18 Apr 2023

Why accused criminals are challenging evidence in Sydney from one of the world's biggest police stings

5:57 pm on 18 April 2023
An illustration picture shows the AN0M logo displayed on the screen of a smartphone.

The AN0M app was key to the arrest of more than 250 alleged organised crime figures across Australia in 2021. Photo: AFP / Oliver Morin

Dozens of accused criminals are testing the admissibility of evidence obtained during one of the world's biggest police stings.

A landmark committal hearing for more than 50 people is being held in a Sydney court this week, with the group challenging the crucial source of evidence used by investigators involved in Operation Ironside, the AN0M app.

Monday marked the first day of the 10-day hearing, and came after authorities scored a win in the first test case in the Supreme Court of South Australia.

This is what you need to know.

What is being challenged?

The AN0M app, run by the United States' Federal Bureau of Investigation (FBI) and decoded by the Australian Federal Police (AFP), was key to the arrest of more than 250 alleged organised crime figures across Australia in 2021.

It is alleged black-market phones installed with the so-called "Trojan horse" app were being passed around the underworld from 2018 in the belief they were off the police radar.

In reality, they had been seeded by police, and every message, voice note or picture sent on the platform was being automatically duplicated.

What is Operation Ironside?

In June 2021, authorities shut down AN0M and swooped on hundreds of alleged gangsters across the globe before revealing the app was a ruse.

The investigation was known as Operation Ironside in Australia, and Trojan Shield in the US.

The AFP alleges evidence gained through surveilled texts allowed police to bring down drug supply rings and organised crime networks in Australia and overseas.

At the time, police said they had been granted a "court order to legally monitor the AN0M devices of the individuals in Australia or with a clear nexus to Australia".

What has happened in the NSW hearing so far?

On Monday, a committal hearing in NSW for more than 50 people charged as part of Operation Ironside began with an expert witness being asked to explain the technical aspects of how the app worked.

Sydney restaurateur and alleged cocaine trafficker Mostafa Baluch became one of the most high-profile AN0M arrests after he allegedly fled NSW in October 2021 while on bail for drug importation offences.

His case is one of a number of AN0M matters joined together for the hearing, which is being held at the Lidcombe Coroner's Court to accommodate the number of parties involved.

Millions of texts sent through the app, which could only communicate with other AN0M devices, were allegedly copied and fed back to servers monitored by the authorities for three years.

Additional information, including geolocation data, was also added to the duplicated messages as the users pressed send, but not to the original texts, the court heard on Monday.

During the committal hearing, before Magistrate Robert Williams, the group of alleged bikies and criminals' lawyers will explore whether that evidence was legally intercepted.

Barristers Avni Djemal SC and Phillip Boulten SC are appearing for various accused parties, while Christopher Winneke KC is acting for state and federal prosecutors.

It follows a similar challenge heard before the Supreme Court of South Australia.

In that jurisdiction, Justice Adam Kimber ultimately ruled that AN0M was legally run by police.

Why the source code matters

Yogesh Khatri, a forensic investigator with cybersecurity firm CyberCX, gave evidence at the South Australian hearing, and again provided testimony at the Sydney court.

Khatri told the court he was given access to some of AN0M's source codes, and was able to explain in intricate detail how the app worked from a technical standpoint.

Much of the questioning from Djemal focused on the point at which the duplication took place, and whether the phones were connected to a "telecommunications network" at the time.

Khatri said they were.

When asked by another defence lawyer, he said the opinions expressed in his report to the court were "limited" as the AFP had not provided all of the source codes.

Khatri said he had not seen AN0M in action, but believed he had a "good indication" of how it worked.

"The major [limitation] is that there's no working copy of any part of the platform," he said.

"So we are limited to just reading the source code.

"We don't have the app or the server alive to test anything."

The court was previously told 14 witnesses would be called to give evidence during the 10-day hearing.

The hearing continues.

- ABC

Get the RNZ app

for ad-free news and current affairs