Skip links
Trojan Shield operation

Conning the cons just like in the movies: operation Trojan Shield

Operation Trojan Shield/Greenlight: the US Federal Bureau of Investigation (FBI), the Dutch National Police and the Swedish Police Authority, in cooperation with the US Drug Enforcement Administration (DEA) and 16 other countries have carried out one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities.  

The operation was named Greenlight/Trojan Shield and was led by the US FBI, Sweden, the Netherlands and Australia. Overall, 16 countries took part in the operational task force and sent representatives to Europol in The Hague, the Netherlands, to coordinate their activities at the national and international levels, with Europol ensuring that the interests of law enforcement agencies in the EU Member States and non-EU partners are represented.

The following countries participated in the international coalition: Australia, Austria, Canada, Denmark, Estonia, Finland, Germany, Hungary, Lithuania, New Zealand, the Netherlands, Norway, Sweden, the United Kingdom incl. Scotland, and the United States.

What is operation Trojan Shield/Greenlight?

Since 2019, the US Federal Bureau of Investigation, in close coordination with the Australian Federal Police, strategically developed and covertly operated an encrypted device company, called ANOM, which grew to service more than 12 000 encrypted devices to over 300 criminal syndicates operating in more than 100 countries, including Italian organised crime, outlaw motorcycle gangs, and international drug trafficking organisations.

The goal of the new platform was to target global organised crime, drug trafficking, and money laundering organisations, regardless of where they operated, and offer an encrypted device with features sought by the organised crime networks, such as remote wipe and duress passwords, to persuade criminal networks to pivot to the device.

According to Europol, criminal networks have a huge demand for encrypted communication platforms to facilitate their criminal activities, but the market for encrypted platforms is considered to be volatile, following police operations that dismantled several encrypted communication platforms across Europe during 2020 and 2021.

Anecdotally, the Financial Times report that the idea behind Operation Trojan Shield was concocted over beers between the Australian police and the FBI in 2018.

How did ANOM work?

The FBI’s review of ANOM users’ communications worked like a blind carbon copy function in an email. A copy of every message being sent from each device was sent to a server in a third-party country where the messages were collected and stored. The data was then provided to the FBI on a regular basis pursuant to an international cooperation agreement. Communications such as text messages, photos, audio messages, and other digital information were reviewed by the FBI for criminal activity and disseminated to partner law enforcement agencies in all countries; Each country has now built their own cases against ANOM users, many of whom were arrested in takedowns in Europe, Australia and New Zealand over the last several days.

During the course of the investigation, while ANOM’s criminal users unknowingly promoted and communicated on a system operated by the FBI, agents catalogued more than 27 million messages between users around the world who had their criminal discussions reviewed, recorded, and translated by the FBI, until the platform was taken down after the public announcement of the operation.

Worldmap of operation Trojan Shield

Was Trojan Shield successful?

A series of large-scale law enforcement actions were executed over the past days across 16 countries resulting in more than 700 house searches, more than 800 arrests and the seizure of over 8 tons of cocaine, 22 tons of cannabis and cannabis resin, 2 tons of synthetic drugs (amphetamine and methamphetamine), 6 tons of synthetic drugs precursors, 250 firearms, 55 luxury vehicles and over $48 million in various worldwide currencies and cryptocurrencies.

According to Europol, countless spin-off operations will be carried out in the weeks to come.  Operation Trojan Shield/Greenlight will enable Europol to further enhance the intelligence picture on organised crime affecting the EU due to the quality of the information gathered. This enhanced intelligence picture will support the continued effort in identifying operating high-value criminal targets on a global scale.

Was Trojan Shield legal?

The conditions of the operation raised again the voices of privacy advocates, who reject calls for encryption to be banned, or for law enforcement to get access via backdoors in wide-used apps, like WhatsApp or Facebook Messenger.

The operation would actually be illegal in most European countries, while according to what Jennifer Lynch, surveillance litigation director at the Electronic Frontier Foundation, stated to Financial Times, this kind of surveillance, if it occurred in the United Stated, would violate both the Fourth Amendment and the Wiretap Act; she pointed out that FBI did not monitor users in the US, but instead relied on other countries with different and possibly less protective laws to launder its surveillance.

Why was the operation publicly revealed?

One would think that once police have such an effective tool in their hands to monitor and prevent crime, they would try to expand instead of ‘revealing their source’. Why was then the operation announced all over the world with full disclosure?

The police action against suspects in all countries was very precisely coordinated to secure that it came as a surprise. Police sources said that separate actions would not have been possible as the source for information would be obvious to the gangs when accusations were presented.

Police in Sweden informed that there had been one or several cases where they had taken action prior to the coordinated actions. This had been done to prevent killings that had been planned on the network. In those cases, accusations had initially been kept a bit vague to give time for the coordinated police action without revealing the source of information.

Why was it called Trojan?

The Trojan Horse was the wooden horse used by the Greeks, during the Trojan War, to enter the city of Troy and win the war: at the behest of Odysseus, the Greeks constructed a huge wooden horse and hid a select force of men inside, including Odysseus himself. They then pretended to sail away, and the Trojans pulled the horse into their city as a victory trophy. That night the Greek force crept out of the horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greeks entered and destroyed the city of Troy, ending the war.

Metaphorically, a “Trojan horse” has come to mean any trick or stratagem that causes a target to invite a foe into a securely protected bastion or place. A malicious computer program that tricks users into willingly running it is also called a “Trojan horse” or simply a “Trojan”.



Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.

Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!

We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.

    Do you want an experienced opinion on a job issue?
    Moonshot Manager is here to answer!

      Moonshot community sharing thoughts and ideas, in a anonymous, safe environment.