AN0M accused Edwin Kumar asks FBI to give him names and messages from encrypted app

AN0M accused Edwin Kumar from Sydney asks FBI for names and messages from encrypted app, as his lawyers seek identity of European country which secretly helped Operation Ironside

Ellen Whinnett and Liam Mendes

6 min read

7:59PMAugust 21, 2023

Inside Operation Ironside: The AN0M raids and two years of legal battles

An Australian man accused of providing encrypted AN0M devices to people who used them to organise drug trafficking is asking prosecutors to give him details of every message sent on every phone he is accused of providing.

The case against Edwin Harmendra Kumar, being heard in the US, has revealed fascinating details of the inner workings of Operation Ironside, the police sting of the century, built around the encrypted app AN0M.

Mr Kumar, who was extradited from Sydney to the US earlier this year to face racketeering (RICO) charges, is seeking details of all users and all messages sent via the devices prosecutors say he provided or serviced.

He is also seeking any reports of drug transactions allegedly involving him directly, or any end-user who allegedly used a device he had distributed or serviced.

“In the government’s view, Mr Kumar’s role in the RICO conspiracy was to distribute the AN0M devices to end-users, manage and receive subscription fees, and provide technical support,’’ an application by his lawyers state.

“The government further alleges that, in doing so, Mr Kumar knew or had reason to know [the end-users he worked with] participated in illegal activities, including international drug trafficking and money laundering.”

The application notes US authorities had claimed that Mr Kumar had, in August and September 2020, set up several devices for end-users of AN0M who later co-ordinated “a shipment of 156 kilograms of methamphetamine precursors from India to Sydney, Australia”.

“On February 25, 2021, a conversation between end-users to whom Kumar had supplied devices included co-ordination of a shipment of 6kg,’’ the lawyer said the prosecution had claimed.

“On March 1, 2021, Kumar engaged in a conversation with a co-defendant to co-ordinate the purchase of ‘rack of[f] the DW,’ or cocaine off the dark web, and its later sale in Sydney, Australia,” the FBI further alleges.

In a related case, Mr Kumar and two co-accused are demanding the US Department of Justice name the European country which secretly helped the FBI and the Australian Federal Police intercept more than 28 million messages sent on the AN0M app.

The app was marketed to the underworld as a secure way of communicating but was in fact a Trojan horse being run by the FBI and Australian Federal Police, who secretly obtained copies of every message that was sent.

Mr Kumar and his two co-accused, part of the group of 17 men indicted in the US on racketeering charges related to the distribution of the app, have advised they intend to fight the charges on the basis that US law does not allow them to be convicted of conspiring with a government agent or informer.

They are also seeking the name of the anonymous third country which helped the US and Australia pull off one of the world’s greatest stings and resulted in around 1000 people globally being charged with serious crimes including drug trafficking, money-laundering and conspiracy to murder.

“The (US) government admits it created the AN0M service at the heart of this case with a single goal: convincing criminals to use its encrypted phones, which the FBI could secretly monitor through a backdoor written into the software,’’ the application by Mr Kumar, Seyyed Hossein Hosseini and Alexander Dmitrienko, states.

Seyyed Hossein Hosseini has been extradited to the US to face racketeering charges over the AN0M app.

“But because of the stringent constitutional and statutory requirements that such a program would trigger domestically within the United States, the government needed an international workaround. Using a Mutual Legal Assistance Treaty (MLAT), the government asked an unidentified, third-party country in Europe to intercept the messages and then provide the data directly to the FBI.’’

The name of the third country which hosted an iBot server that harvested the messages, forwarding them to US, has never been revealed, although prosecutors have confirmed it was a member of the European Union.

Weeks before the AN0M sting was revealed in June 2021, when police across Europe and Australia conducted multiple raids and charged hundreds of people, an anonymous cyber security expert wrote a blog post where he claimed AN0M was interacting with a server in the Romanian capital of Bucharest.

Romania is a member of the EU. The blogger also wrote that AN0M was interacting with servers which were located in countries which were part of the Five-Eyes intelligence agreement – the US, Britain, Australia, Canada and New Zealand.

“With ANOM I was able to locate all of their PROXY servers including their MAIN servers with minimal ease, all operating within the 5 eyes alliance,’’ the cyber expert claimed.

“If the authorities were to access ANOM’s server of 193.27.15.41 in ROMANIA which is a third world country that may state they take privacy seriously … they could easily infiltrate their Offshore Romanian Server and install special hardware devices on those servers without ANOM’s knowledge,’’ the prescient blog warned.

“Authorities could completely infiltrate every users devices as well as their operations and worse of all authorities would have the ability to decrypt and intercept their messages.’’

Weeks later, after the AN0M take-down was finalised, it was revealed the app had been sold to the FBI by a tech-savvy criminal seeking a lighter sentence over other criminal matters involving an earlier encrypted app known as Phantom Secure.

A member of the Australian Federal Police developed the key that allowed the messages to be decrypted in real time, and the FBI’s confidential source helped get AN0M devices – stripped back mobile phones – out into the criminal underworld.

The AN0M app was created as a Trojan horse to fool those using it to run their criminal networks.

The documents revealed the messages were routed through iBot servers, and blind carbon copies were secretly being taken of every message that was sent.

In documents filed in the District Court in the Southern District of California, lawyers acting for Mr Kumar, Mr Dmitrienko and Mr Hosseini noted that European country had sent the messages, unread, in batches to the FBI every Monday, Wednesday and Friday.

Their lawyers argued the prosecution needed to provide details of the third-party country’s involvement in the sting, as they intended to explore the legality of the operation, send investigators to that country to interview witnesses, and potentially seek to have the messages suppressed.

“That third-party country agreed, and the FBI helped arrange for a computer server to be placed in that country to intercept the message data,’’ the documents noted.

“Thereafter, without ever reviewing the contents of the messages, the third-party country provided the data to United States law enforcement multiple times per week.

“By the government’s own admission, most of the allegedly inculpatory evidence in this case came from and is contained within those intercepted messages.’’

People in Australia, New Zealand, Turkey, The Netherlands, Spain, Germany and Britain have been charged as a result of evidence obtained through AN0M messages but no Americans have been charged.

The court documents go some way to explain why, suggesting the government believed such interceptions there could be in breach of American laws.

“Given domestic constitutional and statutory constraints on electronic interceptions, the “FBI geo-fenced the U.S., meaning that any outgoing messages from a device with[in] [the] US … would not have any communications on the FBI iBot server” and would not be reviewed by U.S. law enforcement,’’ the documents state, citing responses from investigators.

The document states the third country sent data to the FBI right up until its local court order expired on June 7, 2021.

“This data comprises the encrypted messages of all of the users of AN0M with a few exceptions (eg the messages of approximately 15 AN0M users in the U.S. sent to any other AN0M device are not reviewed by FBI),’’ it notes.

“[The FBI] have translated the messages (where necessary and where translations are available) and have catalogued more than 20 million messages from a total of 11,800 devices … located in over 90 countries.’’

Mr Kumar and his co-accused have advised the court they intend to retain investigators in the European country to search for documents and witnesses to provide “first-hand information’’ about AN0M’s administration.

“The defence would be beyond remiss to rely on the government’s “official” story, without conducting an independent investigation,’’ the lawyers said in their affidavit.

“After all, “the ten most terrifying words in the English language may be, ‘I’m from the government and I’m here to help you,’ they said, quoting a precedent court case, Garcia-Aguilar v. United States District Court, 2008.

The challenge to AN0M’s operations in the US comes at the same time a group of 66 Australians accused of mainly drug offences as a result of the AN0M sting have teamed up to challenge the validity of the technology used. The case, known informally as AN0M 66, is listed for a committal hearing before a magistrate in Sydney in September.