Canada-based Phantom Secure was a criminal enterprise that provided secure communications to high-level drug traffickers and other criminal organization leaders. The group purchased smartphones, removed all of the typical functionality—calling, texting, Internet, and GPS—and installed an encrypted e-mail system, so the phones could only communicate with each other. If a customer was arrested, Phantom Secure destroyed the data on that phone, which is obstruction of justice under U.S. law. In an attempt to thwart law enforcement efforts, the company required new customers to have a reference from an existing user.
Given the limited functionality of the phones and the fact that they only operate within a closed network of criminals, all of Phantom Secure’s customers are believed to be involved in serious criminal activity. Most of Phantom Secure’s 10,000 to 20,000 users are the top-level leaders of nefarious transnational criminal organizations in the U.S. and several other countries, and the products were marketed as impervious to decryption or wiretapping.
In collaboration with the Australian Federal Police, Royal Canadian Mounted Police, and law enforcement agencies in Panama, Hong Kong, and Thailand, Phantom Secure’s founder and chief executive Vincent Ramos was arrested in Bellingham, Washington, on March 7. Four of Ramos’ associates are fugitives. They are charged with conspiracy to distribute narcotics and Racketeer Influenced and Corrupt Organizations (RICO) Act violations.
This case is the first time the U.S. government has targeted a company and its leaders for assisting a criminal organization by providing them with technology to “go dark,” or evade law enforcement’s detection of their crimes.
“By shutting down Phantom Secure, criminals worldwide no longer have that platform to conduct their dangerous criminal activities.”
Nicholas Cheviron, special agent, FBI San Diego
The FBI takes an enterprise approach to transnational organized crime, taking down criminal organizations from the top using the RICO Act. The sweeping investigation allowed the entire illicit operation—and its technological infrastructure—to be taken down at one time.
“We had to investigate the entire company and its leaders, both from a personnel and technology perspective,” Cheviron said. “Without arresting the principals and seizing the technology, including more than 150 domain names, you wouldn’t be able to disrupt the communication.”