Cybercrime , Encryption & Key Management , Enterprise Mobility Management / BYOD
Feds: Secure Smartphone Service Helped Drug Cartels
Smartphones Allegedly Helped Criminals Move Drugs While Evading Law EnforcementThe U.S. Department of Justice has charged five individuals with running a secure smartphone service that was designed and marketed to help criminals evade law enforcement agencies.
See Also: Supporting Malware Analysis at Scale
Phantom Secure, a Vancouver, Canada-based secure phone provider, allegedly amassed $80 million per year in revenue from subscriptions for encrypted smartphones supported by its "worldwide encrypted telecommunications network." The service's alleged owner and operators have been accused of aiding and abetting drug trafficking as well as obstruction of justice, funneling their revenue through multiple shell companies and using cryptocurrencies - including bitcoin - to help launder the funds.
Phantom Secure's CEO, Vincent Ramos, was arrested on March 7 in Bellingham, Washington, and will face charges in San Diego federal court. Four other defendants remain at large: Kim Augustus Rodd (aka "Visith Vongthai," "Snowstar," "Global") of Thailand; Younes Nasri (aka "Maestro," "Jesse") of Dubai, United Arab Emirates; and Michael Gamboa (aka "Chino") and Christopher Poquiz (aka "Caddy," "Cad"), both of Los Angeles.
The federal indictment charges the five men with racketeering conspiracy to conduct enterprise affairs as well as conspiracy to aid and abet the distribution of narcotics. Each charge carries a maximum sentence of life imprisonment.
The investigation is the result of a coordinated operation between the FBI, Australian law enforcement and the Royal Canadian Mounted Police.
"As a result of this groundbreaking prosecution, we will disable the communication infrastructure provided by a criminal enterprise to drug traffickers and other violent criminals," says U.S. Attorney Adam Braverman. "Phantom Secure was designed to profit off of criminal activity committed by transnational criminal organizations around the world. We are committed to shutting these criminals down."
News of Ramos' arrest was first reported on Saturday by Motherboard before the operation had become public knowledge.
Customers: Mexico's Sinaloa Cartel
Phantom Secure charged users $2,000 to $3,000 for a six-month subscription for a single device, each of which primarily only communicated with other devices on the Phantom Secure network, according to a partially redacted criminal complaint field in federal court on March 8 against Ramos and the four other suspects.
Some users also created smaller, closed networks comprising members of the same criminal organization who use Phantom Secure, which could only communicate with other devices on that closed network, it adds.
Two cooperating witnesses interviewed by the FBI - one a "convicted transnational drug trafficker" arrested in September 2015 who's part of the Mexico-based Sinaloa Cartel, and the other a suspect who died in June 2017 of a drug overdose - "were client-customers of Phantom Secure and used Phantom Secure devices and service to conduct their transnational drug trafficking activity," according to the complaint.
The first cooperating witness said the devices were used to facilitate the movement of hundreds of kilograms of cocaine from Mexico to the United States each month. The witness's arrest in 2015 appears to have kicked off the FBI's investigation.
Authorities in Australia and Canada also tracked cocaine and MDMA (ecstasy) shipments from the U.S. to their countries facilitated using Phantom Secure devices, some of which had been seized from suspects, according to the complaint.
Phantom Secure purchased handsets from BlackBerry and others, then removed "the hardware and software responsible for all external architecture, including voice communication, microphone, GPS navigation, camera, internet and Messenger service," according to the complaint. The team would then install Pretty Good Privacy encryption software and the Advanced Encryption Standard cipher - for encrypting and decrypting data - on top of an email program. All communications were allegedly routed through virtual proxies and encrypted servers in such locations as Hong Kong and Panama, with the company's marketing materials trumpeting that "Panama does not cooperate with any other country's inquiries."
'Uncrackable' Private Messaging
In a legal compliance noticed posted on the Phantom Secure website, the company claimed: "We do not condone the use of our service for any type of illegal activities and if known we will terminate the use of our service without notice."
The website for Phantom Secure, which remains active, bills it as being "the most trusted 'uncrackable' private messaging service."
Phantom Secure said its devices were free of backdoors and that its service was unable to read any messages that users of its devices might send to each other. "Our service merely facilitates a secure exchange between sender and receiver. Messages are always encrypted by the sender's device prior to transmission that travel through our encrypted channel and only can be decrypted by the intended recipient," it said.
In its website marketing, the company claimed its Android devices were just as secure as its BlackBerry offerings. "The device is locked down and the encrypted container is secured from the boot up. The infrastructure is protected with multi-level, hardware-to-applications security via Trusted Boot and ARM TrustZone-based Integrity Mesaurement Architure (TIMA) to keep your business intelligence and network safe from hacking, viruses, and unauthorized access," the company states.
'Vouch' Program
But not everyone could procure a Phantom Secure device. According to the complaint, any prospective customers needed a personal reference - or "vouch" - from an existing customer before they would be considered as a customer, pending verification of the vouch as well as "open source checks to verify the customer's identity."
If the service suspected that a law enforcement agent or informant was using a device, they would immediately suspend it from their network, according to the complaint.
International Crackdown
Announcing the charges on Thursday, the U.S. Justice Department said that over the past two weeks, authorities in Australia, Canada and the U.S. have collectively deployed more than 250 agents to conduct searches of 25 homes and offices, resulting in the seizure of multiple servers, computers and mobile phones, as well as weapons and illegal narcotics.
Authorities say they also seized Phantom Secure's infrastructure that they believe was being used to host more than 20,000 devices, which will now no longer work. The federal complaint, submitted by FBI Special Agent Nicholas I. Cheviron, reports that authorities in Australia and Canada "are unaware of any law enforcement partner that has identified even a single legitimate Phantom Secure user."
The Justice Department says its investigation into Phantom Secure was launched after law enforcement began tracking a Phantom Secure user who allegedly used the company's devices "to coordinate shipments of thousands of kilograms of cocaine and other drugs throughout the globe."
The complaint includes details of a recorded meeting in February 2017 between undercover agents and Ramos, during which the CEO allegedly boasted that his network had been built, in part, to facilitate drug trafficking. The undercover agents purchased 10 devices, including subscriptions, for $20,000 and later renewed the subscriptions for $25,000, according to the complaint.
20,000 Devices in Use
The indictment of the five suspects as part of the Phantom Secure investigation is the result of a joint effort between the FBI other federal, state and local agencies, and authorities in Australia, with assistance from law enforcement agencies in Panama, Hong Kong and Thailand.
As part of the operation, Australian authorities executed 19 search warrants across four states last week, seizing more than 1,000 encrypted mobile devices.
Authorities suspect that of the estimated 20,000 Phantom Secure devices in operation, 10,000 were being used just in Australia.
"They are unaware of any law enforcement partner that has identified even a single legitimate Phantom Secure user."
"The action taken in the U.S. directly impacts the upper echelons of organized crime both here in Australia and offshore, who until now have been able to confidently control and direct illicit activity like drug importations, money laundering and associated serious criminal offending," says Neil Gaughan, the assistant commissioner of organized crime for the Australian Federal Police.
Australia says it began working with the joint investigation in early 2017 after exchanging intelligence with the FBI and RCMP.