• D.C.
  • BXL
  • Lagos
  • Riyadh
  • Beijing
  • SG
  • D.C.
  • BXL
  • Lagos
Semafor Logo
  • Riyadh
  • Beijing
  • SG


Semaforum with Joseph Cox: ‘I was just blown away by its audacity’

Updated Apr 29, 2024, 6:04pm EDT
mediatechsecurity
Hachette Books
PostEmailWhatsapp
Title icon

Semaforum

Joseph Cox is the author of Dark Wire, the story of how police agencies took ran a communications network for criminals and then conducted the biggest sting operation in history.

Ben: How did you how did you come across this story?

Joseph: I’ve covered the shadowy industry of encrypted phones since 2016 at this point. These are like phones used by top-tier criminals. You know, us as reporters, we use Signal, Wickr, Wire. I mean, there’s too many apps. It’s exhausting, right? But criminals go and they buy these very expensive phones. And they’re very popular — very, very big drug deals are done on them.

AD

And then eventually, this app [ANOM] started to get popular among organized criminals, more people are flocking to it. Some of the biggest drug dealers in the world, like the worst, most-wanted man in Australia. And then eventually, in June 2021, the FBI reveals it was running it the entire time, since 2018.

I found out the moment everyone else did, in June 2021, and was just blown away by its audacity.

Ben: There’s a moment when the guy running ANOM comes to the FBI and says, “Okay, I’ve got an idea.” How did he get there?

AD

Joseph: I have to be a little bit careful on what I say, because this person has pissed off some of the most powerful criminal organizations in the world. There is almost certainly a hit out on him.

He was somebody who was working in that encrypted phone industry. Similar to a job in any other industry, sometimes you want to be the boss. Sometimes you want to spin out and make your own media company, sometimes you want to spin out and make your own encrypted phone company.

And he did that. But very soon after that, the FBI shut down Phantom Secure in 2018. They arrested the CEO, who ended up getting a lot of time in prison. And it seems that they were worried that they may face the same fate.

AD

So they play this ultimate ace card, which is: “Hey, FBI, you’ve been annoyed by these phones for years. You can’t break through the encryption, you can’t read the messages. What if instead of you investigating a company, I just gave you a company and then you can grow it and you can figure it out? And then you can read all the messages by putting some special code in there.” And it’s hard to overstate how attractive that offer was to the FBI and the Australian Federal Police.

Ben: Was the FBI good at running a tech company?

Joseph: At first they had absolutely no idea what they were doing. Obviously, they don’t run tech startups and they don’t run tech startups for criminals. But what they had done was by investigating Phantom Secure, they figured out what they needed. They needed customer support. They needed developers to make a good product. And they needed to introduce more and more features. So they did get very good at it — better almost than some of the players in the space. It was 12,000 devices in total, and Phantom Secure was about 10,000. And that was an actual criminal tech startup.

They had to deal with the same sorts of issues. There’s a scene in there where they’re running out of phones, and the FBI has to fly a Gulfstream jet across to Europe with duffel bags full of Google Pixels, because they’re like, “Crap, we’ve run out of stock, we’re too hot.”

Ben: I think of you as part of a culture of journalism and politics that’s very concerned about surveillance. But I read this book, and I thought, “Wow, the cops are good. Surveillance is good.” Did it change your mind?

Joseph: I’m sure people who are generally supportive of law enforcement will read it and go, “Wow, that was really sick!” And then some privacy people will say, “Oh my God, this is terrifying.”

As you say, I’m very generally pro-privacy. I don’t own a mobile phone. I use an iPad Mini for my communications. My partner hates me.

Ben: You don’t own a mobile phone? Do you hold the iPad Mini to your face like it’s a phone?

Joseph: No, no, no, I have AirPods, thank God. But I covered phone network security. I have hackers who are good at taking over phone numbers, and we annoy them specifically. And one way to mitigate that is by not having a mobile phone. And I know that is insane. And this is extreme. But when you’ve been doing it for, I don’t know, six, seven, maybe more years at this point, like I’m very used to it, just using public Wi-Fi and that sort of thing.

Ben: You wrote about a hardware ecosystem of encrypted phones that has mostly shifted to a software ecosystem of apps like Signal and Whatsapp and Telegram. Are these things really encrypted? Or do they all have backdoors?

Joseph: I generally think it’s true. I use Signal, just for example, not to endorse it. And I read a ton of court records. Murder-for-hire stuff. Child abuse imagery, cryptocurrency, money laundering. And the cops are pissed off, and they’re saying they can’t read the Signal messages. Now, look, maybe there is some super-extra-secret capability and NSA can crack encryption on something. But there’s no evidence of that. And I don’t think the cops can access it through a backdoor.

Ben: What about Telegram?

Joseph: Telegram is very interesting, because I don’t think that cryptographically it is that secure. People do DMs and they say, “It’s end-to-end encrypted.” No, you need to turn that on. And even the criminals I speak to, they don’t turn it on.

Maria: What do you think journalists need to be concerned about in terms of surveillance from government agencies?

Joseph: I think it is how surveillance can later be applied in different contexts. The NSA or FBI is sweeping up all these phone calls and it’s like, ”OK, doesn’t really seem to apply to me.” And then maybe there’s a crackdown on journalism. You have to look at the surveillance capability, and not just necessarily think about how it’s being used in that moment, but how it can be used next week, a month later, a year later, and an administrative term later.

And then the other thing I would just say is that — and this is more to you, as journalists — I’m actually much more worried about the threats of like, random psychos than I am about the government. I deal with a lot of hackers who are technically sophisticated, but they want to throw a brick through your window, or they want to throw a fire-bomb into your apartment.

AD