The Federal Bureau of Investigation last week arrested Vincent Ramos, owner, and CEO of Phantom Secure – a Canada-based company allegedly involved in selling custom encrypted Blackberry and Android handsets to the underworld.
The trick of the Phantom Secure trade is to make the Blackberry even more encrypted than its default security by removing or disabling standard connectivity capabilities, including camera, GPS, Internet, microphones, replacing them with a version of Pretty Good Privacy for exchanging secure overseas messages.
According to the FBI, the company was also tweaking the sets to allow customers – a good percentage of whom are hardcore criminals – to remotely delete text messages.
While the device encryption business is not a criminal activity in itself, making the service available to criminals certainly is, and that is exactly what the court complaint is charging Phantom with.
A case filed with the United States District Court for the Southern District of California, on Thursday (March 8), confirms that the crooked Canadian has been charged with Racketeering Conspiracy to Conduct Enterprise Affairs (RICO Conspiracy) and Conspiracy to Distribute Narcotics, in addition to Aiding and Abetting.
“Based on the evidence developed in this case, PHANTOM SECURE is a Canadian-based company that sells electronic communication devices and encryption service to transnational criminal organizations to facilitate illegal activity and obstruct and law enforcement,” FBI Special Agent Nicholas Cheviron, currently attached to the San Diego Division of the Organized Crime squad, stated in his sworn submission.
Explaining the modus operandi, Cheviron writes:
“Once a new client-customer initiates service with Phantom Secure, that individual self-assigns an anonymous, custom email handle. The individual is also assigned a domain owned by Phantom Secure, thereby creating the client-customer’s Phantom Secure email address. Many handles chosen by Phantom Secure client-customers, are – based on my training and experience – references to drug trafficking and/or violent crime.”
He then lists several of these crime-specific handles combined with
the assigned domains, such as email@example.com;
Cheviron’s affidavit even talks about Phantom encrypted sets being used by the infamous Sinaloa drug cartel, as well as the “upper echelon members” of other transnational criminal groups.
Ramos is, reportedly, on record of having said that it was “totally fine” to buy a Phantom device; however, they were tweaked to “specifically” suit drug cartel requirements. The undercover agents, working on the sting, also have the names of private server providers in Hong Kong and Panama who it believed would be “uncooperative” with law enforcement authorities.
Access the link below for a copy of Agent Cheviron’s heavily censored complaint.
A well-placed industry source informed Motherboard on conditions of anonymity, even before the details were released in the public domain, that the Phantom investigation was a joint undertaking involving the US, Canadian and Australian law enforcement agencies.
“FBI are flexing their muscle,” the source is supposed to have told the online magazine.
Another industry insider told Motherboard that the customized devices, allegedly intended for criminal activity, have been sold to members of the underworld in countries like Cuba, Mexico, and Venezuela, as well as to a gang that goes by the name of Hells Angels.
According to the Bureau’s estimates, some twenty thousand Phantom-fixed devices are in circulation around the world, with as much as half of them in Australia and the rest in the aforementioned countries.
Ramos’ arrest raises the question of how the criminally inclined can be prevented from exploiting encrypted communication, which is essential to tackle the privacy concerns of law-abiding citizens and entities.
Sadly, there’s no answer to that question in sight, yet, and there isn’t a middle approach as well.