CEO pleads guilty of conspiring with drug cartels to sell them stealthy Blackberrys

Phantom Secure's Vincent Ramos faces 20 years in clink


The CEO of a company that took Blackberry phones, stripped them of their cameras, microphones and GPS and then installed encryption software in order to create a secure phone, has pleaded guilty to conspiring with drug cartels.

Vincent Ramos of Phantom Secure was arrested back in March following an FBI investigation in which American, Canadian and Australian undercover agents posed as drug traffickers and made it plain they intended to use the phones to carry out illegal activity.

According to the criminal complaint [PDF], Ramos not only said it was "totally fine" to send a message that stated "sending MDMA to Montreal" but was caught telling government agents in Las Vegas that the company made the phone "specifically for this too" – referring to drug trafficking.

The Feds also persuaded a convicted drug trafficker that worked for the Mexican Sinaloa drug cartel and who was a customer of Phantom Secure to act as a witness against Ramos.

All that led to the guilty plea this week, in which Ramos admitted to running a criminal enterprise that helped import drugs – including cocaine, heroin, and methamphetamine - into the US, Australia, Mexico, Canada, Thailand and Europe. He faces a possible 20 years in jail.

As well as stripping down the Blackberry devices and installing PGP software to allow for encrypted communications, Phantom Secure ran servers in Panama and Hong Kong as a way to stay out the reach of Western government investigators, and used proxies to disguise the physical location of those servers.

The company also installed and used remote-wipe systems on their phones so they could be cleared of any incriminating evidence if seized by law enforcement. He was usually paid in Bitcoin.

Gray market

Phantom Secure is not the only company operating in what has quickly become a legal gray area, providing secure phones to what often turn out to be criminal enterprises. Another, Ennetcom, was shut down in Holland in 2016. Some others include Myntex, SkySecure and Ciphr.

But while those companies either check their customers credentials or don't ask too many questions, Ramos was willing to actively engage with criminal enterprises. And it was clearly a lucrative business.

handcuffs

CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS

READ MORE

Some companies selling secure phone services charge between $1,000 and $2,000 a month per phone – nothing for large criminal enterprises. It's unclear how much Phantom Secure charged but the fact that Ramos agreed to hand over $80m - as well as tens of millions in assets, including a Lamborghini, several houses, and gold coins as part of his guilty plea - shows that he was doing brisk business.

He tried to add a level of security by requiring a personal reference from an existing client before providing one of his phones, but clearly didn't count on investigators being able to turn existing criminals.

As well as all his assets, Ramos also handed over server licenses and over 150 domain names that were used to route messages securely.

"Today’s guilty plea of Phantom Secure's CEO, Vincent Ramos, is a significant strike against transnational organized crime," said FBI Special Agent John Brown in a statement announcing the guilty plea.

"The FBI and our international law enforcement partners have demonstrated that we will not be deterred by those who exploit encryption to benefit criminal organizations and assist in evading law enforcement. With this case, we have successfully shut down the communication network of dangerous criminals who operated across the globe."

Ramos is scheduled to be sentenced on December 17 in San Diego. His co-defendants Kim Augustus Rodd, Younes Nasri, Michael Gamboa, and Christopher Poquiz, are on the run. ®

Similar topics


Other stories you might like

  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading

Biting the hand that feeds IT © 1998–2022