Not a great week for the FBI, encryption-wise. The same week it was revealed the FBI's encrypted communications system was cracked by the Russians, a report by Joseph Cox of Motherboard details the agency's failure to punch a hole in a phone company's encrypted network.
The phone company targeted by the feds was Phantom Secure, a device maker with a business model that revolved almost exclusively around making secure phones for criminals. Apparently the supplier of choice for the Sinola drug cartel, Phantom Secure had been under investigation for years when its owner was arrested in 2018.
These efforts were apparently made after the arrest of the head of the company, with the FBI pitching a major sentence reduction if Phantom Secure CEO Vincent Ramos built the agency a backdoor.
"He was given the opportunity to do significantly less time if he identified users or built in/gave backdoor access," one source who knows Ramos personally and has spoken with him about the issue after his arrest told Motherboard.
Other law enforcement officers who worked on the investigation said similar things. The FBI wanted a backdoor so it could go after Phantom's numerous criminal customers. Despite the pressure, it appears Ramos never gave the FBI what it wanted.
A third source told Motherboard "He never gave law enforcement a backdoor into Phantom Secure. He did not do that." When pressed on whether the FBI still asked for access, the source, who worked directly on the case, said, "Basically that's all I want to say. He did not give law enforcement a backdoor into Phantom Secure."
The DOJ's tradition of begging for backdoors was apparently part of this criminal investigation as well. Cox's report says the CEO didn't actually have the tech talent to create a backdoor so the FBI pushed him to talk one of his employees into crafting a hole in the Phantom's PGP-protected system. When your customers are drug cartels known for their viciousness, it's probably safer to take the extra years in an American prison, which appears to be what Ramos chose to do.
The arrest of Ramos gave the FBI some leverage but it still couldn't get the backdoor it wanted. And just because Phantom Secure ended up in the business of selling exclusively to criminal organizations doesn't mean that's the reason the company was created. As Cox notes, Phantom Secure started as a legit option for security-conscious customers. Unfortunately, it chose to pursue the criminal market when that appeared to be the more profitable sector.
While it may suck that the FBI it didn't get its backdoor, it probably works out better for cellphone users anywhere. Phantom Secure modified Blackberry devices with its own software to create an encrypted network. The creation of a backdoor into this network may have made it easier to exploit off-the-shelf Blackberry devices or other secure messaging services that use PGP to encrypt data. Assuming this backdoor would have been harmless just because it targeted known criminal users is the kind of assumption the FBI would love everyone to make. Let's not do it any favors.
In March, Motherboard reported that the FBI had arrested the CEO of Phantom Secure, a company selling custom, encrypted phones, and which allegedly provided them to high end organized criminal groups including the Sinaloa drug cartel. On Tuesday, Vincent Ramos, the CEO, pleaded guilty to running a criminal enterprise that facilitated drug trafficking, specifically through the sale of these encrypted phones.
The old truism is in play again with the FBI's renewed CryptoWar: if X is outlawed, only criminals will have X. In this case, it's secure encryption. The FBI may not be trying to get encryption banned, but it does want it weakened. No backdoors, claims FBI director Chris Wray, just holes for the government to use at its pleasure. So, if the FBI gets it way, the only truly secure encryption will be in the hands of criminals… exactly the sort of people the FBI claims it needs weakened encryption to catch.
Authorities have already arrested Vincent Ramos, Phantom Secure’s CEO. But the Department of Justice has indicted four other alleged Phantom associates, who are currently fugitives.
For years, a slew of shadowy companies have sold so-called encrypted phones, custom BlackBerry or Android devices that sometimes have the camera and microphone removed and only send secure messages through private networks. Several of those firms allegedly cater primarily for criminal organizations.
Our IP Address: