Project Trojan Shield: How the ANOM Operation Deceived the Courts That Authorised It
- Joint Defense Team
- 5 days ago
- 4 min read

Verified documents from the FBI's Project Trojan Shield show that the courts asked to authorise the ANOM data collection were deliberately deceived about the platform's true origin and operator, a finding that affects ANOM prosecutions across numerous countries.
Documents from the FBI's Project Trojan Shield, examined and verified by our Co-Founder Christian Lödden and Dr Johannes Makepeace, show that the courts asked to authorise the ANOM data collection were themselves deceived about who built the platform and where its server came from. Because ANOM evidence now underpins prosecutions in numerous countries, that finding reaches well beyond any single jurisdiction. Lödden and Makepeace set it out in the German journal Strafverteidiger (StV 2026, 441–448) and in a public article on Legal Tribune Online (LTO).
What ANOM was
ANOM sat alongside EncroChat and SkyECC as an encrypted messenger, with one difference that drives everything else: it was not run by a private company but built and operated by the FBI. Devices were sold through resellers as end-to-end encrypted, while the Bureau held the keys and read every message.
Under US law the FBI could not run the service from US soil or against US persons. It therefore needed a third state to host the server and formally carry out the collection. That state stayed secret for years. It was Lithuania.
The documents, and what they show
The public starting point was David Klaubert's reporting in the Frankfurter Allgemeine Zeitung, which first named the hidden third state. Lödden and Makepeace went further and obtained the underlying court orders, mutual legal assistance requests, internal file notes, and the email and Signal correspondence between the FBI, the US prosecution and the Lithuanian authorities, which they were able to inspect and check for authenticity. Several findings stand out:
Early international involvement. Investigators and prosecutors from Norway, Lithuania, Spain, England, Belgium and Germany were briefed at a Europol coordination meeting in The Hague in February 2019, well before some of them have since admitted. Germany's BKA (German Federal Police), for one, has placed its first FBI contact on ANOM a full year later.
A built-in entrapment design. From the outset, the modified ANOM devices were to be steered to specific organisations through undercover officers. That puts the question of unlawful entrapment at the centre of any ANOM case.
A rewritten record. The fact that the Lithuanian server still had to be rented and set up was removed from the request. In the operative passage the word "decrypt" was replaced with "encrypt", producing the story that officers were copying encrypted content from a criminals' server, when the messages in fact arrived already decrypted through the FBI's own programming. Every hint that the FBI had built the platform and modified the devices was struck.
Awareness on the record. In one August 2019 email the Lithuanian side noted there was "more than enough" material to obtain the desired authorisations, "possibly too much ;)", wink emoji included, in a file that became the basis for hundreds of prosecutions.
Later confirmation. On this manipulated basis an investigating judge in Vilnius issued the first order in October 2019, followed by four further requests and extensions on the same pattern. In April 2026 the US Department of Justice, through its own "Motion for Inquiry Regarding Violations of Protective Orders", indirectly confirmed the authenticity of these very documents.
Why it matters beyond one country
ANOM produced one of the largest law-enforcement stings on record, with arrests across numerous countries and evidence now relied on in courts throughout Europe and beyond. Where EncroChat and SkyECC involved deception of the users, ANOM adds a further layer: the court meant to scrutinise and legitimise the measure was itself misled about the origin of the server and the true operator of the service.
That distinction goes to the core of the fair-trial guarantee in Article 6 ECHR, which binds every Council of Europe state. The European Court of Human Rights has long held, in Ramanauskas v. Lithuania (no. 74420/01), that once a defendant's account of unlawful entrapment is not wholly improbable, the burden shifts to the prosecution to disprove it. The ANOM record does more than make such a violation plausible; it evidences it. National courts that admitted ANOM data on the assumption that the foreign assurances were sound, among them Germany's Federal Court of Justice, relied on a premise the documents now rebut.
Conclusion
For defendants and defence teams handling ANOM matters in any jurisdiction, the leaks turn a debate about trust between authorities into a documented question about deception of the judiciary. That is a concrete basis on which to demand real judicial scrutiny of how this evidence was obtained, rather than presumed foreign legality.
Frequently asked questions (FAQ)
What are the ANOM leaks?
Verified court orders, legal-assistance requests, file notes and correspondence from Project Trojan Shield showing that Lithuanian courts were given a false and incomplete account to obtain the orders authorising the ANOM data collection.
How is ANOM different from EncroChat and SkyECC?
With EncroChat and SkyECC the users were deceived; with ANOM the authorising court was deceived too, which strikes at judicial control itself.
Why does this matter internationally?
ANOM evidence underpins prosecutions in many countries, and deception of the authorising court engages the fair-trial guarantee of Article 6 ECHR across the Council of Europe.
