CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS

No 'legitimate users' of modded Blackberries, says FBI

An arrest by US authorities last week has brought to light alleged associations between encrypted phone supplier Phantom Secure and international drug trafficking.

The arrest followed an Australian Federal Police bust of a cocaine shipment from the United States to Australia.

Rather than merely being a passive supplier of phones, the affidavit attached to the arrest warrant for Phantom Secure's CEO Vincent Ramos, a Canadian resident, claimed he participated in drug deals facilitated by encrypted communications, and that the company's phones are used exclusively to evade law enforcement.

Ramos is charged with RICO violations (that is, racketeering) and drug trafficking. Others were named in the arrest warrant, but their names have been redacted.

According to the affidavit (PDF), the phones Phantom Secure supplied to the drug dealers were extensively modified after they left BlackBerry: they're only capable of running PGP-encrypted email, with VPN connections to servers in Panama and Hong Kong. All this is expensive: the phones are sold with a US$2,000 to $3,000 six-month subscription.

The phones are sold only through personal contact – someone wanting one of the devices needs a personal introduction from an existing customer. If they fell into the wrong hands, the FBI learned, they could be remote-wiped by Phantom Secure.

The FBI claimed the operation generated “tens of millions of dollars” by “facilitating the crimes of transnational criminal organisations and protecting those organisations from detection”.

The company sold around 20,000, the document states, and a surprising 10,000 of those were used in Australia.

In Australia the phones have been linked with organised crime for some time. In March 2017 local media reported the 2014 discovery of a cache of the phones during a drug investigation.

The anonymity of Phantom Secure users proved part of the operation's undoing. An Australian Federal Police agent began operating a Phantom Secure phone it had seized from another drug dealer without being spotted as an imposter. They communicated with a Los Angeles dealer to arrange a 10 kilogram cocaine shipment to Australia in 2016.

The FBI special agent who wrote the affidavit, Nicholas Cheviron, cites contact with law enforcement in Canada and Australia, and wrote that no law enforcement partner “has identified even a single legitimate Phantom Secure user”.

The agent also related a meeting between undercover agents and Ramos, in which he said the phones were designed to facilitate drug trafficking.

There's a curious contradiction in the affidavit that suggests Phantom Secure might not have been completely honest even with its criminal customers. In describing how the phones are made (presumably from documents obtained from the company), Cheviron's affidavit said:

When Phantom Secure receives the BlackBerry handsets, its technical team removes the hardware and software responsible for all external architecture, including voice communication, microphone, GPS navigation, camera, Internet and Messenger service [emphasis added]

However, in reported discussions with Ramos, it seems GPS capability is left intact, with very sinister intent. After Ramos said the primary vulnerability is an informant, an undercover agent said GPS helped "locate and kill the informant". Ramos response: "Yeah, it does". ®

Keep Reading

Now-patched Ubuntu desktop vulnerability allows privilege escalation

'Unusual for a vulnerability on a modern operating system to be this easy to exploit,' says bughunter

Backdoors won't weaken your encryption, wails FBI boss. And he's right. They won't – they'll fscking torpedo it

Give it a Wray, give it a Wray, give it a Wray now: Big Chris steps in to defend blowing a hole in personal crypto

No backdoors needed: Apple ditched plans to fully encrypt iCloud backups after heavy pressure from FBI – claim

Convenient timing for this story to emerge

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

Bring-your-own-key may no longer be enough for EU data protection body

Sunday: Australia is shocked UK would consider tracking mobile data to beat pandemic. Monday: Australia to deploy drone intimidation squads

Updated Bloody poms are full of great ideas

Zoom-er or later, your past catches up with you: Vid chat service hit by sueball over end-to-end encryption claim

US consumer nonprofit alleges it was false advertising

Will there be no end to govt attempts to break encryption? Hand over your data or the kiddies get it, threaten Five Eyes spies

Column The Great Unicorn Prayer of security services: Stay secure, but - ya know - give us backdoors

Zoom to offer proper end-to-end encryption to free vid-chat accounts – not just paid-up bods – once you verify your phone number...

Just in case the Feds take an interest in your calls

Biting the hand that feeds IT © 1998–2020