Secure Phone Companies Clamp Down After Sinaloa Cartel-Linked Arrest
Earlier this month, the FBI arrested the CEO of Phantom Secure, a company allegedly providing encrypted phones to organized crime. Now, those in the secure device supply chain are trying to push criminals out.
After the FBI arrested a CEO allegedly providing custom BlackBerrys to the Sinaloa drug cartel, the wider secure phone industry is trying to clamp down on abuse of its products, according to sources and emails from multiple companies obtained by Motherboard.
The recent bust might be something of a reckoning for companies that create, sell, and maintain encrypted phones primarily for criminal groups—although the FBI and its international partners have targeted Phantom Secure, other firms in this space are still operational.
“There are some companies that would be paranoid and for good reason. They market themselves in a similar fashion and their business model exist because of criminals,” a source inside the secure phone trade told Motherboard. Motherboard granted the source anonymity to talk about sensitive industry developments.
In the complaint against Vincent Ramos, the owner of Phantom Secure, one of the most established firms in the secure phone space, it alleges Ramos told undercover investigators “We made it—we made it specifically for this [drug trafficking] too.” That alleged deliberate facilitation of crime is the thrust of the Phantom case, and one which other firms are likely trying to distance themselves from.
“You could see a lot of dodgy secure phone providers going down.”
In Phantom’s case, the phones have the camera, microphone, GPS and normal messaging functionality removed. Instead, the devices use Pretty Good Privacy (PGP) to send encrypted messages.
As a second source explained it, secure phone companies typically use a special type of SIM card which can be obtained anonymously. That practice may be under threat though, judging by an email sent to distributors by JT Global, a telecom which provides these SIM cards.
“We are currently undertaking a review of our customer due diligence files for compliance reasons,” the email reads. JT Global then asks its clients to provide legal information about their company, copies of passports for all directors, utility bills, as well as a description of what the products are being used for, all within two weeks.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.
With that in mind, “you could see a lot of dodgy secure phone providers going down,” the second source, who also spoke on the condition of anonymity, said. Indeed, it appears there may have already been a knock-on effect to other firms in this space. Secure Group, a Bulgarian company that sells its own security-focused phones and relevant SIM cards, announced on Tuesday it is experiencing issues activating new cards.
“BlackBerry SIM cards cannot be activated at all,” the announcement, provided to Motherboard, reads.
A spokesperson for Secure Group told Motherboard in an email it doesn’t sell products to companies in the secure phone industry, but also said, “We sell to distributors who in turn sell to resellers and enterprises. Our customers go through a rigorous screening and training process, including extensive checks to ensure their activity is legitimate and legal.”
Other projects which don’t market their tools to criminals but which may be abused by certain groups are also separating themselves from criminal elements.
“Simply put: if you are representing our product and brand and find yourself presented with an opportunity to engage with any figures from a criminal organization, you are to politely decline and move on. That's it,” an email sent by security-focused Android project Copperhead to its resellers, and obtained by Motherboard, reads. Copperhead is an operating system users can install onto their own devices, or customers can buy preloaded phones from Copperhead or its resellers.
Copperhead has faced issues with shadier secure phone companies, including one called MPC, using Copperhead code without the correct licenses and failing to pay its own developers thousands of dollars in fees, a source, who also requested anonymity, told Motherboard. MPC previously ran adverts on a crime focused news site.
“It is up to our resellers to hold the front line against being infiltrated by extraneous criminal activities. If your business isn't cash flow positive, then ask for help,” the Copperhead email adds.