Sellers for Encrypted Phone Firm Ciphr Locked Out of Orders

Encrypted phone firm Ciphr, a company in an industry that caters to serious organized criminals, has made a radical change to how its product can be used and sold, signaling an attempt by the company to distance themselves from, or perhaps cut off, their problematic customers.

The move is significant in that Ciphr is one of the few remaining established members of the encrypted phone industry after a cascading series of high profile law enforcement actions against its competitors. Some companies, such as Sky Secure, have also tried to clean up their act by banning resellers who they have identified as catering to criminal markets. 

“As we continue to focus on our core competencies as a software development company, we have made the decision to no longer support our Mobile Device Management (MDM/UEM) services,” a message sent by Ciphr to its resellers and seen by Motherboard reads. MDM is a tool for managing lots of phones at once, and can be used to install apps or block others. Ordinary companies often use MDM to keep their employees’ devices secure. For years Ciphr has used MDM to distribute its encrypted messaging tools. 

Now, it is shifting that responsibility away from itself to individual resellers of the devices. The message says that for resellers to continue with new sales or renewals of customers’ subscriptions, they will need to run their own MDM solution. This essentially puts the management of customers much more in the hands of the resellers and not Ciphr. 

The message says that this policy will come into force Thursday. “Effective August 25th, 2022, our software will no longer be supported using our MDM solution,” the message reads. “If you choose not to host your own MDM you will not be able to activate new sales or renewals as of August 22nd, 2020,” it adds. 

The reason for Ciphr’s change, such as legally distancing itself from use of its products by criminals, is unclear. Ciphr has not responded to multiple emails sent over the past several weeks about this and related issues. Ciphr has previously responded to requests to comment for stories about its exit from certain markets.

“Next-level secure communication. The best app for encrypted messaging and calling,” Ciphr’s website reads. Motherboard has previously reported that Ciphr has been especially popular in Australia, where organized criminals have traditionally  used encrypted devices from companies that sometimes deliberately lean into serving such markets. After the FBI, Australian Federal Police, and European partners revealed that another encrypted phone company called Anom was secretly a law enforcement honeypot, Ciphr pulled out of the Australian market altogether, Motherboard previously reported. One criminal organization ran by a mastermind known as Mr. Blonde appears to have dodged the Anom honeypot because his associates were instead using Ciphr, the Sydney Morning Herald previously reported.

Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.

The message Ciphr sent to resellers caps off weeks of signs that the company was planning some sort of exit or change to its services. Weeks ago a website used by resellers of Ciphr became inaccessible, with vendors unable to log into the portal which allows them to renew customers subscriptions, according to a screenshot viewed by Motherboard at the time and a source with knowledge of the situation.

“HTTP ERROR: 404 — Compliance Issue, please contact support,” an error message displayed above the login page for Ciphr’s reseller portal read, according to the screenshot. Encrypted phone companies often use these password protected websites to let their resellers update customers' subscriptions or to sign up new users. The encrypted phone industry that Ciphr is part of often sells subscriptions to their services for thousands of dollars every six or 12 months. 

The source with knowledge of the situation said that some Ciphr users have moved to another company called SecureCrypt in response to the recent issues. Motherboard granted the source anonymity to speak more candidly about industry developments.

A former developer for Ciphr told Motherboard that even though they worked at the company for multiple years, they never saw the face of the company’s CTO. While other workers had their faces in their profile photos in chat programs, the CTO did not. 

“I have no idea what he looks like,” the developer said. The developer added they were not aware of who the sorts of people who bought Ciphr phones were before Motherboard alerted them to it earlier this year. Motherboard granted the developer anonymity to protect them from retaliation.

In 2018, the FBI shuttered Phantom Secure, a pioneer in the underground industry, and arrested its CEO Vincent Ramos. Various agencies were involved in a hack of Encrochat in 2020, and then Sky Secure last year. These companies, including Ciphr, have an especially heavy use among drug traffickers and other top tier criminals.

In 2017, someone created a website and dumped sensitive information about Ciphr users, including unique IMEI numbers and email addresses.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.