for the possibility of a reduced prison sentence, according to the court documents. The F.B.I. paid the informant $120,000, the documents said.

Anom devices were cellphones that had been stripped of all normal functions. Their only working app was disguised as the calculator function: After entering a code, users could send messages and photos with end-to-end encryption.

Over three years, more than 12,000 Anom devices were sold to over 300 criminal syndicates operating in more than 100 countries, according to Europol. The devices cost varied by location but were generally sold, court papers say, on six-month subscriptions available for $1,700 in the United States.

Working with the Australian authorities, the F.B.I. and the informant developed a “master key” that allowed them to reroute the messages to a third country and decrypt them, ultimately intercepting more than 27 million messages.

The authorities also relied on the informant to get the devices into the highly insular criminal networks. The informant started in October 2018 by offering the devices to three other distributors with connections to organized crime in Australia.

A big break, law enforcement officials said, came when they were able to get one of the devices into the hands of Joseph Hakan Ayik, an Australian who fled the country a decade ago and whom the police believe has been directing drug imports from Turkey. Mr. Ayik was named as the top defendant in the racketeering indictment unsealed in San Diego along with 16 others from Australia, Finland, Sweden, Colombia, the United Kingdom and the Netherlands.

Jean-Philippe Lecouffe, deputy executive director of Europol, said the operation gave law enforcement “exceptional insight into the criminal landscape.”

Through the encrypted cellphones, criminals organized the shipment of cocaine from Ecuador to Belgium in a container concealed within cans of tuna, according to U.S. court documents. Cocaine was also trafficked in French diplomatic sealed envelopes out of Bogotá, Colombia’s capital.

The Australian authorities acknowledged that Anom had carried only a small percentage of the total volume of encrypted communications sent by criminal networks. But as recently as this spring, U.S. federal authorities sought to boost its market share. In March, for instance, prosecutors in San Diego indicted the leaders of one of Anom’s chief competitors, Sky Global, “driving their customer base” toward Anom, an F.B.I. official said on Tuesday.

Anom also had a built-in advantage: Those running it were able to listen — directly — to the target audience and give users what they wanted.

After users spoke of desiring smaller, newer phones, the authorities began to provide them.

Australian officials said they had revealed the operation on Tuesday because of the need to disrupt dangerous plots currently in motion and because of limited time frames for legal authorities invoked to intercept the communications.

Investigators also had pulled the plug on the Anom network because their wiretap authorizations were coming up for renewal and the sting had already gathered so much evidence, said Suzanne Turner, the special agent in charge of the F.B.I.’s San Diego office.

Trojan Shield was reminiscent of a much smaller F.B.I. sting — Operation Server Jack — that the bureau began more than a decade ago against the onetime leader of the Sinaloa drug cartel, Joaquin Guzman Loera, better known as El Chapo. In that operation, agents recruited Mr. Guzman’s personal I.T. employee to help them tap into the cartel’s network of an early generation of encrypted phones.

The Anom website previously displayed sleek graphics and glossy videos reminiscent of Apple ads. On Tuesday, it bore a new message: Users who wanted to “discuss how your account has been linked to an ongoing investigation” could enter their account details.

Europol said that in addition to the 800 arrests, including a handful of law-enforcement officers, operations conducted in the past days in 16 countries had led to 700 houses searches, the seizures of tons of drugs, 250 firearms, 55 luxury vehicles and $48 million in several currencies and cryptocurrencies.

Yan Zhuang reported from Melbourne, Australia, and Elian Peltier from London. Christina Anderson contributed reporting from Stockholm.