Security
Headlines
HeadlinesLatestCVEs

Headline

Inside the Biggest FBI Sting Operation in History

When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’ hands.

Wired
#web#mac#windows#microsoft#amazon#git#intel#backdoor#perl#samsung#auth#sap

If you buy something using links in our stories, we may earn a commission. Learn more.

When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’ hands.

ILLUSTRATION: ALVARO DOMINGUEZ

Sometime after midnight on May 26, 2020, a sleek black-and-white speedboat darted through the sea’s waves off the coast of Sweden. The two men on board were barreling toward a set of coordinates in the darkness, armed with navigation equipment, night vision goggles, and fishing rods. The Donousa, a black and red, 225-meter-long cargo ship, was sitting motionless in the water around 17 kilometers ahead.

On its way from Brazil to Poland, the Donousa had made this unofficial stop in the North Sea so that some corrupt sailors could throw nets holding 400 kilograms of cocaine—a quantity with a street value of about $39 million—into the water. Then the ship would light up the area “like a disco in the middle of the sea,” a member of the drug gang wrote in a text message. And with that, the speedboat crew would reel in the nets and whisk the drugs to docks on Swedish soil.

That was the plan as the courier understood it, anyway. Stationed onshore in a white van, his job was to wait for the speedboat to return, then transport its payload to a warehouse, all while fielding minute-by-minute commands from the operation’s mastermind and two other higher-ups. In an encrypted group chat, they peppered him with orders in Swedish: Stay calm, avoid looking shady, melt into traffic when the time comes. “You’ll drive slow as fuck.” The four men were all using Sky phones—pricey, customized devices that not only sent encrypted messages like Signal or WhatsApp did, but could also be remotely wiped on demand if they fell into the hands of law enforcement. By 2020, phones made by Sky and a handful of competitors had become a widespread and sophisticated part of the drug trafficker’s toolkit. For the truly paranoid, some brands even removed the GPS, camera, and microphone from their devices.

But slick technology is no guarantee that things will go smoothly in the wee hours of a nearly $40 million drug deal. When the speedboat finally motored in from the open sea after dawn, its pilot docked in the wrong place at first. Then the packages of cocaine were so big the men had trouble cramming them into the van. At the warehouse, the courier reported via chat that the speedboat pilot was grating on his nerves. The pilot, who barely spoke Swedish, seemed whiny and agitated as they set about verifying that every kilogram of cocaine was accounted for.

At his bosses’ heavy-handed direction, the courier staged a succession of photographs and shared each with the group: two neat lines of duffle bags coated entirely in duct tape. A bag unzipped to show the black-wrapped blocks inside. Neat rows of cocaine bricks against the gray concrete floor. But the tally kept coming up short: about 70 kilograms short, to be exact. “Did you have eyes on it the whole time?” the mastermind texted in a staccato series of messages. “How can so much be missing?”

Using the courier’s Sky phone, the anxious pilot finally divulged the truth. Speaking Croatian with the mastermind, he revealed that some cocaine had been lost at sea. Some of the duffle bags had broken open as they fished the drugs out of the water. Now it was the courier who started to freak out. The tension was ratcheting up so much that he asked the bosses to please stop bombarding them with messages for a minute so they could think clearly.

The two men in the warehouse must have realized what a dangerous position they were in—caught literally holding the bags when more than $6 million worth of cocaine had disappeared. The disembodied bosses demanded more photographs. The courier stacked the blocks of cocaine up against a white wall in the warehouse for easier counting, then sent the snapshot. “Are you happy?” he texted. “Closer,” one of the higher-ups commanded. “Get down on your knees.” More pictures came in quick succession, one showing a red swirl emblem stamped onto each brick of cocaine, one showing the courier’s feet standing on a pile of flattened, empty duffle bags.

By now it was just before 9 am. The bizarre photo shoot had gone on for two hours. At some point, the bosses seemed resolved to treat the loss as a cost of doing business. (Soon after, members of the public found some bundles of cocaine washed up onshore.) The mastermind finally congratulated his team on the haul. “Good job, everyone,” he texted in the group chat. And with that, the ordeal was over.

No doubt much of the anxiety permeating the chats had been fueled by the notoriously volatile moods of the mastermind himself. His name was Maximilian Rivkin, but he more commonly went by his nickname, Microsoft. A Swedish gangster originally from Serbia, he was a heavyset 36-year-old man with short dark hair that gripped the top of his egg-shaped head. Some gray had started to appear in his thin beard, which showed the beginnings of a handlebar mustache. On his right forearm, he had a large tattoo of the three wise monkeys from folklore that hear no evil, see no evil, and speak no evil.

Microsoft was a true 21st-century drug kingpin: technologically savvy, globally connected, and capable of smuggling a variety of illegal narcotics from different parts of the world. Beyond Serbian and Swedish, he planned his crimes in Bosnian, Spanish, English, and Croatian. Microsoft was “always online,” he later told an associate in an encrypted text message. A workaholic, he sent encrypted messages nearly every moment of his waking life.

This speedboat operation was just one in a seemingly unending list of harebrained schemes Microsoft had for trafficking drugs. At various points he discussed, and sometimes succeeded in, shipping hash hidden inside furniture, cocaine inside tiles, and more cocaine nestled among shipments of tulips. He told a conspirator he once secured a flight school’s airfield in Denmark to facilitate a plane packed with product. To another he discussed setting up a legitimate vegetable company, including hiring a web designer, to then import produce that he could hide drugs in. He controlled a timber company in Belgium that could be used for shipping goods to Ecuador. Another legitimate import useful for smuggling drugs was animal feed. At one point an insider at a factory was prepared to help Microsoft hide chemicals for making amphetamine inside cans of energy drink. Now, Microsoft’s collaborators in the speedboat operation wanted to do more jobs, including in Australia. “They have an endless number of ships,” Microsoft told one associate.

It was a dizzying amount of business, but Microsoft stayed in his lane: When one person suggested he get into trading gold, Microsoft said he doesn’t touch stuff he doesn’t know about. He knew all about smuggling drugs—and he knew all about encrypted phones, how to use them to weave a spiderweb of contacts in the criminal underworld. He knew everybody, one associate said.

Microsoft was, obviously, a big deal. And he understood as much. Microsoft was also, quite simply, “crazy,” according to multiple people who worked with him.

During a trip to Cartagena, Colombia, the previous year, Microsoft had gone on a drug-fueled rampage through the Hyatt Regency. High on cocaine and ecstasy, authorities say, he snapped and threw a chair out of a smashed window on the 11th floor. And a blender. And a table. And a broom. A crowd of people gathered on the street across from the hotel and shielded their eyes from the sun as they pointed upward at what was bizarrely unfolding in the sky above them. Microsoft’s outburst was seen as such a danger that the hotel evacuated, as did a nearby supermarket. Colombian authorities—who later alleged that Microsoft had visited Cartagena as a sex tourist—expelled him from the country and banned him from reentry for seven years.

In an instant, Microsoft could flip from that sort of unhinged behavior to saying that he loved his co-conspirators, to threatening to kill someone, to congratulating a beleaguered, sleep-deprived drug gang on a job well done. A colleague smirked that Microsoft had seven different personalities. And he seemed to have an encrypted phone for nearly each of them. He carried two Sky phones with him; for a time he’d even been an encrypted phone dealer himself, persuading other criminals to join him on Sky. Microsoft was also a customer of Sky’s rival, EncroChat, the most popular encrypted phone for criminals in Sweden. He’d trusted that device enough to plan at least one assassination with it, using it to trade photos and discuss travel related to the hit.

But something was about to shake the criminal underground, something that would drive Microsoft to go all in on a third encrypted phone company. He would even attempt to take total control of it—to place himself atop a global empire of networked devices—never realizing that other people, higher up the chain, were in fact taking control of him.

ILLUSTRATION: ALVARO DOMINGUEZ

In the middle of the night on June 13, 2020, just 18 days after Microsoft’s speedboat smuggling operation, EncroChat sent a message to its customers. “EMERGENCY FOR ENCRO USERS,” it started, with simple black text on a white background. It claimed that “government entities” had taken over some of the company’s infrastructure and used that to launch a hack against EncroChat devices. The five-alarm warning didn’t go into specifics, but it urged customers to immediately power off their phones and dispose of them. “Due to the level of sophistication of the attack and the malware code, we can no longer guarantee the security of your device,” the message to EncroChat’s now-panicked users read.

A couple of weeks later, a coalition of European police authorities held a press conference and took responsibility for the hack: The French Gendarmerie had hacked into EncroChat’s infrastructure, pushed malware to the phones themselves, harvested about 100 million EncroChat messages, and then shared them with police in the Netherlands, the UK, Norway, and Sweden. Attempted murder for hire, international drug trafficking, extortion, narcotics laboratories—the small group of officials said they had eyes into all of it. “International drug and money laundering corridors have become crystal clear,” Dutch authorities said in their press release.

Within a week of that announcement, Microsoft was crammed into an aisle seat in row 15 on a commercial flight to Istanbul, Turkey. He was traveling with a fellow drug trafficker named Ivan Butina, who sat just across the aisle from him. During the flight Butina pulled up his Samsung mobile phone and framed a selfie of the two, their eyes smiling above Covid face masks.

Microsoft realized he was in a mess because of the EncroChat hack. He was, after all, one of the 60,000 people who had used the company’s phones with their texts now potentially in the hands of law enforcement. But he also realized that EncroChat’s death presented an opportunity. A space had opened up for a new player in the encrypted phone world. Plenty of criminals in Sweden and others further afield were now looking for a replacement device to secure their communications. Hence Microsoft’s trip to Istanbul. His object was to meet up with someone he would later call “the encryption king.”

Hakan Ayik was Australia’s most wanted man. He had run a cartel that smuggled in many of the country’s drugs, and was now based in Turkey, running international expansion for a new encrypted phone provider called Anøm. He was looking for someone to help him push Anøm in Europe, and Microsoft’s prodigious connections to organized crime gave him an edge.

In that visit and subsequent trips, Ayik and Microsoft became close. Together, they figured they had a shot at running a large chunk of an encrypted phone company—one that, if they played their cards right, would unseat Sky. “I was at the table when the deal was made,” Microsoft later recalled to an associate in an Anøm message. “Anøm will be the largest one in the world.”

Their first goal was to cement Anøm’s presence in Stockholm, a hotbed for organized crime in Europe; Microsoft estimated there were thousands of potential users there and in Sweden’s northern provinces.

Microsoft’s travel companion, Butina, was an aging gangster from Malmö who had helped bring him up in the criminal underworld; Microsoft called him “uncle” even though they weren’t related. He would be Microsoft’s partner in pressing Anøm across Sweden. But as they returned from Turkey and entered an encryption turf war—mainly against Sky—it quickly became clear that Microsoft and Butina were at odds.

Butina, who had recently served a long prison sentence and had no intention of going back behind bars, wanted to sell Anøm phones out in the open, in shops, maybe even use an Instagram profile to generate publicity. It would give him a nice way to generate income without resorting to crime. Microsoft shut down that idea. Sales would be completely underground, from person to person. “We move Anøm like we move kilos,” he said.

Microsoft’s target market was the country’s drug-trafficking and murder-for-hire gangs, but winning them over would be a challenge. Sky was so popular, phone resellers joked that every other guy was a vendor of the company’s handsets. Some drug traffickers even went so far as to emboss the Sky logo into their blocks of drugs. Anøm would be an unknown newcomer.

Microsoft’s first tactic was to outprice the competition. While a six-month Sky subscription could cost between $1,000 and $2,000, he offered promotional deals on Anøm for as little as $600 in some cases. Microsoft even gave away the phones to some prospective clients for free. Worry about the money later, and take as many as you want. Just hand out the phones to your people, he told his gangster contacts.

Above all, he assured them that the police would never get anywhere near the platform. “You can trust Anøm,” he said. The guy behind the company, he claimed, was wanted by the FBI, and “one of the most criminal people there are.” He was seemingly referring to Anøm’s creator, a tech-savvy entrepreneur who went by the nickname Afgoo. Anøm was “just me and other criminals there,” Microsoft wrote in texts. To demonstrate his own faith in the product, Microsoft sent photos of his own Swedish identification card, with his name, date of birth, and photograph across Anøm.

Microsoft also spread negative news stories about Sky that claimed the devices were vulnerable to hacking by the police. His staff stressed that Sky was based in Canada, which was part of the Five Eyes intelligence alliance. Microsoft built an initial team of about half a dozen resellers, commanding them to keep their Anøm phones in hand at all times. He told his resellers to denigrate Sky’s security and also steadily remove contacts from their own Sky phones. That way, more people would need to come to Anøm. There was a finite market for these criminal-focused devices, and Microsoft needed to squeeze customers from one platform to another.

“Only pussies use Sky, say that to them,” Microsoft told his resellers. He made things personal. When an associate of his kept using Sky, he told them, “This is my life, you understand. If you use Sky, you are also playing with my freedom.”

Finally, if none of that was enough to give Anøm an edge, Microsoft entertained a third option: violence. He likened the selling of phones to having a drug territory. If someone else on his or his resellers’ turf sold encrypted phones, he suggested sending someone to shoot them.

“There is too much shooting with you,” Butina said. “Who says whose territory this is?”

“It is mine. Nobody sells but for my people,” Microsoft snapped back. “I haven’t even started yet.”

The Anøm rollout was sloppy at best, but customers gradually started to trickle in. And as they did, so did requests for new features on the phones. Microsoft said he would compile these user issues and report them to Anøm headquarters. He often annoyed Anøm’s central support staff, rapidly and haphazardly flip-flopping between demands: Take out the ability to contact support from the users’ phones, then put it back in; introduce the ability to make voice calls, and then he’d change his mind, again.

But the people in charge at Anøm told their staff to bear with Microsoft. Because his goals—to make Anøm the organized criminal’s handset of choice—were closely aligned with theirs. As an aggressive and successful international drug trafficker who vouched for Anøm by using it for his own drug deals, he was a perfect ambassador for the brand. When it came to tapping into international criminal networks to sell phones, Microsoft was second only to Ayik.

As Anøm became more popular in the criminal underground, the people at the very top of the company watched everything unfold from a set of desks in San Diego, California. When sales really started to pick up, they moved into a larger office space and set up more rows of computers and brought in more staff. Given Anøm’s international reach, the team sorted its office space into geographical regions, with people focused on different countries in different parts of the room.

The best part of Anøm’s expansion was that they didn’t need to do any work to sell the phones. “We allowed these devices to be sold organically across the world,” says Brett Kalina, one of the higher-ups overseeing Anøm. A high-ranking criminal would buy phones from Anøm and then turn around and sell those phones to other criminals, either at a markup or for a slice of the profits. It became “a cycle that feeds itself,” as another principal at Anøm said.

Or as Kalina put it, more cynically and to the point: “We were creating our own pyramid scheme.” Money from the sale of Anøm phones siphoned ever upward; it was a pretty good deal for someone like Microsoft, who sat high in the pyramid, with a growing line of resellers below him. But no one in all of Sweden, not even Microsoft, knew who it was at the very top of the scheme. The identity of all those people at their desks in San Diego was a complete secret.

That, however, was about to change.

The Swedish Police Authority headquarters in Stockholm looks more like a castle than a police station, and inside it, a huge smile was spreading across Ted Esplund’s face. The blond-haired, blue-eyed head of operations with the police authority’s national intelligence unit was midway through a coffee with the local FBI legal attaché from the US embassy. Esplund and the attaché often had these meetings to update each other on their countries’ respective investigations. But this one was different.

First, the attaché asked Esplund to sign a bunch of paperwork to ensure he understood the sensitivity of the conversation. Then he revealed something incredible. It had to do with Anøm, the encrypted phone company that had swept in to fill the vacuum left behind by EncroChat.

Anøm, the visiting attaché said, was in fact even more of a honeypot than EncroChat had been. The FBI wasn’t just intercepting its messages. The FBI was secretly managing the whole company, under the code name Operation Trojan Shield. The people at the top of its pyramid scheme were actually a bunch of agents, furiously reading messages between criminals.

That’s when Esplund’s face erupted into its grin.

The FBI, it turned out, had controlled Anøm for nearly the entire existence of the company. It all started back in 2018, when the agency shut down another encrypted phone company called Phantom Secure. Just as happened with EncroChat, the crackdown created a vacuum in the market, with stranded Phantom Secure users now grasping for a new phone of choice. And somewhat like Microsoft, a canny player in the encrypted phone industry smelled an opportunity in the exodus.

As it happened, one of Phantom Secure’s distributors had been on the verge of starting his own, rival encrypted phone service at the time of the crackdown. That distributor was Afgoo, the tech-savvy entrepreneur behind Anøm. To get in front of the FBI, Afgoo took the extraordinary step of approaching the agency with an offer: In exchange for the possibility of a reduced sentence, would the agency perhaps like the keys to his new encrypted phone startup? That would allow them to soak up refugees from Phantom Secure—and monitor all their communications.

The FBI and its partners at the Australian Federal Police, who had been involved in the Phantom Secure takedown, leaped at the chance. First they built a backdoor into Anøm’s encryption mechanism. Then the Australians ran a beta test: Afgoo handed out a few phones to criminal contacts in Australia. A hundred percent of the beta test customers used the phones to conduct crimes, and the police caught every word of it. The operation took off from there: The unwitting beta testers told their contacts about Anøm, and soon Afgoo was fielding demand for the phones overseas.

This word-of-mouth marketing was important, because the FBI needed to avoid any claims of entrapment; it helped that this organic sales model was just how many real encrypted phone companies worked. As Anøm grew, especially in Europe, the FBI started learning about drug shipments and assassination attempts in other countries, so it began passing tips to foreign law enforcement agencies through legal attachés. But as users flooded in—especially with the 2020 fall of EncroChat—they got overwhelmed; eventually, it made more sense to simply give some foreign partners direct access to the Anøm messages. Some were given credentials to Anøm’s surveillance backend, called Hola iBot. That’s where Esplund came in: Now he was being roped into the world’s biggest sting operation as well.

Esplund was astonished. “I just wanted to scream out to all my colleagues,” Esplund later said—to shout his admiration for what the Americans had pulled off. It took just a few hours for Esplund’s superiors to approve Sweden’s involvement. Police in Sweden had already seen the incredible power of messages taken from underground chat platforms. After the EncroChat hack and subsequent arrests, the number of shootings and explosions in Sweden had gone down for the first time in years. Senior officials thought those messages had been a game changer in combating serious and violent crime. Now the FBI was inviting them to a front row seat in the Anøm operation. They did not hesitate.

The FBI provided Sweden and several other European countries with detailed instructions on how to remotely access the Hola iBot surveillance system—with an important caveat. The FBI asked them not to use the messages as part of their criminal investigations. The countries’ prosecutors could not enter Anøm texts as evidence in court to charge anybody—at least, not yet. Court meant discovery, and discovery meant revealing where the evidence came from. The FBI wanted to keep Anøm going and its secret tightly under wraps.

And so the Swedish Police Authority set up a room where Esplund’s team worked nearly around the clock. They put up dividers inside the room, blocking anyone from peering inside from the adjoining corridor. There was to be no mention of Anøm beyond the room, not even when the officers used the nearby toilets that they shared with the rest of the intelligence unit. It was obvious to other teams that something significant was happening; the room was scarcely ever empty. If anyone asked, the Anøm agents said they were still just piecing through data from the EncroChat hack.

In fact, Esplund’s team had re-created a miniature version of the FBI’s San Diego wiretap rooms, eavesdropping on new messages from an ever increasing number of criminals. And it wasn’t long before they became all too familiar with the prolific chat output of Anøm’s biggest booster in Sweden. And his next outlandish scheme was just getting off the ground.

ILLUSTRATION: ALVARO DOMINGUEZ

There was something off about the neighbors. Lars* often watched them through his floral curtains while he made coffee. His house in the Swedish countryside sat around 30 meters away from theirs. The group of men who lived in the cottage barely ever used the front door. Instead, they came and went through an entrance to the basement.

It wasn’t just Lars who spotted strange things about these neighbors. Other locals noticed that most of the windows of the house stayed open even when it was cold outside. The occupants would often dig and then cover a hole in the same spot in the yard again and again. The men washed out their vehicles much more frequently than seemed normal. And one of the men in particular, Pawel Brzozowiec, cut the grass in the yard in such an erratic manner that neighbors thought he looked hysterical. For some reason, he always walked around in shorts and a T-shirt, even in the Swedish cold.

He seemed friendly enough. Clean-shaven, young, with ears like radar dishes. Brzozowiec worked in a bakery late into the night. He sometimes gave his neighbors bread from the bakery, and offered to help them with anything they might need. But things were just not right.

This was Microsoft’s latest project: an amphetamine lab inside the basement of an idyllic cottage. While he pushed to expand Anøm in Europe in the second half of 2020, he was also setting up this lab between a dense forest and a Swedish lake. Painted a modest beige, the house looked like a vacation getaway or sleepy retirement spot. For years it had been paused in a state of mid-renovation; masking tape framed the windows, walls half-painted. The owner—the father of one of the gang members—had originally intended to rent it out to fishermen on holiday.

The basement lab contained a cornucopia of equipment for cooking speed. In one corner was a machine for pressing the amphetamine into blocks. Nearby was a dough mixer that Brzozowiec had likely stolen from the bakery. Scoops, spoons, and forks sat next to tubs of caffeine, solvents, and sulfuric acid. Flexible ductwork hung from the ceiling helped suck the poisonous air from the basement. The smell of rotten fish wafted up from vats of amphetamine oil.

The lab represented an evolutionary leap in Microsoft’s drug empire. Rather than only handling the smuggling and distribution of narcotics, now he was taking over manufacturing too. Microsoft had hopes of shipping his lab’s amphetamine all the way to Australia, once he got production up to speed.

Microsoft didn’t control the amphetamine lab alone. He was part of a four-person group that called itself the Firm, with 50 years in prison between its members. Tommy Bogebrink, known as Mr. Lansky or Zedd on Anøm, was said to be a university-educated business lawyer and trained sea captain. He first met Microsoft in prison, and had been out for only a month before he joined the Firm. He handled accounting and sales on the dark web, where websites that looked just like eBay or Amazon sold nearly every narcotic imaginable to consumers and wholesale buyers alike. On these underground websites, the lab’s amphetamine received a stellar average rating of 4.99 out of 5 from 100 customers. Bogebrink was the measured counterbalance to Microsoft’s erratic behavior. “You must not let him stress you,” Bogebrink told one of the cooks in an Anøm message. “He is not well.”

The third member of the Firm was Alexander Jovanovic, who at times used the nickname Soko. Like Butina, he was an aging gangster who had known Microsoft and his family since Microsoft was a child. Jovanovic had retired earlier that year, but Microsoft convinced him to come back to help with Anøm. Now he was knee-deep in running the amphetamine lab and constantly bickering with Microsoft; the latter joked they were like a married couple.

The last member, MK, was something of an enigma. Bogebrink and Jovanovic didn’t even know who their mysterious fourth investor was. Each individual member owned an equal 25 percent of the Firm, but Microsoft saw it as his company. “This is not a democracy,” he raged in one series of Anøm messages to another member.

On Anøm, the Firm had its own dedicated group chat for these four members. Then there were others, such as the “oil” chat, where people who had to organize the transport of amphetamine oil communicated. At the bottom of the totem pole were a courier and getaway driver, the cooks themselves, and Jakub Walczak, a middle manager who oversaw operations in the lab amid Microsoft’s constant nagging. Walczak’s father owned the house, and Brzozowiec was his cousin. Microsoft made Walczak agree to work exclusively with the Firm.

Microsoft and other members of the Firm coordinated the sale of amphetamine to wholesale buyers across Sweden. Microsoft remotely piloted drop-offs in parking lots, near hospitals, and in quiet sections of the Swedish countryside via Anøm, acting as a hectic relay point for information. Often he ordered buyers to provide their car’s model and license plate number, as well as an address; the customer’s driver would leave the car parked with the doors unlocked or the key hidden nearby. Microsoft’s couriers would then place the amphetamine in the car and leave. No one saw each other’s faces.

Microsoft and his crew used Anøm for everything: ordering amphetamine oil, discussing techniques for producing higher-quality product, and organizing deliveries. Microsoft’s associates even sent photos of their vacations to one another across the platform.

The Firm wasn’t just a major user of Anøm phones—it also became one of Microsoft’s main vehicles for selling the devices. Jovanovic was a particularly active collaborator. He would relay who needed new Anøm devices, and Microsoft would send the phones out. Microsoft pitched it as an investment: If you were a high-ranking criminal, you could take these phones and—according to Anøm’s pyramid scheme—make money off of the people underneath you in the criminal ladder.

Toward the fall, Microsoft went traveling in Europe—and took his Anøm business with him on the road. After his stay in Madrid, Anøm phones started to appear in Spain. Microsoft hired someone to be his “main man in Serbia”; the phones started being used farther east too. Anøm associates pushed into Denmark. Colleagues told Microsoft to send the phones to Paris. One buyer wanted 100 phones for contacts spread across Norway, Spain, and Sweden.

Sky was still the biggest player in Sweden, the de facto replacement for EncroChat in many places. But Microsoft’s strategy was slowly but surely working; Anøm was becoming a recognized brand in Europe.

Microsoft had the same kind of global ambitions for his drug lab; he just needed to increase scale. In a message to the oil group chat, he sent a photo of a supplier’s lab that was able to produce 3,000 liters of amphetamine oil a week. “I will fill a swimming pool with oil for you,” Microsoft wrote in a message directed to Walczak.

By December, Microsoft was well on his way to fulfilling this fantasy. The lab had reached the capacity to produce more than a ton of amphetamine a month. He complimented Brzozowiec on the speed of the work. Microsoft made plans to import more oil, and to start exporting their product to Australia, where it could be sold for more money than they would know what to do with. Microsoft was now in contact with “the largest people in the world,” he wrote. (Police believe Microsoft’s line to Australia was Ayik, the Sydney Morning Herald later reported.)

Everything at the Firm was looking up. “I’m starting to like you guys, maybe we can go on vacation sometime to a resort and drink beer and talk about the future,” Microsoft wrote. He would pay for it all. Microsoft sent those messages in the early morning of December 5. In just a day or so, his dreams would come to a sudden end.

Before Anøm, Esplund and his colleagues had never heard of the Firm. Microsoft had whipped up an amphetamine lab right in the Swedish police’s backyard—and no one on the force had known a thing about it. Anøm gave Esplund’s team a sudden, almost omniscient view into organized crime, and it took them some time to come to grips with it.

Soon after the team gained access to Anøm’s messages, for instance, they were faced with a sobering realization. Just two weeks before they began monitoring live chatter on the platform, a group of criminals had used it to plan and carry out an assassination in Stockholm: A young man named Sascha had been shot on a bridge in mid-September. The entire killing was now documented in the cold static of an FBI hard drive. Swedish police came to call this event “the Bridge,” and held it up as a reminder of the stakes of their access to Anøm; it imbued them with the responsibility to act on information if someone’s life was in danger. “I will not sit and read on my laptop that someone is going to die between 8 and 10 this evening,” Esplund resolved.

On this count, however, Microsoft made the team’s life exceedingly difficult—because he was constantly talking about killing, kidnapping, or bombing people. One second Microsoft talked about a new plan to smuggle cocaine. Then, he threatened to kill his associates. Then, he flipped back again. He had a growing list of enemies who supposedly owed him drug money, and he meant to strike fear into their hearts. Even torture was on the table. “Sadly we have to be violent too so people see that we go all the way,” Microsoft wrote across Anøm. “It has to be Mexico style on all of them,” he added, invoking that country’s reputation for grisly cartel violence.

Microsoft would discuss every detail of his assassination plans: getaway cars, escape routes, what weapons to use, how to supply the hitmen with Anøm phones. He even asked whether he could get a bulk discount from hitmen if he ordered multiple murders at once. At times it seemed that if someone didn’t stop him soon, there would be an ever-growing pile of bodies across Europe. But then Microsoft’s attention would jump back to his various projects—back to the Firm, the lab, his empire of selling Anøm.

Eventually, Esplund’s team decided that the best way to handle Microsoft would be to play God a little. They would disrupt Microsoft’s businesses, not only to stop the flow of amphetamine but to apply some pressure to the Firm. If they could raid the lab and shut it down, Microsoft would owe other criminals money—just like the other criminals he railed against, who owed him. Maybe then the Firm would get sloppy and make more incriminating mistakes, while the intelligence unit monitored their reactions.

The only problem was that they didn’t know precisely where the lab was: They’d have to get one of Microsoft’s footsoldiers to lead them to it.

By now, regular police officers who got sent out into the field to act on intelligence from Esplund’s team were curious. The tips his team fed to other parts of the agency held impressive detail: A black BMW will drive to this parking lot at 7 pm. The driver of a Volvo will then give this person a wad of cash in exchange for cocaine. How was Esplund’s unit getting this sort of granular insight? On a Friday in early December, Esplund called in one of his tips to a well-placed police colleague: Next Saturday, he said, there’s going to be an amphetamine deal in a specific parking lot. You should look into it.

The colleague was hesitant. We don’t have the resources, he said. Everyone is on other duties right now. Esplund persisted. “Please, do it for me, this time,” he recalls saying.

The task of closing in on the drug lab ultimately fell to Detective Inspector Andreas Börjesson. A courier named Jens Lindberg, he was told, was due to show up in a busy parking lot outside a shopping mall with a shipment of 50 liters of amphetamine oil, enough to cook up 100 kilograms of speed. At the same time, Brzozowiec, the cook, would show up with a fresh load of at least 60 kilograms of finished amphetamine ready for customers. Then courier and cook would rendezvous and exchange packages—all while a handful of plainclothes police scouts watched from nearby.

Brzozowiec arrived at the swap spot at around 3 pm. Dressed in a black jacket and beanie, he loaded a shopping cart with three boxes containing the blocks of cooked amphetamine, then started to push the trolley across the lot while he held a phone in his hand to receive instructions. When Brzozowiec finally came near Lindberg’s car, the latter clicked his car key so the lights flashed. Brzozowiec loaded his three packages of finished amphetamine into the unlocked trunk and took out three white cans containing 50 liters of amphetamine oil. Once he’d loaded them onto his shopping cart, he wheeled them back to his own vehicle and started the drive back to the lab. Swedish police had watched every moment of the swap.

Lindberg, still nearby by his own vehicle, braced for the green light that he was clear to leave. “Waiting for ok …” he wrote on Anøm.

“Done!” Bogebrink, who had remotely coordinated the swap, replied a few minutes later. “You can go.”

In his late fifties, Lindberg was reluctantly finishing a few last jobs for Microsoft before severing ties; he was sick of Microsoft’s management style. Once he’d gotten the go-ahead, Lindberg jumped into the driver’s seat and sped out of the car park. The police scouts followed in their own car. After a short drive on the highway, the courier took an exit and pulled over to pee by the side of the road.

When the police pulled up and got out of their vehicle, Lindberg turned around and his face flushed with panic. The cops said they were going to search the car. Lindberg objected, but his body language said he had given up. There was no way out.

While one team of officers followed and busted Lindberg after the car park swap, another team followed Brzozowiec, who eventually led them to the sweet cottage in the countryside. At 6 pm, a police scout took a position in the forest overlooking the house and saw the gang’s cars parked in the driveway. The downstairs lights in the house turned on and shone out into the forest. The police figured this must be the lab. They prepared to find out for sure.

At 7:30 pm, Brzozowiec was upstairs watching a movie next to a half-eaten takeaway pizza when he heard a noise below him, and headed down to check it out. It was December, but he was wearing shorts, a T-shirt, and flip-flops because of the heat generated by the lab. He started to descend the basement stairs.

Outside, one SWAT team had positioned itself by the entryway that led directly to the basement; another was at the front door. They struck simultaneously. “Police!” one officer shouted as a colleague flung the basement door open and another smashed the front door with a battering ram. Brzozowiec peeked around the corner just as one of the SWAT teams entered. He spun around, only to come face to face with the second team. “What the fuck!” he screamed.

The officer at the front of the pack pulled Brzozowiec aside and threw him to the ground so the rest of the team could rush in. Flashlights on the tips of the SWAT team’s assault rifles rapidly strobed on and off. As an officer pushed deeper into the basement, a cook named Michal Glowka—who had just joined the lab that week—walked toward him, his black gloves caked in a powdery substance.

“Lie down! Down on the floor!” the officer shouted and pointed the laser dot on his pistol at Glowka. Stepping over the now-prone cook, he slowly opened the door to the basement’s second room. There it was: a mass of amphetamine production equipment, tubes for ventilation hanging from the ceiling, 20 kilograms of finished product, waiting to go out the door. No one else from the drug gang was in the building. The raid was over in a matter of seconds.

Walczak, the lab manager, had watched the entire thing unfold through motion-activated cameras and relayed the bad news to his bosses. Microsoft was furious. “How the hell did they find the lab???” he hammered into the Firm chat.

The crackdown didn’t make any sense. Only a few select people knew where the lab was. The Firm kept information from its workers on a need-to-know basis. The courier and the cooks who were arrested didn’t even know much about each other; they couldn’t have snitched.

The group members surmised that the police must have monitored the swap of amphetamine oil and product in the car park, and then followed Brzozowiec after the handover back to the lab. But it wasn’t clear how the police knew which car park to monitor, or when.

Microsoft had a theory: The culprit was Sky. The people who had delivered the amphetamine oil from elsewhere in Europe, he knew, used Sky phones. Maybe that was the source of the leak; maybe the police had been following the oil. From now on, Microsoft ordered, Sky was strictly forbidden. Now, in a supreme irony, all of the Firm’s and its associates’ communications would take place via the FBI’s pet phone company.

Microsoft’s tragic flaw was that he always went all in. After the raid, a friend tried to convince Microsoft that maybe now was the time to slow down. Try a smaller job, take your time. Microsoft was indignant; he wasn’t going to do that. He continued to aggressively push Anøm without even taking a break. Microsoft now seemed to have the stench of failure about him, but he wasted no time throwing himself into another project.

Just two days after the lab raid, he was hustling on a faintly ridiculous scheme to buy a massive shipment of cucumbers for a hash smuggling operation. When he offered one associate half the profits from selling the surplus produce, the associate texted back, “I’m not a vegetable grocer and will not become one.” Behind his back, co-conspirators started calling Microsoft “the Fool.”

Sure enough, at the end of the cucumber deal, Microsoft ended up stuck with an industrial quantity of the vegetable. (He took out his frustration on the guy who was supposed to handle the ultimate sale of the cukes. “Thanks for nothing,” Microsoft texted on Anøm. “People wonder why they get shot.”) Yet for the brash and erratic criminal, things were only beginning to get difficult.

Just as Esplund and the Swedish police wanted, Microsoft was feeling the squeeze. He’d lost his investments in the lab, which meant he owed other people money; and before long, he was the one receiving threats. Before the end of the year, Microsoft had left Sweden. He told associates he would never come back. The only arena where he seemed to be moving up in the world was Anøm.

ILLUSTRATION: ALVARO DOMINGUEZ

On New Year’s Eve, in the last hours of 2020, Microsoft sat in the conference room of a small office space in Istanbul, in a jubilant mood. A computer mouse, phones, and other equipment were strewn across the desk. On the wall at the head of the table hung a dazzling orange and white neon sign. “Anøm,” the sign read. “Enforce Your Right to Privacy.” Microsoft exchanged New Year’s best wishes with a friend over WhatsApp.

“How do you like my office?” he texted.

“Luxurious!” the friend replied. “The president.”

Microsoft had made a new home for himself in Istanbul, and a new headquarters in this office with Ayik—the “encryption king” who had introduced him to Anøm in the first place. He was safer in self-imposed exile, and better able to plot Anøm’s expansion with Ayik. The two were closer than ever, and together they had started a coup.

This office was a theatrical manifestation of Ayik and Microsoft’s performative takeover of Anøm. Ayik had taken to introducing himself as Anøm’s CEO, as if to will that position into existence. Who else but the CEO, after all, would have such an office space, conference table, and giant illuminated company sign? If Ayik was Anøm’s self-proclaimed chief executive, Microsoft was his right hand. And along with their symbolic power grab, the two were also scheming to take over Anøm in a more concrete way—by seizing control of its European supply chain.

In the early days of Anøm, a single electronics company in Hong Kong had done the work of installing Anøm’s software onto phones. But after the collapse of EncroChat, to handle the influx of customers, Anøm’s superiors decided to diversify production. They provided a select few people with the means to create new Anøm phones. In Europe, they chose a distributor in the Netherlands who went by the name Wijzijn.

What they bestowed on Wijzijn, specifically, was a set of small black boxes: miniature computers that, through a chaos of cables, could mint about 15 new Anøm phones at a time. Ayik and Microsoft saw this as a threat: Whoever wielded those boxes got to decide who received Anøm phones. They wanted that power. So Microsoft eventually sent someone to physically seize the black boxes from Wijzijn. When other distributors received black boxes, he seized them too. If there were to be Anøm factories in Europe, Ayik and Microsoft were going to control them.

Little did they know they were actually thwarting the FBI’s attempts to manage Anøm’s distribution—and introducing problems with quality control along the way. As usual with Microsoft’s empire building, execution was sloppy. Some of the deputies he entrusted with black boxes were not properly trained in using them, so Anøm phones went out to customers that were poorly programmed or incorrectly labeled.

But the takeover worked well enough. To demonstrate his dominance over Anøm’s European operations, Microsoft took a photo of a spreadsheet that listed all of the resellers underneath him in Anøm’s pyramid scheme. In alternating lines of black and gray, the photo showed agents with Finnish, German, Italian, and the European Union flags in their usernames. Paris and Barcelona were also under his reign. So was a certain reseller from the Netherlands who had recently controlled production on the continent. “Wijzijn works for me,” Microsoft crowed to an associate. He and Ayik had won.

And yet, in pretty much every other department, Microsoft was still feeling the squeeze. After the December raid on the amphetamine lab, he had been able to smuggle a respectable 100 kilograms of the hash he hid among the cucumbers. But other drug operations seemed cursed; somehow police kept jumping on his shipments. One of Microsoft’s crews had tried to smuggle amphetamine from another supplier into Sweden in January 2021, but border officials found the amphetamine in a bag in a truck. A couple of weeks later, Swedish police had stopped one of Microsoft’s transport trucks carrying kilos of cocaine.

Then Microsoft tried one of his elaborate ocean cocaine drops again, this time on the other side of the world. In late February, a ship careened through choppy seas 50 miles off the coast of the Japanese island Yakushima. The ship slowed, and its crew members flashed their lights three times. In the distance, a smaller fishing boat flashed its own lights three times. With that a sailor on the ship threw some barrels full of cocaine overboard, and a WhatsApp message went out with the drop coordinates: “29°51.9N 131°16.3E.”

The idea was for the fishing boat to pick the barrels up and then transport them to Hong Kong. But harsh weather scrambled communications and made the waters so choppy that the fishing boat couldn’t reach the drop point. The cocaine remained at sea, unclaimed.

Of course, the FBI and its partners were following along with the deal the whole time. They would have nabbed the drugs if nature hadn’t. Microsoft suspected nothing. The fishing-boat job ended as yet another expensive failure on his ledger. Financial pressure was mounting.

One day in late March 2021, Microsoft sat at the conference table with the Anøm sign in front of him, scribbling acronyms and numbers onto a notepad. His scrawls were messy, but the status of his drug trafficking was very clear: “Searching for projects, counting loses 🤕,” he texted via Anøm along with a photo of his notes.

Debts and losses are facts of life in the drug trafficking industry, and smugglers account for them. Some shipments get caught by customs, some drugs get lost at sea; mistakes happen, people lose a bit of money. But generally, most shipments get through. With Microsoft, things were different. The police were incessant. Transport after transport, shipment after shipment were gone. With every new idea Microsoft dreamed up, or fresh couriers he brought on board, the police knew when and where the drugs would be.

As he grew desperate, he also grew more dangerous, and Esplund’s team watched as his attention swerved back to murder. Microsoft started to consider assassination as a way out of his financial predicament: If he hired someone to kill one of his debtors, maybe that would terrify the rest into coughing up the money he was owed—like returns on an investment.

The person that Microsoft singled out for death was a guy named Salah*, a former Stockholm café owner who owed him $800,000. In March, Microsoft started a group chat with a couple of associates where they laid out their options for murdering Salah. Microsoft was willing to pay 600,000 Swedish kronor ($70,000) for the job, well above what his friends told him was market rate. Within a couple of weeks, they had an assassin lined up, and had gotten to the point of searching for Airbnb listings near Salah’s house where the killer could lie low afterward.

An associate named Pelle Arbiv suggested that the assassin dress up as a delivery driver, knock on the door, and when Salah answered, kill him with a silenced pistol. Microsoft loved this notion. “The thing with delivery to the door is great,” he told Arbiv in a text. “Like your style bro.”

“Something we KNOW works bro 🙃,” Arbiv replied.

The plan represented such a clear threat that Swedish police took an extraordinary step: They warned Salah that his life was in danger. Then quite independently of those warnings, Microsoft’s murder plot started to go wobbly, and—even more quickly than it arose—the seemingly imminent assassination fell through.

Abandoning his Hail Mary attempt to rescue his finances through terror, Microsoft turned all his hopes to a new partnership with an amphetamine producer from Holland. It was by far the most promising connection Microsoft had made since his luck went sour: The partner, Yann*, had experience managing multiple labs. The speed was of good quality, and Yann had the capacity to ship amphetamine twice a month for Microsoft to sell in various European countries.

Yann had recently shipped a test batch of 100 kilograms of amphetamine—the bricks stamped with the Louis Vuitton logo—from Holland into Sweden, with Microsoft remote-controlling the smuggling from afar. In a sign of goodwill, Yann paid for all the upfront costs. Microsoft’s network sold most of the drugs in just a matter of days. The police did manage to seize 10 kilos—a loss, but not a catastrophic one. Yann even absorbed the damage, and the pair carried on.

“Finally I have people I can work long term with thank you,” Microsoft texted Yann. The new partner professed that he was in it for the long haul too. But Microsoft was playing a dangerous game: He was encouraging wholesalers to buy his amphetamine on credit, and promising buyers batches of drugs before they had successfully arrived at their destination. He was fixated on moving the product to customers as quickly as possible rather than storing it in a safe house and then finding clients. That approach, Microsoft thought, was less vulnerable to the law enforcement raids that kept wiping out his stash. But if the drugs didn’t land, or the police did seize them, it meant his customers wouldn’t get their product, and Microsoft wouldn’t get his cash—or a way to pay back his own debts. It was a precarious way to do business. Some coconspirators threatened to pull out. Microsoft was doing more than ever to earn his nickname, the Fool.

To prove that he could create a reliable and long-running distribution chain, Microsoft asked Yann to prepare another shipment of amphetamine from the lab in Holland. Yann preferred to send smaller shipments rather than one massive batch that might get caught, but Microsoft wanted to flood Sweden with drugs. So he asked Yann to whip up 200 more kilos and stamp it with the word “TJACK,” a common Swedish term for speed. (When Microsoft asked for a four-letter stamp that spelled TJACK, his new partner pointed out that the word contained five letters.) The stamps Microsoft requested were to be used only for his drugs, his calling card. Yann’s kitchen staff dutifully made a stamp out of wood to be pressed into the blocks of amphetamine. The plan was for TJACK to be the best on the market.

In early April, a truck from a flower company carrying the first 120 kilograms of TJACK crossed the border into Sweden. The drugs arrived at the safe house, and Microsoft’s couriers started to distribute the speed. For Microsoft, everything was riding on their success.

Of course the police struck again. They seized 85 kilos. “Back to square one,” Microsoft wrote on Anøm, defeated. After this second seizure, Microsoft’s relationship with Yann unraveled. Yann had been OK splitting the loss for the Louis Vuitton speed the police grabbed in March. When Microsoft asked to divvy up the damage for the latest raid, Yann made it clear: If Microsoft didn’t handle it, and sort out payment soon, he would not ship any more amphetamine.

Two days later, Microsoft managed to send Yann a lousy 8,500 euros. “What is this a joke??” Yann snapped back. Microsoft’s partnership with Yann wasn’t the only relationship falling apart. His other contacts didn’t want to sell his drugs anymore. Something about this speed was cursed.

“Bro I don’t want any more tjack,” one wrote.
“Please bro,” Microsoft replied.
“Bro the arrangement is not good,” the associate continued.

Inside the Swedish intelligence unit, Microsoft’s steady fall from grace was a source of great entertainment. When the smuggler admitted in Anøm messages that he had never heard of a drug trafficker losing multiple shipments in such quick succession, smiles broke out all around the office. Analysts gossiped among themselves: “Have you seen this? Have you seen what Rivkin sent?”

On April 13, about four days after the TJACK seizure, Microsoft was in his office with the blinds drawn, his laptop placed on a blue sofa. It was just after 11 pm. He rapidly flicked through different spreadsheets that tracked his drug income and costs. His situation had been bad when he scribbled figures onto his notepad in March. Now it was terrible.

What’s more, other gangs were growing suspicious of Anøm. As soon as one of them started using it, police seized a drug shipment. Anøm was jinxed, one customer said.

An anonymous tipster created a website called “Anøm Exposed” that claimed Anøm was funneling user data to law enforcement in the US. Arbiv, the associate who’d helped brainstorm the assassination, asked Microsoft the question on more and more people’s lips: Was Anøm compromised? The next day, another associate raised the same concern: Maybe the police had found a way to read Anøm’s messages? Then some more people Arbiv knew were caught in the Swedish city of Gothenburg. They were using only Anøm to communicate.

Microsoft dismissed each warning. If Anøm really was compromised, wouldn’t everyone be behind bars by now? Instead of the phones, Microsoft fixated on his couriers and stash handlers. A member of the crew must have screwed up. To try to assuage users’ growing fears, Microsoft provided Arbiv with boilerplate text for the trickle of criminals now suspicious of Anøm.

“Cybersecurity is an arms race. Anøm is constantly developing the platform to stay ahead of current threats. Any vendor that can guarantee that their system cannot be broken into is selling snake oil,” the message read. As a final reassurance, Microsoft stressed that Anøm was run by criminals. Why would a company run by criminals, designed to protect criminals, let the police read its users’ messages?

When his most trusted advisers brought up Anøm again and again, Microsoft did not listen. To his mind, Anøm was never the problem. Everyone knew something was wrong except him. Microsoft, like the monkeys tattooed on his arm, had his hands covering his eyes and ears.

This article has been excerpted from Dark Wire: The Incredible True Story of the Largest Sting Operation Ever, by Joseph Cox. Copyright © 2024 by Joseph Cox. Available from PublicAffairs, an imprint of Perseus Book LLC, a subsidiary of Hachette Book Group, Inc., New York, NY, USA. All rights reserved.

If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.

  • In your inbox: Will Knight’s Fast Forward explores advances in AI
  • It’s always sunny: Here are the best sunglasses for every adventure

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist