DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
HTML-код
- Опубликовано: 18 окт 2024
- In 2018, a secure communications app called Anom started to gain popularity among organized criminals. Soon, top tier drug traffickers were using it all over the world. Because they thought their messages were secure, smugglers and hitmen coordinated high stakes crimes across the platform. But Anom had a secret: it was secretly run by the FBI.
For years Joseph Cox has investigated the inside story of Anom, speaking to people who coded the app, those who sold it, criminals who chatted across it, and the FBI agents who surreptitiously managed it. This new talk, building on details from his recent book DARK WIRE, will include never-before-published technical details on how the Anom network functioned, how the backdoor itself worked, and how Anom grew to such a size that the FBI started to lose control of its own creation.
It will also reflect on how police have entered a new phase of compromising entire encrypted phone networks, with little to no debate from the public, and provide critical insight on what really happens when authorities introduce a backdoor into a telecommunications product.
Holy shit he immediately starts telling the story. I love that.
Sounded like they had some kinda delay, he didn't have time for the slow build up
@@rytek4274or maybe he is just straight to the subject.
since TikTok I need more NFO condensed to 2 min
@AndreeaCe he opens by apologizing for the delay.. saying he's going to jump right in ..... so whatever speculation you come up with is wrong when it's addressed in said video... rewatch the first 30 secs
he is LE fanboy...
Dude is a rockstar. Right into it.
Defcon has always felt like the recipe book joke where everyone has to start their recipe with a story about their grandmother and personal growth 😂
I love the part where traffickers believe their gadgets are “secure” because CAPCHA. Yeah no problem you’re 100% good to go, Pablo. That’s never not hilarious.
F those drug traffickers, meth destroyed my life and won’t be able to raise my kids because I had it blown in my face while I was sleeping and got addicted.
its really ironic that Vice Magazine became Corporate Media
My favourite part of this was the applause for separating from them 😂
Straight to the point no BS.
Yes, excellent talk
@@JonMasters No BS what the fuck he is awesome on explaining and I love him. But the FBI is nothing but bullshit this was weak I would have done better and these fuckers would have been dead. Not just a Data entry for some white rich people and there little data. People die idiots its not a fucking joke how many of you have had an addiction and a problem mentally with your Dopeamines.
THIS GUYS A COP
@@nuguns3766 and what the fuck does that mean? I have nothing wrong with cops I’ve sucked wrong with people telling me I can’t smoke weed but the rest of the shit they do. I got nothing wrong with.
A fascinating story, though not at all surprising, and very well delivered with no preamble.
Thank you.
This is the phones they were selling on the dark web with the promise that the police wouldn’t be able to track. 😮
Good thing you didn't buy one!
My 5g plan just died and i want anonymity CLICK HERE NOW
Maybe he did 😂
Aw dang they promised
Great storytelling! Loved the talk.
how can defcon not make a freaking stable video without it blinking, or the audio being potato... its like this EVERY freking YEAR... When will you learn
They really gotta switch AV providers, unless they're forced to use the in-house AV company.
Do it better
I'm so mad I wasn't in person for this. Been wanting to shake this man's hand for a bit.
2 things struck me:-
1) US legal protections (including constitution) only apply on US soil or to US citizens. (Was quite important in the Assange case). This goes right up to extra-legal imprisonment and killing (eg drone strike).
2) Cops (in in liberal democratic countries) are not just interested in pedos & pushers. The McLibel case was corporate enforcement (using UK libel laws) against activists who claimed burgers were bad for you.. UK cops had 2 agents in this little group who spied on all legal discussions and handed details to Ronald McDonald so he could conduct his case better. So often, crime-fighting is just the pretext.
wtf is a liberal democratic country lol
UK is typically an exception tho. I dont disagree with u, just that five eye countries almost always choose invasion of privacy > human rights or laws.
Didn’t any of these criminals watch an episode of “The Wire”?
..you takin notes on a criminal conspiracy?
our boi got right to the point without yapping.
nice.
also i am now scared that GrapheneOS is a fed honeypot xD
isnt it open source?
@@phantomtr1yes. it's also been audited by many security researchers and third party companies. they have very transparent information on the Web site
36:00 dont trust signal any more. Its weird why they keep things unpatched for years and argue why its not needed to be patched
I don’t know how anybody still uses apps after Sky, Telegram and now axiom was all leaked to law enforcement branches. But criminals aren’t exactly smart are they
Remember when Pokemon filmed and mapped the entire planet while kids and adults went looking for fictional characters in the real world, the population is so dumb
I'd love to see a J Cox exploration of Ninantic. Personal opinion: it seems obvious there is data farming and harvesting on a global scale going on, and they've made their Guassian Splatting 3D scanner service free now, so they're really getting into it now
Forgot to mention the name, it's Scaniverse
meds
While the "Anom" sting worked well, a big issue is how publicised this was. Everyone heard about the worldwide busts, and the Anom phones, and now all the criminals have their suspicions has been raised. I can't see the next operations working very well. Whether its the next device, messaging app or whatever, they really should have kept this one quiet
Yeah, they got the message that they had to make their own phones, rely on their own trusted methods, now "anonimity" companies are either an scam or the lesser evil alternative
@@revoblam7975 I don't get why they weren't doing that from the very beginning. They have the budget for it and they would be able to keep it all in house.
Joseph talks about how this was the goal of the FBI. Reduce trust in these private phones.
did you not hear about the pagers......
Are we 1000% sure, the intel agencies don't have access to quantum computing that can decrypt communications?
jeez! cheerz mate! way to go on this conference
so basically just assume WhatsApp, FB Messenger, Signal.. all of them already have a back door because some programmers were on the receiving end of a FISA warrant...
Gotta love it; no nonsense and right at it.
amazing story straight to the point as well
Superb talk. Loved it. ✌️
Store Now, Decrypt Later
The random order number pad is a great idea!!!! A lot of older people have a hard to read fingerprint and they also love short pin codes - a dynamically random order generated number pad would be great for them.
They should've just used signal from the very beginning. Maybe have someone make up a secure Android OS with some of the wipe features based off a modified secure OS, cut out mics and other parts they don't want and use something open source. Would've been safer and they wouldn't have spent $1000s to get spied on.
I’m pretty sure people said the same thing about Sky, Telegram and Axom. Buddy, Signal is CIA ran app
Why does the screen keep flashing or is it just me? I have epilepsy lol
Probably shouldnt be using a phone at all then 😂 you'd be safer anyways. Haha
not just you
The mics / sound system is on the verge of squeeling.
Dude wears a mask in 2024.
A mask? Really?
who cares
Holy heck. This was s gem
The marshalls were amused.
So was you're mom
why was phantomsecure closed by the fbi? its not illegal to sell phones? wish he elaborated a bit more on this topic. if they closed it down that means it worked?
I think it’s great they’re taking down drug dealers, my ex blew meth in my face when I was sleeping and it got me addicted and ruined my life. What they did with cornpub is horrific though, the stuff shoulda never been left there.
I don't want to seem rude but I didn't know that was possible. I know first hand how addictive meth amphetamine can be, sober 6 years... but just getting it blown into your face and addicted? It doesn't track for me. We're you having physical withdrawal symptoms from just getting it blown into your face?
@@navr1111111111111111 she would blow it in my nose or mouth when I was sleeping and molest me to turn me out so I would support her habit and it worked. I guess guys do it to girls but it worked and it’s just so evil.
What's with the mask?
The flickering gave me a headache
What flickering?
@@zenmoto369 11:00
@@zenmoto369When lights switches onand off very fast. Not very noticeable but it can cause headache. You will notice it more by the phone camera.
Flickering is a great method of MorseCode
I struggle with migraines and same. I'm so sorry.
Brave guy , i love it
Wow. I’m not sure why I am surprised.
i bet the next project is called Meshtastic
some people just born to be a speaker
Definitely, he's an excellent writer too. the thing I like most about Joseph is the way he thinks. Curiosity, razor sharp analysis, thorough research, super broad knowledge of many fields.. plus he knows which side his bread is buttered and it's the correct one 😆
Beginner here: Why can’t TailsOS be out on a phone ? And, how easily could they put a backdoor on an OS system like TailsOS? Is that possible?
The benefit to TAILS is that it's been around for a long time. The possibility of a backdoor is still true since the project may hire a developer that ends up being a spy. Or a spy is hired to work on a pgp messaging program that tails uses. It comes down to the community relentlessly verifying and testing the source code for everything they rely on for anonymity. This is a perfect example why open source is so necessary. If the phones had been open source then someone could've easily found the backdoor server communication.
@@potato11teenwith some basic forensics you could detect that services shown as disabled were still operating
Phones including android are different from computers, computers are more customizable you can change your os to anything that supports your archetecture, phones are very locked down, idiot proofed, proprietary, and "spooky" (meaning they have hidden telemetry software and software you can't easily remove). *put on your tinfoil* And smart phones are a newer invention created after the powers that be realized desktop computing gives people a lot of power, they knew this newer version of a thing was thier chance to shape it to be what they really want us to have.
@@playfulcyanidethat's what I was thinking... these dudes are moving a half a ton of cocaine and they never thought to hire a security analyst to check the hardware?
\DYOR/ - but in some communities there is already speculation that TailsOS is a fed honeypot....
not so secret now
Is this from defcon 2024 or an earlier one? This looks familiar
Hola = Hello (Spanish) pronounced ow laa 👋
Most noticeable being Barry wood 8:02
The fact the made a vera crypt makes me wonder why graphene doesn't have it.
can u rephrase please
VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE).[5] The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition[6] or (in Windows) the entire storage device with pre-boot authentication.
VeraCrypt supports plausible deniability[46] by allowing a single "hidden volume" to be created within another volume.[47] The Windows versions of VeraCrypt can create and run a hidden encrypted operating system whose existence may be denied.[48] The VeraCrypt documentation lists ways in which the hidden volume deniability features may be compromised (e.g., by third-party software which may leak information through temporary files or via thumbnails) and possible ways to avoid this
@@phantomtr1
Anom has a hidden partition by putting in 1 pin so it looked normal. And another was the real device
VeraCrypt supports plausible deniability by allowing a single "hidden volume" to be created within another volume. The Windows versions of VeraCrypt can create and run a hidden encrypted operating system whose existence may be denied.The VeraCrypt documentation lists ways in which the hidden volume deniability features may be compromised (e.g., by third-party software which may leak information through temporary files or via thumbnails) and possible ways to avoid this
@@phantomtr1
VeraCrypt supports plausible deniability by allowing a single "hidden volume" to be created within another volume. The Windows versions of VeraCrypt can create and run a hidden encrypted operating system whose existence may be denied.[
The VeraCrypt documentation lists ways in which the hidden volume deniability features may be compromised (e.g., by third-party software which may leak information through temporary files or via thumbnails) and possible ways to avoid this
VeraCrypt supports plausible deniability by allowing a single "hidden volume" to be created within another volume. The Windows versions of VeraCrypt can create and run a hidden encrypted operating system whose existence may be denied.The VeraCrypt documentation lists ways in which the hidden volume deniability features may be compromised (e.g., by third-party software which may leak information through temporary files or via thumbnails) and possible ways to avoid this
Anom had it so if you put in 1 pin it looked like a real phone crossing customs but the real pin was the real device. The fake was a veracrypt like software
Still amazes me
If the Intel agencies have access to 'applicable use Quantum Computing', what does this mean for encrypted communications? Better yet, what does this mean for encryption anything? Is bitcoin encrypted?
Minority Report is next
they use james bond because thats how they see themselves.- this guy has been hanging out with too many cops
Doesn't hold a candle to Mossad's remotely detonated beeper explosives...
Lol fr. I was looking into this, you know, that they would've had to get into the supply chain of those pagers, one couldn't just make one explode as these batteries aren't powerful enough.....
Using open source software to their advantage.
audio operator should be ashamed. absolute skill issue
Time to move back to pagers! 😂
Everyone should follow 404 media, they write very interesting articles and have a great podcast.
Broliukai!!!
Audio sucks, 🤷
ok... so less than a minute in im sus as f.he said they take out the microphones...then how do they communicate? text only? anyways back to the vid....
Bluetooth headset, standard old fashioned wired headphones with a mic, there's plenty of ways.
what a honeypot
it comes from the child's story Winnie the Pooh. A bear in the story stuck his paw in a pot of honey. When the bear attempted withdraw his paw he was stuck as the paw was now larger than the opening. Some organizations create an attractive target (aka the honey pot). When a person attempts to access the honey pot they trigger technology to identify them.
He's the "Orfah"? haha! "Meff"? lololol "Fanos"?!!! lmao!!!!!!! "Fird wurld" omg!lol
Can't believe these "criminals" didn't do their due diligence in getting these phones professionally analyzed before trusting them.
If they had the intelligence needed to think of that, they would be called businesses men and would not have the need to sell illegal substances.
Instead, they could formulate a sound businesses plan and sell legal poison such as fast food and doughnuts to the very same fbi agents in San Diego.
What is there to analyse?, the traffic's redirected to the Feds after a proxy.
@@pXnEmerica That part is not detectable you are right. But it seems like the phones where generating data/traffic they said they didn't? Like uncensored copy of the image or GPS data. Sure that stuff can be somewhat hidden, but that alone would be suspicious, if I can't actually just examine all the outgoing traffic.
A “criminal” is per definition a person who have a malfunctioning brain completely incapable of understanding how to behave correctly in a democratic society. And you assume these brain damaged people possess some kind of high intelligence? 😂😂😂😂
@@pXnEmerica They might not be able to detect that part, but they would be able to catch the device still has a gps when it's been "removed".
so many people from my home country of turkey in this story. lmfao. i already knew we were deep in the drug market but hot damn
the issue with turkey is its location on our planet is prime. The powers that be will alwats try to control it. Just like in history. In general, turkey and regions under it like syria iran iraq palestine are all prime real estate.
this is an opsec disaster
A/B Test your hardware. You never know who's listening.
Indeed... besides anybody is always listening. Lol
Fedz Taking Pictures 📸📸📸📸📸📸📸📸📸📸
Guess its better than buying one of those new Israeli phones...
never buy anything touched by israel if u value privacy. they are #1 intelligence group on planet. ofc, they also have the major brands in EVERY industry. so gl
So, dumb question maybe but, what's stopping people making the same things without the spyware?
Nothing, but there is a huge amount of power in the branding and reputation etc. capitalism baby!
they do. Mexican cartels created their own cell network, and i know ive heard of other devices offering similar anonymity
holy christ I just destroyed the inside of my toilet... even had to flush 3 times.
"DOMENICO CATANZARITI" is from SOUTH AUSTRALIA,. you are kidding me. typical southern AU name
*the fact that all phones can’t be shut down and their camera and microphones are all bugged, is pathetic and our gov. are tyrannical losers for this*
You deserve nothing for such treachery against humanity.
as an AV tech, seeing the presentation flickering and hearing the lectern feeding back makes me cringe. Do better!
the most interesting part is how he lightly acknowledges how the FBI works always above the law. Replace by FBI by John. John would be already in jail for the rest of his life.
Yea I was just wondering if this is legal
@@jchastain789 Not in the US. Amazing, isn't it? The FBI can't legally do their jobs so...fuck the law.
Data holding and marketing needs inverting.
I wonder what other messages system is run by other police.or any Intel agency. Just like Many VPN ARE run by some Intel agency.
Signal is definitely a DOJ ran app
No need for introduction
IT IS ACTUALLY KRYPTALL K-iPHONE AND, I KNOW ABOUT THE WONDERLAND GANG…
Is this legal?
COX!
Very strange hearing words like shithole in that accent. :-O
Well. I use graphene os and signal
Nah anom is way better direct access to your favorite fbi agent
Signal...
I like Molly more the FOSS of signal
@@aymanhawari2589 Signal is FOSS
Molly just has some more features
😂😂😂Nah this is actually wild
I believe the FBI should still continue. He said that he saw messages where people were ordering hits with smiley faces. These devices aren’t used by anyone but those trying to commit crimes.
Secondary server in the UK because FBI and MI6 are in cahoots
Just goes to show....u can not trust ANY TECH DEVICE once the 5 i's hack them.
SPOT THE FED
this guy calling Joseph Cox a fed? lol
lol i think its the praising ones
I take it this content was created before Pavel Durov was "persuaded" by French police...
Feds are just as good at extortion as those on the wrong side of the law
Telegram is a whole different story imo
Telegram is a shit show. They make deliberate choices about e2e encryption that are worse than whatsapp. Independent cryptography experts have soundly roasted telegram. If you believe it's secure, you fell for the hype.
lol at 6:30 he talks of the amazing and cool features!! that literally have been a thing on android since for ever.
and the calculator app concept has been around for decades but only as a independent secure storage folder for your nudie pics.
auto wipe after set number of pin failures is literally always on android. Now it's as advanced as remotely wiping the phone if it has been stolen by dialing a phone number or logging into "find my phone" if you use that feature which i do not.
android allows you to go into developer mode and turn off the sensors for everything...and my specific android software has a kill switch for turning off the camera and microphone.
Mac address randomization, location access denial, blah blah blah etc etc etc.
with these settings active, if i try to open any app that uses a camera, even my phone camera app itself, it fails to open and an internal message says "app failed to respond, please try again, or report this issue \here/"
none of these are new or groundbreaking features outside the anom interface being hidden behind a fake application. which that actual concept, like i mentioned before with the "secure storage" has been around since the first apple app store and google play store.
well i suppose if you have an iphone then all of these security features would be new and groundbreaking xD
meaning to say that these features were not specifically created for the anom device or software in any form, they are most unanimously standard android device setttings you can choose to utilize or not, the actualy anom software suite and capability is probably in truth a really specific glance at what our telecom companies have for our civilian devices xD all the texts, pictures, voice note recordings, it's probably all happening the same way but not to catch drug traffickers :P
Who in 2024 doesn’t know that people trade drugs for bitcoin? God, I hate journalists.
DDDAMN DIDI THOSE GUYS NOT HAVE ANY FOOOOOOKIN MONEY FORRR A FEEDBACKDESTROYER
What is up with the effing mask???
If this guy thinks they didn’t spend all of this money without secretly monitoring U.S. traffic then he’s stupid. You’re not even being naive, I’m surprised you remember to breathe while talking.
This guy's walking living proof of how you can be smart but really stupid at the same time. It's like all of your brain power goes into one category
Maybe explain why you think that?
Cool story, gay mask
Him drinking water annoys my soul so much 😂😂😂😂😂man he sure pours liquids down his gullet
@@CannaBinz can a man drink??
What a weird thing to get annoyed by.
@@SurvivingAnotherDay you mean “pour liquids down gullet”? 💀
I'd bet money you are brown
This comment annoys me
Still rocking the worthless facemask? Someone should tell him those are useless.
Masks in Vegas 😂
Stupidity in YT comments, you think maybe knows why he needs it?
So this man could not keep there info really private you want to find someone who really can is that the final goal
Is this guy even an American he sounds like UK. Why is he important to our democracy?
Lol.... expat.
@@elvinaguero4651 Man shut up you have no pull I need a FBI ABI and and AI and a world bot get out of here. But can you love and fight for them
I want to be a fed and help out this looks like fun I like it and yes keep the weed away its okay
I watched that FBI TV Show and now I am hyper aroused 🫦
Holy shit he comes with a mask .. imagine in what. Shizo mind you have to live in
And a water 🍼.😂😂😂😂