Police have arrested and filed criminal charges against the CEO of a Canadian company that sold security hardened Blackberry and Samsung cell phones that were modified to protect privacy through the use of message encryption and the removal of unnecessary and potentially vulnerable hardware. Four others involved in operating the company are currently wanted by police, but have yet to be apprehended. The United States Department of Justice recently announced that the Federal Bureau of Investigation (FBI) had placed Vincent Ramos, the founder and CEO of Phantom Secure, under arrest in addition to having also indicted four other people from Phantom Secure on charges of conspiracy to distribute narcotics, as well as charges of violating the Racketeer Influenced and Corrupt Organizations (RICO) Act. The four other men indicted include Michael Gamboa and Christopher Poquiz, both of Los Angeles, California, as well as Kim Augustus Rodd of Thailand, and Younes Nasri of the United Arab Emirates.
The Phantom Secure case is not simply just another international drug trafficking case, as it also happens to be the latest battle in the ongoing Crypto Wars. A press release issued by federal prosecutors suggests the government believes that shutting down and prosecuting Ramos’ company will make encrypted communication less accessible to criminals. Police and prosecutors complain “This case is the first time the U.S. government has targeted a company and its leaders for assisting a criminal organization by providing them with technology to “go dark,” or evade law enforcement’s detection of their crimes,” the FBI stated in a recent press release on the Phantom Secure case.
The FBI seized over 150 domain names owned by Phantom Secure and declared that the company’s “criminal enterprise” had been shut down, however, the company’s web site still appeared to be up as of the writing of this article. Motherboard reports that law enforcement have seized the domains used for routing encrypted Phantom Secure chats and emails. An international law enforcement task force conducted the investigation and prosecution of Phantom Secure’s CEO and his partners. Over 250 law enforcement officers in at least six different countries conducted searches of 25 different properties used by Phantom Secure. The Royal Canadian Mounted Police conducted undercover operations in which police officers posed as drug traffickers during a meeting they had with Phantom Secure CEO Vincent Ramos in Las Vegas, Nevada sometime last year. An anonymous witness against Ramos is a convicted member of the Sinaloa drug cartel is also expected to testify.
The FBI was assisted in their investigation by other federal agencies, including the DEA, Customs and Border Protection, and the Department of Homeland Security. The Washington State Police and two local police department’s in the state of Washington also assisted federal investigators. American law enforcement worked with the Royal Canadian Mounted Police, the Australian Federal Police, and law enforcement agencies in Thailand, Hong Kong, and Panama to shut down Phantom Secure and prosecute the people behind the company. The team of international law enforcement officers also seized 1,000 Phantom Secure phones during the investigation. The FBI claims that Phantom Secure had a revenue of approximately 80 million US Dollars over the last decade. Federal prosecutors are accusing the company of facilitating murders, drug trafficking, and other crimes.
Phantom Secure used hyperbolic language to promote their products and services. The government estimates approximately 20,000 people used Phantom Secure. The company describes their phones as “uncrackable” on their website. According to the FBI, the standard features of the Blackberry and Samsung phones were removed, such as the ability to make voice calls, send SMS text messages, use GPS location services, and no web browsers. The phone is light in sensors and features as this is part of the price for better security and privacy at the hardware level. The company’s phones have hardware such as microphones, cameras, and the GPS chip removed to help the device and user be less vulnerable and make it harder for security and privacy to be compromised. Given the way Phantom Secure marketed their products and services, it is no surprise that the company and its customers received the attention of the federal government. The company’s encrypted private email app for their hardened and modified Samsung Android phone utilized PGP and AES-256 encryption, and the Phantom Secure chat app for Android used Elliptical Curve25519, AES-256, and HMAC-SHA256.
For those who wish to use encrypted messaging without easily drawing the attention of law enforcement, it makes more sense to use free and open source solutions that are primarily used by regular, law abiding people to protect the privacy of their communications. Privacy services provided by companies which market themselves to criminals, post memes on their social media account that says “snitches get stitches,” and are likely in fact used by international drug traffickers and other criminal organizations. Some popular apps that feature encrypted voice calls and encrypted text and graphic messaging include OpenWhisperSystems app Signal or The Tox Project’s app Tox. BitMessage is an encrypted messaging platform that utilizes a blockchain. And of course PGP/GPG is another great tool for protecting your privacy.
America is not the only western country that is prosecuting companies that knowingly sell encrypted messaging services to criminals. In the past couple of years, law enforcement in the Netherlands has also shut down similar “privacy phone” companies, including PGPSure and Ennetcom. The crypto wars continue to be waged in the United States, and government officials continue to push for giving government the ability to gain access to all encrypted messages. Fortunately it seems unlikely that the American government will start arresting the people behind open source encryption projects like PGP and Signal.