How the FBI Launched a Startup for Drug Cartels and Read Their Messages for Three Years: The Anom Story

In June 2021, law enforcement agencies across 16 countries simultaneously carried out coordinated raids that resulted in more than 800 arrests, the seizure of 12 tons of cocaine, 1.5 tons of methamphetamine, 22 tons of marijuana, and over $30 million in assets. All of this was the culmination of a single operation, one of the most ambitious intelligence projects in history: the FBI had secretly built and operated an encrypted messaging platform called Anom, marketed specifically to criminal organizations, and had been reading every single message for three years.

The Fall of Phantom Secure

The story begins with another company. Phantom Secure, run by Canadian businessman Vincent Ramos, sold modified BlackBerry devices to criminals. The phones had their cameras, microphones, and GPS removed, and were loaded with encrypted messaging software. The company served around 10,000 users and generated millions of dollars in revenue, with its primary clientele being drug cartels.

In 2018, the FBI brought down Phantom Secure, arresting Ramos and shutting down the network. But the operation left a vacuum in the criminal communications market. Criminals who had relied on Phantom Secure were now scrambling for alternatives.

The Birth of Anom

Enter a cooperating source known in court documents as "Afgoo" — a developer who had previously worked on encrypted platforms for criminals. After Phantom Secure's collapse, Afgoo approached the FBI with a proposition: he had been developing a new encrypted communications platform and was willing to hand it over to the Bureau. In exchange, he received $178,000 and a reduced sentence for his own crimes.

The FBI did not merely adopt the platform — they built a backdoor directly into its architecture. The system used the XMPP messaging protocol, but every message was silently copied to an FBI-controlled server before being delivered to the intended recipient. It was, in essence, a blind carbon copy (BCC) system: the sender and receiver thought they were communicating privately, but every word was going straight to law enforcement.

The Hardware

Anom devices were Google Pixel phones (models 2, 3a, and 4a) and some Samsung Galaxy handsets, loaded with a custom operating system called ArcaneOS, based on GrapheneOS (an open-source Android hardening project). The devices featured several security theater elements designed to appeal to criminals:

• A randomized PIN pad during unlock to prevent shoulder-surfing
• A dual-PIN system: one PIN loaded the real environment; a second PIN loaded a set of decoy apps to show during a police inspection
• The messenger was hidden behind a calculator app — you had to type "2 × 2 =" to open it
• The marketing claimed the GPS was removed, but in reality it was forcibly enabled, sending location data to the FBI

The Distribution Strategy: A Real Startup Playbook

The FBI essentially ran Anom like a Silicon Valley startup, complete with a "seed round" and influencer marketing. The first devices were given free of charge to Domenico Catanzariti, an Australian organized crime figure, who became the first distributor. The goal was to seed the network with credible criminal users so that others would follow.

The true breakthrough came when Hakan Ayik, at the time Australia's most wanted fugitive, began enthusiastically promoting Anom within his criminal network. Ayik, who was unknowingly selected by the Australian Federal Police specifically because of his influence and trusting nature, became Anom's most effective brand ambassador. The network effect kicked in: people needed Anom to communicate with those who already had it.

Scaling Up

Distribution was managed through a network of resellers. Special Intel NUC computers, codenamed "Bladerunner," allowed distributors to flash up to 15 smartphones simultaneously with the Anom firmware. The devices were sold on a subscription model: around $1,700 for six months, including the handset, charger, and support.

Business boomed after law enforcement took down two competing platforms: EncroChat (dismantled by French and Dutch police in 2020) and Sky ECC (shut down in early 2021). Each takedown sent waves of paranoid criminals looking for a new secure platform, and many landed on Anom. The user base tripled to over 12,000 active devices.

The Legal Laundering of Data

The FBI faced a fundamental constitutional problem: the Fourth Amendment prohibits warrantless surveillance of U.S. persons. To work around this, they established an elaborate jurisdictional chain:

• A central interception server was placed in Lithuania, where a local court order authorized the collection of 100% of Anom traffic
• Custom scripts filtered out messages originating from U.S.-based devices
• Lithuanian authorities then transmitted the "cleaned" data to the FBI through a Mutual Legal Assistance Treaty (MLAT)
• For U.S. users whose messages were flagged as involving imminent threats to life, the Australian Federal Police monitored those segments under their own legal framework and shared intelligence back

Processing 27 Million Messages

The sheer volume of intercepted communications — 27 million messages in 45 languages — required sophisticated processing. The FBI deployed:

• AWS Translate for automated multilingual translation
• Dutch machine-learning models trained on data from the EncroChat and Sky ECC takedowns
• Semantic analysis systems that categorized messages as "pertinent," "non-pertinent," or "cannabis" (a separate category due to varying legal status)
• A real-time social graph visualization tool called "Hola iBot" that mapped relationships between users

What the FBI Saw

The criminals, believing their communications were completely secure, were astonishingly brazen. They shared photographs of massive drug shipments, discussed murder contracts, sent GPS coordinates of stash houses, and even photographed themselves with weapons and cash. The messages provided evidence of drug trafficking, arms dealing, money laundering, corruption of public officials, and contract killings.

The Ethical Dilemma

Perhaps the most troubling aspect of the operation was the constant tension between intelligence gathering and preventing harm. Agents could see crimes being planned in real time but had to weigh whether intervening would compromise the entire operation.

The operation did prevent approximately 150 planned murders. In one case, a kidnapping victim was photographed on an Anom device, and the GPS metadata embedded in the image enabled a real-time rescue.

But not every threat was intercepted in time. In September 2020, a 23-year-old named Sasha was murdered in Sweden. The killing had been discussed in Anom chats, but the information did not reach Swedish police quickly enough. This case became one of the most painful failures of the operation — the intelligence was there, but the bureaucratic machinery of international law enforcement cooperation moved too slowly.

Operation Trojan Shield: The Takedown

On June 7, 2021, the operation codenamed "Trojan Shield" (known in Australia as "Ironside" and in Europe as "Greenlight") went live. In a synchronized global action called "Follow the Sun" — timed so that raids began at dawn in each successive time zone — law enforcement struck across 16 countries.

The results:

• Over 800 arrests (more than 1,000 by some counts as follow-up operations continued)
• 12 tons of cocaine seized
• 1.5 tons of methamphetamine
• 22 tons of marijuana
• Over $30 million in cash and cryptocurrency
• Hundreds of weapons confiscated
• Over 150 murder plots disrupted

The Aftermath and Legal Battles

The operation's exposure fundamentally shattered trust in dedicated criminal communication platforms. Paradoxically, fleeing users migrated toward mainstream, open-source applications like Signal — the same platforms used by journalists, activists, and privacy-conscious ordinary citizens. Criminals learned that purpose-built "secure" platforms might be honeypots, and that hiding among the general population's communication tools offered better anonymity.

Defense attorneys immediately challenged the legality of the operation. Key legal questions included whether the FBI's jurisdictional workaround through Lithuania constituted an illegal end-run around the Fourth Amendment, whether the warrant requirements for domestic surveillance were properly met, and whether the evidence obtained through this scheme was admissible in court. Many of these challenges are still working their way through various national court systems.

Lessons Learned

The Anom story is remarkable not just as a law enforcement operation but as a case study in several fields simultaneously: startup growth strategy, network effects, social engineering, cryptographic backdoors, international law, and the ethics of mass surveillance. The FBI effectively proved that with the right product-market fit and distribution strategy, you can build a communications empire — even if your real customers are your targets.