Type what you’re looking for and press Enter.

On the FBI and France framing GrapheneOS

November 26th, 2025
No Comments

I came across an interesting series of posts by the official GrapheneOS account on X on November 21st 2025 that we can all learn a lot from if we think about it. Here’s a quote:

Please listen to this podcast about ANOM:

ANOM – Darknet Diaries

The FBI ran a sting operation in Europe where they created their own ‘secure’ phone and messaging platform. Their OS used portions of our code and was heavily marketed as being GrapheneOS or based on GrapheneOS.

Through this operation, the FBI provided criminals in Europe with a communication network they heavily trusted. It gave them much more confidence to coordinate and commit crimes. The vast majority of this crime was ignored for years to avoid exposing ANOM as being a honey pot.

In cooperation with many European governments, the FBI heavily encouraged and facilitated organized crime in Europe. US and European governments facilitated drug trafficking, human trafficking, murders, rape, kidnapping and much more for years while claiming it was GrapheneOS.

It’s an outrageous infringement on the GrapheneOS copyright and trademarks. US and European governments did massive harm to the GrapheneOS project through doing this. They placed us in very real danger of violence from organized crime by selling fake GrapheneOS devices to them.

GrapheneOS building technology to protect privacy and security is completely legal. Our work is strongly protected by Canadian, European and American laws. A minuscule portion of our userbase are criminals and the claims being made by the French government about that are lies.

It’s very likely a lot of the crime facilitated by ANOM wouldn’t have happened without these governments providing criminals with a communications network they believed was completely secure. The way they wrapped it up doesn’t absolve them of what they facilitated for years.

France’s government and law enforcement wants you to believe GrapheneOS and Signal are somehow responsible for crime. French law enforcement operates with impunity and has extraordinarily levels of corruption and criminal behavior. They’re the ones committing and enabling crime.

Intelligence agencies creating honey pots like this by promoting and selling supposedly “secure communications” platforms and devices happens a lot.

The NSA and CIA for example have also done this in the past:

The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some “SIGINT tradecraft … is very hands-on (literally!)”.

Eventually, the implanted device connects back to the NSA. The report continues: “In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.” “Glenn Greenwald: how the NSA tampers with US-made internet routers”, The Guardian (May 12th 2014)

And here’s more:

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software. The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.

But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages. “How the CIA used Crypto AG encryption devices to spy on countries for decades”, The Washington Post (February 11th 2020)

Also see “A Brief History of the U.S. Trying to Add Backdoors Into Encrypted Data” (February 21st 2016) for more examples. And let’s not forget the Mossad in Israhell, who’re also in the business of rigging communications devices, sometimes with deadly outcomes. 1

There are some very important lessons to learn from this:

  1. When you buy a device, first make sure the device itself does not contain some kind of backdoor in hardware. This can be very difficult to guarantee. It seems that apart from intelligence agencies setting up their own companies to sell supposedly ‘secure’ hardware, these agencies also infiltrate existing hardware companies that are part of the supply chain, by planting employees there who slip in backdoors in the design process. Or they might even make secret deals with existing hardware companies. Think of the ‘Triangulation’ backdoor discovered in iPhones in 2023 for example. 2
  2. Make sure you can completely remove the installed software and install or flash your own trusted version of software on the device. This includes the firmware, BIOS and operating system (OS). For example, if a phone comes preinstalled with GrapheneOS, the very first thing you should do when you buy such a phone is completely wipe it clean and flash your own verified and trusted version of GrapheneOS onto the phone. Preferably the latest version obtained from a verified official repository. Even better if you can compile and build it yourself from source. Another example is when you buy a router that comes preinstalled with OpenWRT; there you should also flash OpenWRT obtained from a trusted repository onto the device, instead of using what comes preinstalled. The same can also be said about a tablet or laptop that comes preinstalled with Windows or Linux. You get the idea now, I hope.
  3. Make use of anti-interdiction services when available. Purism is one company I know of that offers such services. When you buy a device, anti-interdiction services ensures that any tampering within the delivery process is much more easily recognizable.
  4. Completely wipe and reinstall the software on your devices regularly, preferably weekly or monthly. This requires using your devices in such a way where your data is easily backed up and restorable or is saved on a separate storage device to make it more convenient and easier to wipe your device frequently.
  5. Reboot your devices regularly, preferably daily. This can be done automatically; for example, I know that on Android devices, you can schedule daily reboots in the settings at specific times. Some exploits are not persistent (only stay active in RAM) and a reboot gets rid of them.
  6. It’s probably a good idea to keep browsing and communications applications that often receive data from outside separate from the rest of your system. For example, on a PC, you could do most of your browsing, email and messaging inside a virtual machine. On a phone with GrapheneOS you could install those on a separate profile that is isolated from the rest of your phone.

Unfortunately, we see once again that we live in a world where nothing and nobody can be trusted.

Footnotes

  1. Here’s from Interesting Engineering, “Ex-Mossad spies reveal Israel’s 10-year pager, walkie-talkie bomb plot” (December 24th 2024):

    The planning for pager and walkie-talkie attacks had begun 10 years ago before they were set off in September 2024 targeting Hezbollah members, as revealed by two ex-officers from Israel’s spy agency – Mossad. In an interview aired on the page of 60 Minutes, the retired spies divulged how Mossad agreed to go ahead with the plan that was formulated almost a decade ago.

    Then they had the hard job of convincing – first their bosses to go ahead with the plan, and then the Hezbollah members. The agent stated that they had to set up multiple shell companies to hide any link from tracking back to Israel or Mossad. In total, the Hezbollah members had brought 16,000 walkie-talkies which were built at a Mossad facility in Israel. Some of these were eventually detonated on September 18 – a day after the pager attacks. However, the agency was not satisfied with this and wanted to go a step further. They then planned the rigged pagers – in a second installment.

    In 2022, Mossad began developing pagers with explosives hidden in them. Pagers are a lot more compact than walkie-talkies, so great care has been taken to ensure that they are functional and can still cause damage once triggered. […] The meticulous planning also involved setting the pagers to explode after seven seconds – an average response time for answering a pager – which Mossad had arrived at after experiments.

    The Hezbollah members had been lured in by building fake advertisements for the products, which showed them as being extra durable, tough, and laden with additional features.

    Gold Apollo – the Taiwanese company- had been duped into working with Mossad. Gabriel stated that the shell companies had worked their charm, and Gold Apollo had granted a licensing partnership to the fake unit set up by Mossad. Thereafter, they had everything to make Hezbollah believe that they were buying the devices from Gold Apollo. The spy agency manufactured all the rigged devices on its own and sold 5,000 of these to Hezbollah.

    ↩︎

  2. Here’s from Ars Technica, “4-year campaign backdoored iPhones using possibly the most advanced exploit ever” (December 27th 2023):

    Researchers on Wednesday presented intriguing new findings surrounding an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky. Chief among the discoveries: the unknown attackers were able to achieve an unprecedented level of access by exploiting a vulnerability in an undocumented hardware feature that few if anyone outside of Apple and chip suppliers such as ARM Holdings knew of.

    “The exploit’s sophistication and the feature’s obscurity suggest the attackers had advanced technical capabilities,” Kaspersky researcher Boris Larin wrote in an email. “Our analysis hasn’t revealed how they became aware of this feature, but we’re exploring all possibilities, including accidental disclosure in past firmware or source code releases. They may also have stumbled upon it through hardware reverse engineering.”

    Other questions remain unanswered, wrote Larin, even after about 12 months of intensive investigation. Besides how the attackers learned of the hardware feature, the researchers still don’t know what, precisely, its purpose is. Also unknown is if the feature is a native part of the iPhone or enabled by a third-party hardware component such as ARM’s CoreSight.

    The mass backdooring campaign, which according to Russian officials also infected the iPhones of thousands of people working inside diplomatic missions and embassies in Russia, according to Russian government officials, came to light in June. Over a span of at least four years, Kaspersky said, the infections were delivered in iMessage texts that installed malware through a complex exploit chain without requiring the receiver to take any action.

    With that, the devices were infected with full-featured spyware that, among other things, transmitted microphone recordings, photos, geolocation, and other sensitive data to attacker-controlled servers. Although infections didn’t survive a reboot, the unknown attackers kept their campaign alive simply by sending devices a new malicious iMessage text shortly after devices were restarted.

    In a research paper also published Wednesday, Larin added:

    If we try to describe this feature and how attackers use it, it all comes down to this: attackers are able to write the desired data to the desired physical address with [the] bypass of [a] hardware-based memory protection by writing the data, destination address and hash of data to unknown, not used by the firmware, hardware registers of the chip.

    Our guess is that this unknown hardware feature was most likely intended to be used for debugging or testing purposes by Apple engineers or the factory, or was included by mistake. Since this feature is not used by the firmware, we have no idea how attackers would know how to use it

    If you look into the technical details of this problem in the chips, it becomes quite obvious that this is a capability added to the chips on purpose during its design phase and highly likely that it is a backdoor added on purpose. I highly recommend watching the below presentation titled “(59) 37C3 – Operation Triangulation: What You Get When Attack iPhones of Researchers” (alternate link).

    ↩︎

Meta

This entry was published on Wednesday, November 26th, 2025 at 6:58 am by Karel Donk and is filed under Information Technology Law Politics Programming Software. You can use the permanent link to bookmark and/or share it.

Comments

There are 0 responses. Follow any responses to this post through its comments RSS feed. You can leave a response, or trackback from your own site.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

The Eye of Providence

Subscribe to blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email. Note that this subscription is different from my newsletter.