Last week, Motherboard reported that the FBI had arrested the CEO of Phantom Secure, a company allegedly providing custom, security-focused BlackBerry phones to the Sinaloa drug cartel, among other criminal groups. But the feds aren’t only going after Phantom’s owner: on Thursday, the Department of Justice announced an indictment against other apparent Phantom staff too, and confirmed what one source told Motherboard before it became public knowledge—that authorities have seized Phantom’s domains used for routing messages.
The Justice Department’s announcement names Kim Augustus Rodd from Phuket, Thailand; Younes Nasri from Dubai in the United Arab Emirates; and Michael Gamboa and Christopher Poquiz both from Los Angeles as alleged co-conspirators of Vincent Ramos, Phantom’s Canada-based CEO. All five are charged with racketeering conspiracy offenses and conspiracy to aid and abet the distribution of narcotics, both of which carry a maximum of life in prison.Notably, although authorities have arrested Ramos, the four remaining defendants are not in custody, and are currently fugitives, according to the Justice Department press release.FBI Director Christopher Wray said in a statement, “The indictment of Vincent Ramos and his associates is a milestone against transnational crime.”“Phantom Secure allegedly provided a service designed to allow criminals the world over to evade law enforcement to traffic drugs and commit acts of violent crime without detection. Ramos and his company made millions off this criminal activity, and our takedown sends a serious message to those who exploit encryption to go dark on law enforcement,” he added.Like other companies in the secure phone space, Phantom’s devices have the camera and microphone removed, as well as GPS-functionality and normal messaging functions, according to court records. Instead, Phantom devices send messages encrypted with Pretty Good Privacy (PGP), and route their communications through the company’s overseas servers. On its website, Phantom also offers customized Android devices; recently, firms have increasingly moved to Android as a platform. According to the announcement, Phantom made some $80 million in annual revenue since 2008.
Importantly, Phantom’s case rests on whether the company deliberately and explicitly set out to facilitate criminal activity with its products. Some companies in this space do claim to provide services to legitimate customers. However, in one conversation with undercover investigators in Las Vegas in February 2017, Ramos allegedly said “We made it—we made it specifically for this [drug trafficking] too,” according to the criminal complaint.Even if prosecutors can prove that Ramos and other Phantom staff did knowingly and deliberately work with drug trafficking groups, the case is still a significant milestone: as the announcement says, this is the first time the US government has targeted a company for providing technological tools that allow users to evade law enforcement. Dutch authorities have busted two other encrypted phone companies, Ennetcom and PGPSure, in recent years.The Justice Department announcement adds that authorities have seized “more than 150 domains and licenses which were being used by transnational criminal organizations to send and receive encrypted messages.”Indeed, a source familiar with the industry told Motherboard last week, before the Justice Department’s public announcement on Thursday, that “the feds now control [Phantom Secure] domain names and probably the servers also.” Motherboard granted the source anonymity to talk about sensitive industry developments. The source said that the domain names for Phantom’s infrastructure changed ownership last Friday.Earlier this week, the lawyer listed on Ramos’ court docket declined Motherboard’s request for comment—the lawyer only represented the Phantom CEO in one hearing, meaning Ramos is likely to have another lawyer step in.At the time of writing, Phantom’s main website is still online. After Motherboard reported on one Phantom reseller on Monday, the reseller seemingly closed their Instagram account. Previously, it included phrases such as “snitches get stitches.”
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.