CEO pleads guilty of conspiring with drug cartels to sell them stealthy Blackberrys
Phantom Secure's Vincent Ramos faces 20 years in clink
The CEO of a company that took Blackberry phones, stripped them of their cameras, microphones and GPS and then installed encryption software in order to create a secure phone, has pleaded guilty to conspiring with drug cartels.
Vincent Ramos of Phantom Secure was arrested back in March following an FBI investigation in which American, Canadian and Australian undercover agents posed as drug traffickers and made it plain they intended to use the phones to carry out illegal activity.
According to the criminal complaint [PDF], Ramos not only said it was "totally fine" to send a message that stated "sending MDMA to Montreal" but was caught telling government agents in Las Vegas that the company made the phone "specifically for this too" – referring to drug trafficking.
The Feds also persuaded a convicted drug trafficker that worked for the Mexican Sinaloa drug cartel and who was a customer of Phantom Secure to act as a witness against Ramos.
All that led to the guilty plea this week, in which Ramos admitted to running a criminal enterprise that helped import drugs – including cocaine, heroin, and methamphetamine - into the US, Australia, Mexico, Canada, Thailand and Europe. He faces a possible 20 years in jail.
As well as stripping down the Blackberry devices and installing PGP software to allow for encrypted communications, Phantom Secure ran servers in Panama and Hong Kong as a way to stay out the reach of Western government investigators, and used proxies to disguise the physical location of those servers.
The company also installed and used remote-wipe systems on their phones so they could be cleared of any incriminating evidence if seized by law enforcement. He was usually paid in Bitcoin.
Phantom Secure is not the only company operating in what has quickly become a legal gray area, providing secure phones to what often turn out to be criminal enterprises. Another, Ennetcom, was shut down in Holland in 2016. Some others include Myntex, SkySecure and Ciphr.
But while those companies either check their customers credentials or don't ask too many questions, Ramos was willing to actively engage with criminal enterprises. And it was clearly a lucrative business.
CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPSREAD MORE
Some companies selling secure phone services charge between $1,000 and $2,000 a month per phone – nothing for large criminal enterprises. It's unclear how much Phantom Secure charged but the fact that Ramos agreed to hand over $80m - as well as tens of millions in assets, including a Lamborghini, several houses, and gold coins as part of his guilty plea - shows that he was doing brisk business.
He tried to add a level of security by requiring a personal reference from an existing client before providing one of his phones, but clearly didn't count on investigators being able to turn existing criminals.
As well as all his assets, Ramos also handed over server licenses and over 150 domain names that were used to route messages securely.
"Today’s guilty plea of Phantom Secure's CEO, Vincent Ramos, is a significant strike against transnational organized crime," said FBI Special Agent John Brown in a statement announcing the guilty plea.
"The FBI and our international law enforcement partners have demonstrated that we will not be deterred by those who exploit encryption to benefit criminal organizations and assist in evading law enforcement. With this case, we have successfully shut down the communication network of dangerous criminals who operated across the globe."
Ramos is scheduled to be sentenced on December 17 in San Diego. His co-defendants Kim Augustus Rodd, Younes Nasri, Michael Gamboa, and Christopher Poquiz, are on the run. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust