Phantom Secure CEO sold encrypted phones to drug cartels

The CEO of “uncrackable” phone seller, Phantom Secure, has pleaded guilty to helping drug sellers keep their business locked away from the eyes of law enforcement as they distribute narcotics such as cocaine, heroin, and methamphetamine to locations around the world.

The DOJ announced on Tuesday that in his plea agreement, Vincent Ramos admitted that he and his fellow Phantom cronies – Kim Augustus Rodd, Younes Nasri, Michael Gamboa and Christopher Poquiz, all of whom are still on the run – kept their servers in Panama and Hong Kong and used virtual proxy servers to disguise their physical locations. They also remotely wiped devices seized by law enforcement.

Ramos used digital currencies, including Bitcoin, to do business in a way that would protect customers’ anonymity and launder Phantom Secure’s proceeds. Ramos admitted that at least 450 kilograms of cocaine were distributed using Phantom Secure devices.

As part of his guilty plea, Ramos agreed to an $80 million forfeiture money judgment as well as the forfeiture of tens of millions of dollars in identified assets, ranging from bank accounts worldwide, to houses, to a Lamborghini, to cryptocurrency accounts, to gold coins. Ramos also agreed to forfeit the server licenses and over 150 domains that were being used to operate the Phantom Secure network, enabling it to send and receive encrypted messages for criminals.

The five Phantom execs have been charged with racketeering and conspiring to import and distribute controlled substances around the world: specifically, the drug cartels that used their phones sold narcotics in the US, Australia, Mexico, Canada, Thailand and Europe.

In March, the US Department of Justice (DOJ) indicted the five Phantom execs.

According to the FBI’s criminal complaint, a Phantom Secure device whose hardware and software had been modified – including the technology that enables voice communication, microphone, GPS navigation, camera, internet access and Messenger service – cost between $2,000 to $3,000 for a six-month subscription.

You couldn’t become a client until a current, trusted subscriber vouched for you – a strategy likely meant to keep the company from being infiltrated by law enforcement agents, the FBI said.

That strategy ultimately failed: investigators managed to infiltrate the company and eavesdrop on conversations between drug dealers and Ramos while working toward a cocaine bust in southern California. The bust involved agents around the world, including in the US, Canada (where Phantom Secure is based), Australia, Panama, Hong Kong and Thailand.

The investigation involved a suspect who allegedly used the devices to coordinate shipments of thousands of kilos of cocaine and other drugs. At the time, Vice reported that the allegations included members of the notorious Sinaloa drug cartel in Mexico having used Phantom’s devices, and that the “upper echelon members” of transnational criminal groups have bought Phantom phones.

Ramos is set to be sentenced on 17 December in San Diego. He’s facing a maximum of 20 years in prison and a $250,000 fine, though maximum sentences are rarely handed down.

Encryption and law-breaking are not synonymous

This is one of the instances where the FBI and other law enforcement agencies have proved to be right: encryption does sometimes make it tougher to catch crooks.

More often, it serves to protect data privacy on behalf of law-abiding citizens. Unfortunately, but not surprisingly, law enforcement heads too often seek to connect the proliferation of end-to-end encryption with the battle against terrorists or criminals who use encryption to hide their tracks.

Take CIA Director Mike Pompeo: he marked the one-year anniversary of his swearing-in by offering a glimpse into the agency’s thinking on data encryption and cybersecurity. Speaking at the American Enterprise Institute, Pompeo said that granted, the clandestine agency is still “doing pretty good collecting signals intelligence,” despite the proliferation of end-to-end encryption. Still, he said, that doesn’t mean it doesn’t want more:

[Our success] does not foreclose the absolute imperative that we continue to improve our capacity to collect human intelligence.

Cyber is another vector – it’s not a threat of its own, but it is a means by which many non-nation-state actors can inflict incredible costs on the United States of America.

Or, as Pompeo once wrote:

The use of strong encryption in personal communications may itself be a red flag.

In the case of drug cartels, yes, the use of encryption can be a red flag. But encryption and law-breaking are far from synonymous. In the case of digitally arming yourself for defensive purposes, encryption is not a red flag: it’s simply a smart move.