Inside the Phone Company Secretly Run By Drug Traffickers

Martin Kok had already dodged death once that day. As the 49-year-old Dutch convict turned successful crime blogger left a late lunch at an Amsterdam hotel in December 2016, a hooded man ran up to him, aimed a handgun at point blank range at the back of his head, and prepared to pull the trigger.

But either the assassin lost his nerve or the weapon jammed. CCTV footage later revealed the man ran off across the street, nearly getting hit by two cyclists, and disappeared into the city. Kok continued walking, oblivious.

Kok had enemies. On his website Butterfly Crime, Kok covered everyone from biker gangs to Moroccan drug lords. Kok was a killer himself, having been convicted of two murders. But after his life of crime, he focused on writing about the criminal underground, repercussions be damned. Someone had previously placed a bomb under his car that, according to a video made by the Dutch police, was as powerful as 40 hand grenades. He escaped that attempt on his life as well—he found the bomb before it exploded.

After leaving the hotel, Kok met with an associate named Christopher Hughes, known as "Scotty" for his heavy Scottish accent. Hughes worked for MPC, a company that made special, encrypted phones. MPC marketed these devices to the privacy-conscious, even using black and white portraits of Edward Snowden in advertisements. MPC was sponsoring Butterfly Crime, posting ads and flaunting MPC-branded hats and other memorabilia on the site and its social media. For Kok, it was easy money.

"MPC phone delivers multiple levels of encryption over a closed secure network," one tweeted advert from the company reads.

Hughes and Kok spent the evening in Boccacio, a sex club on the outskirts of Amsterdam. After their session, and as the puffer-jacket wearing Kok stepped into a Volkswagen Polo, a hooded figure jumped from the dense shrubbery around the parking lot and fired into the Polo, killing Kok. Hughes walked away from the scene, according to CCTV footage previously published by the Dutch police.

MPC, it turned out, was not an ordinary phone company.

AN UNDERGROUND TRADE

All over the world, in Dutch clubs like the one Kok frequented, or Australian biker hangouts and Mexican drug safe houses, there is an underground trade of custom-engineered phones. These phones typically run software for sending encrypted emails or messages, and use their own server infrastructure for routing communications.

Sometimes the devices have the microphone, camera, and GPS functionality removed. Some also have a dual-boot mode, where powering on the device as normal will show an innocuous menu screen with no sensitive information. But if certain buttons are held down when turning the phone on, it will reveal a secret file system containing the user’s encrypted text messages and other communications.

With these tweaks, the ordinary methods for law enforcement to intercept messages are cut-off—police can’t simply get an ordinary phone tap or subpoena messages from a company; the texts are typically only available in a readable form on the users’ devices.

A handful of these so-called "encrypted phone" companies exist. Many of them cater and sell to criminals. As Kok, the murdered blogger, wrote on his website in 2015, “I see on various crime sites these things [encrypted phones] are offered for sale because many of their future clients are also criminals. Advertising on a site where bicycles are offered does not make sense for this type of company.”

A British hitman, who prosecutors finally convicted thanks to location data from his fitness device, used an encrypted phone made by a firm called Encrochat. Police found an encrypted BlackBerry when investigating a massive criminal cannabis operation in New York. Phantom Secure sold its devices to members of the infamous Sinaloa Mexican drug cartel, according to the complaint filed against Vincent Ramos, the company’s creator. At the time a source added that Phantom Secure devices have been sold in Mexico, Cuba, and Venezuela, as well as to the Hells Angels biker gang.

Crucially, in the Phantom Secure case, prosecutors alleged the company was not incidental to a crime, in the same way Apple or Google may be when criminals use their phones, but instead that the phone was deliberately created to help criminal activity. In May, Ramos was sentenced to nine years in prison after he pleaded guilty to running a criminal enterprise that knowingly facilitated drug trafficking through the sale of these phones. (Multiple sources, including a family member that asked to remain anonymous as well as Ramos' lawyer, said Ramos set up the company for legitimate uses initially, before falling into the criminal market.)

For MPC, the process of setting up the devices was relatively simple: MPC would take a Google Nexus 5 or Nexus 5X Android phone, and then add its own security features and operating system, according to social media posts from MPC and a source with knowledge of the process. MPC then created the customer’s messaging accounts, added a data-only SIM card (which MPC paid about £20 a month for), and then sold the phone to the customer at £1,200. Six-month renewals cost £700, the source added. MPC only sold around 5,000 phones, the source said, but that still indicates the business netted the company some £6 million. At one point, a version of MPC's phones also used code from an open-source, security-focused Android fork called CopperheadOS, three sources said.

On its website, the company advertised security-focused laptops, tablets, and GPS tracking devices.

One day in March 2016, I checked my Twitter DM inbox and found a message from an MPC representative.

"Hi Joseph—I'm wondering if you as an individual can be paid to just [give] your honest opinion on encrypted devices in the market today? Or are you associated with anyone just now that would make that impossible," a direct message from the MPC Twitter account to me, read.

The MPC representative suggested they could provide a device for me to review, and asked if I've ever done similar for companies in this space. I declined to be paid, but said if they wanted me to have a look at their product, they should send some more details over.

"We want to send a device to you also of ours so you can see what it's all about—we have offered one million in pound sterling if anyone can break it and intercept our messages and read them," they wrote in a later message.

MPC never provided me with one of their phones, but the company continued to message me sporadically over the following year. At one point, the representative randomly complained of an alleged informant trying to infiltrate encrypted phone companies, and entrap MPC in a meeting.

"Please be aware of this guy; we believe he is a spook government agent trying to use companies like ours to try and gain credibility," MPC wrote.

Even in an industry that loves to embrace the cloak-and-dagger aesthetic, it's not often a PR person contacts you to alert you to an apparent spy trying to sneak their way into a company. Which naturally raises the question: Who in the world was behind MPC?

In 2018, a mysterious source reached out to me over an encrypted messaging program. There was very little chit chat; they cut right to the point and sent links to media reports about gangs trafficking multi-million dollars worth of cocaine.

"To give you an idea, the people behind MPC are mentioned here," the source said.

None of the articles mentioned MPC explicitly, but described how two serious drug and weapons traffickers from Glasgow took refuge in Portugal to escape an exploding gang war while still operating their business.

"For the time being, the crimelords are simply dubbed 'The Brothers,'" one Portugese report , based in part on the work of Scottish news site The Daily Record, read.

None of the articles named The Brothers. My source said their names were James and Barrie Gillespie.

And then in February, police confirmed my source was right. Police announced European arrest warrants against Hughes—the MPC employee who was with Kok as he was murdered—and four others. This included James and Barry Gillespie, the two on-the-run alleged kingpins.

The Brothers ultimately control MPC, according to two sources. The link between MPC and The Brothers and their gang has not been previously reported. The law enforcement operation into The Brothers has now stretched overseas, with 200 officers from Colombia, the FBI, and other agencies trying to track them down, and Scottish police regularly briefing the FBI and DEA.

“Please know this: 'The Brothers' connections are worldwide and are extremely violent,” a person with knowledge of the company said. Motherboard obtained company documents and spoke to multiple sources in the secure phone industry, some of whom have interacted directly with MPC, to build a picture of how The Brothers secured a serious chunk of the organized crime technology market through a campaign of threats, intimidation, and violence.

Motherboard granted several sources in this story anonymity to protect them from retaliation.

A law enforcement official currently investigating The Brothers told Motherboard, "Obviously it's MPC that we're interested in."

ESCALADE

Dutch investigators believe Kok’s assassination is linked to the so-called Escalade group, a name Scottish law enforcement has given to The Brothers’ criminal enterprise. One Scottish government document described Escalade as “an organized crime case involving the highest level of threat and sophistication in the United Kingdom.”

The group trafficked large quantities of cocaine and heroin from South America into Europe. "I’m told that this group is at the top of the chain of drug transactions in Scotland and the UK as a whole,” Judge Lord Boyd said while sentencing two members in April to seven years each in prison for helping to distribute weapons and drugs.

Several members tortured a man over an unpaid drug debt by tying him up in chains, breaking his arm, shooting him, and pouring bleach in his wounds. An accountant for the gang lied under oath to try and protect one of the torturers. An Escalade associate is wanted in connection with an attack against a former football manager, who was shot in the stomach and face.

“The Brothers run Scotland, they run it with total fear,” one source with knowledge of MPC told Motherboard. While a number of Escalade members have been arrested and imprisoned, The Brothers and others remain wanted fugitives.

Escalade’s adoption of high-end counter-surveillance tech puts them above other criminal groups. Parts of the gang kept semi-automatic weapons in hidden, hydraulics-powered compartments in customized vehicles. While being followed by police, members of the group seemingly used phone jamming equipment to block any cell phone signals from leaving their car. The group even had its own technology specialist.

But The Brothers didn't just use some fancy gadgets; they created the technological infrastructure that underpinned their criminal enterprise—MPC's encrypted phones.

"It's part of their tradecraft; a quite clever part of their tradecraft, that probably sets them aside from any other crime group," the law enforcement official investigating Escalade said.

Initially, The Brothers were clients of the encrypted phone industry, and used to buy their specialized BlackBerry devices from a company called Ennetcom, according to a source with knowledge of their operations. Dutch police say they have linked Ennectom, run by a man called Danny Manupassa, to cases of assassination, armed robbery, and drug trafficking.

The Brothers, not wanting to trust others with their security, decided to create their own devices. They hired developers to make a custom operating system. Motherboard confirmed the name of one of those developers with three sources in the secure phone industry; the developer did not respond to multiple requests for comment.

The Brothers then handed the phones out to groups and people they worked with on importing drugs, according to two sources.

But beyond just using the phones to help with securely committing crime, selling phones to organized gangs became a business venture in and of itself, according to two secure phone industry sources.

“Setup originally for working with their crime gang, then [they saw] there was a gap in the market so went at that,” one of the sources told Motherboard.

This expansion involved having some form of presence overseas. One industry insider sent Motherboard a photo of an MPC employee's business card; the card listed an address in a downtown Dubai office, as well as numbers for phones in the United Arab Emirates. Another source who has interacted with MPC said the organization would regularly create new companies before dismantling them once again. Motherboard found multiple companies linked to MPC in the UK database Companies House, with some using a slight variation on the main company name, but with the same registration address. Other related companies were registered in Amsterdam.

Motherboard identified an MPC employee thanks to those company database records, web domain information, and the business card. Two sources confirmed this person’s role in the company, with both saying he acted as a “frontman” for The Brothers. When reached for comment via email, the frontman asked Motherboard “[Where] did you hear about MPC.” He did not respond to a series of follow-up emails or messages. Motherboard is not naming the person as they have not previously been named in media reports, and to minimize any potential harm or retaliation against the individual for being identified.

Gaining a foothold in the encrypted phone market required more than simply making a device and selling it. The Brothers and associates embarked on a series of intimidation tactics and sometimes ordered acts of violence.

Two sources described slashing attacks, where gang members would attack a person’s face with a knife, with one specifying an attack was against an encrypted phone reseller. One source who met with MPC said the frontman threatened to kill them. Police compiled a file on the death threat, according to a copy of the file seen by Motherboard.

In another incident, The Brothers got involved directly by calling a phone reseller and threatening them. In an ironic good-cop-bad-cop routine, one brother screamed at this vendor, demanding he “get out of Glasgow if he wanted to live,” while the second sibling took a much more measured, diplomatic approach, according to a source with knowledge of the conversation.

In June 2017, the pressure on MPC seemed to mount up.

"The story is far bigger now tbh we have to put up with constant tactics both in the UK and also in Europe," MPC messaged me in June 2017. "Not just our phones but we know competitors phones also victims of top law enforcement agencies tactics."

By this time, the hooded figure had already murdered Kok outside the Amsterdam sex club. A few months later, prosecutors in a Glasgow court would lay out some of the Escalade group's serious crimes, including torture and murder, after police arrested several members of the organization.

In early 2018, Dutch police arrested two people suspected of playing a role in Kok’s assassination, and Ridouan Taghi, a Morrocan gang leader allegedly linked to the killing is on the run. A source said that Kok had angered members of the Morrocan mafia (a common target of his blog). The Brothers and their associates faced the European arrest warrants.

Ostensibly, MPC is now closed. Its website is offline and its Twitter account is dormant. Two sources said The Brothers shuttered the phone company after investigations into the group developed. The kingpins may still be using encrypted phones to communicate with family and associates, though.

Today The Brothers remain at large, with Police Scotland admitting in an appeal for information they don’t know the criminals' whereabouts. The Daily Record reported the pair may be in South America. Police Scotland’s Organised Crime and Counter Terrorism Unit (OCCTU) requested assistance from the US DEA to provide surveillance support.

A DEA spokesperson told Motherboard in an email, "We can confirm that MPC is part of an ongoing investigation, but cannot comment further due to that ongoing investigation." The FBI declined to comment. An Europol spokesperson wrote in an email, "unfortunately we cannot comment in relation to operational matters."

Kok, for his part, seemingly didn't know he was walking into a trap by working with MPC.

"For a phone that you can't crack […] MPC," he tweeted a few weeks before his death, along with a photo of him smiling, holding an MPC branded mug.

Subscribe to our new cybersecurity podcast, CYBER.