The United States has extradited a man it accuses of working for Anom, a company that sold encrypted phones to criminals but which was secretly backdoored by the FBI to spy on the communications of organized crime around the globe. Aurangzeb Ayub quietly arrived in the U.S. last month, according to court records reviewed by Motherboard.
Ayub is the first of 17 alleged Anom workers to be extradited since Motherboard reported on the operation, known as Trojan Shield, and the FBI and its law enforcement partners held press conferences on its success in June. While authorities have arrested and prosecuted users of the Anom devices, Ayub’s extradition is some judicial movement regarding those who allegedly sold phones for Anom, some of whom the U.S. Department of Justice has also charged.
“Ayub is charged with 16 other co-defendants; he is the first defendant to appear on the Indictment and was extradited from the Netherlands to the United States,” a court document filed on Tuesday reads. He first appeared in the Southern District of California on March 21, the document adds.
Do you know anything else about Anom? Were you a user? Did you work for the company? Did you work on the investigation? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
The Department of Justice and Ayub’s defense team have already discussed the production of discovery, which includes all of Ayub’s communications on the Anom platform, according to court records. That material contains around 3,500 communications and about 14GB of data, the court records add. By last Friday, the government was expected to turn over these messages to Ayub’s defense team, the document reads.
The court record adds that the Department of Justice anticipates that it will turn over more material in May, which will contain recorded conversations between an FBI confidential human source (CHS) and Ayub, a technical report about the Anom platform, and other reports.
Operation Trojan Shield, and its Australian counterpart called Operation Ironside, started in 2018 when a former seller of phones from other companies called Phantom Secure and Sky became a CHS and offered the FBI their own company they were developing to aid in the FBI’s investigations. That company was Anom. Typically, companies in this industry sell phones that may have the GPS, voice call, and other capabilities removed, and instead just send end-to-end encrypted messages. Some deliberately cater to the criminal underground, and some are even run by organized crime figures themselves.
In close coordination with the authorities, that CHS secretly added a feature to Anom’s devices that made a copy of every message sent across the platform and automatically provided that copy to law enforcement agencies. In all, the FBI intercepted 27 million messages sent across Anom. As Motherboard previously reported, the Anom phones also secretly captured their GPS coordinates and provided these to law enforcement as well.
Anom, like other encrypted phone companies before it, used a network of distributors to sell these devices to criminal end users. Unbeknownst to them, these sellers were really in effect working for the FBI, and helped to spread a backdoored device to criminal organizations around the planet. Ayub is allegedly one of these distributors, with the indictment against him and others describing Ayub as “a citizen of the United Kingdom and the Netherlands who currently resides in the Netherlands. Ayub is a distributor of the Anom network to criminal end-users.”
Ayub is charged under RICO, a law traditionally used to prosecute mob bosses. Since 2018 when the FBI started shutting down encrypted phone companies initially with Phantom Secure, the Department of Justice has leveled similar charges against the administrators and sellers for such companies.