Feds swoop in on Phantom Secure CEO for selling encrypted BlackBerry and Android phones to criminal organizations

For years now, custom PGP BlackBerry and Android devices have been available for purchase and for just as long, those devices have been tied to criminal activities in one way or another. Whether it be directly or indirectly, police forces tasked with catching criminals have been onto the process for quite some time.

The latest bust information comes by way of Motherboard, who recently reported Vincent Ramos, founder, and CEO of Phantom Secure has been arrested as part of a joint operation between the Canadian and Australian authorities to crack down on one of the more well-established players in the PGP secured device arena that allegedly had members of the Sinaloa drug cartel counted as customers.

A complaint filed in the Southern District of California on Thursday charges Vincent Ramos, the founder, and CEO of Canada-based Phantom, with racketeering conspiracy to conduct enterprise affairs, as well as conspiracy to distribute narcotics, and aiding and abetting. Authorities arrested Ramos on Thursday, according to the court docket. Crucially, the complaint alleges that Ramos and Phantom were not simply incidental to a crime, like Apple might be when a criminal uses an iPhone, but that the company was specifically created to facilitate criminal activity.

In the past, details about how authorities caught folks in the act have been rather obfuscated but this time around the complaint filed and Motherboard sources highlight details such as bringing in the Royal Canadian Mounted Police to act as drug traffickers and several conversations that were organized to have the RCMP uncover officers confirm if it was safe to send messages such as "sending MDMA to Montreal" which initiated Phantom Secure's reply of it being "totally fine." Another instance has Phantom Secure CEO Ramos stating "We made it—we made it specifically for this [drug trafficking] too," to undercover agents.

If you haven't read the full report yet, I suggest you take a look at Motherboard for the full details but focusing on the BlackBerry portion here for a moment; there are pieces worth highlighting here that haven't been well articulated in the past. Generally, these articles focus on the security of BlackBerry smartphones, but this particular case highlights more so than previous ones that the devices used are heavily modified, and really, BlackBerry just happens to be the hardware of choice along with Android devices such as the Samsung Galaxy S6/S7 edge.

From the complaint filed:

According to PHANTOM own marketing materials and confirmed by our investigation, that of our foreign law enforcement partners, and my personal experience with the devices, I know that PHANTOM SECURE devices are dedicated data devices housed inside a BlackBerry handset. PHANTOM SECURE purchases BlackBerry handsets from Blackberry Limited and other Blackberry re-sellers.

Whereas the standard BlackBerry handset is sold to the public with all the customary smartphone functionalities, PHANTOM marketing materials state that when PHANTOM SECURE receives the BlackBerry handsets, its technical team removes the hardware and software responsible for all external architecture, including voice communication, microphone, GPS navigation, camera, Internet, and Messenger service.

PHANTOM SECURE then installs Pretty Good Privacy software and Advanced Standard on top of an email program, which it routes through servers located in countries, such as Panama and Hong Kong, believed by PHANTOM SECURE to be uncooperative with law enforcement. According to PHANTOM marketing materials, there are several advantages of having our servers and a portion of our business located in Panama, including the fact that Panama does not cooperate with any other country's.

As mentioned, these cases have been happening for years, and they're not likely to stop as long as criminals believe that they're safer when using the PGP enabled devices, but this time around the story has changed somewhat from ZOMG BLACKBERRY HAS BEEN HACKED to the more accurate, criminals caught doing stuff they shouldn't have been doing while using custom PGP enabled hardware. It's a small but important change to the reporting.