Tuesday, March 13, 2018

FBI Arrests CEO of Phantom Secure


According to a 2016 article on Engadget: BlackBerry smartphones have secure messaging as a matter of course, but for some that isn't enough: there are custom models that are even more secure thanks to PGP-encrypted mail. However, it seems that these locked down models aren't quite as safe as you'd think. The Netherlands Forensic Institute has confirmed a recent report that it's capable of scooping up encrypted data from PGP-equipped BlackBerry devices. It's not discussing the exact techniques involved, but it's relying on a tool from CelleBrite to get the job done. One possibility is that investigators are guessing the password based on a memory dump, although that normally requires yanking a memory chip off the phone's motherboard.

If it's any consolation, police need physical access to crack these BlackBerrys. Their methods also aren't completely reliable (a small batch couldn't be cracked), and it's uncertain that this will work with every single PGP implementation.

Yet, March 10, 2018 articles on Yahoo Finance and Motherboard stated that " the FBI arrested Vincent Ramos, the founder of the well-established phone mod seller Phantom Secure, for allegedly aiding criminal organizations that include the Sinaloa drug cartel. The company altered BlackBerry and Android devices to disable common features (including the camera and web browsing) while adding Pretty Good Privacy for encrypted conversations."  "The heavily redacted complaint, written by FBI Special Agent Nicholas Cheviron, alleges that even members of the notorious Sinaloa drug cartel used Phantom’s devices, and that the "upper echelon members" of transnational criminal groups have bought Phantom phones. A second source also familiar with the secure phone industry told Motherboard that the devices have been sold in Mexico, Cuba, and Venezuela, as well as to the Hells Angels gang. Cheviron estimates that 20,000 Phantom devices are in use worldwide, with around half of those in Australia; bringing in tens of millions of dollars of revenue to Phantom.

From the complaint filed:

According to PHANTOM own marketing materials and confirmed by our investigation, that of our foreign law enforcement partners, and my personal experience with the devices, I know that PHANTOM SECURE devices are dedicated data devices housed inside a BlackBerry handset. PHANTOM SECURE purchases BlackBerry handsets from Blackberry Limited and other Blackberry re-sellers.

Whereas the standard BlackBerry handset is sold to the public with all the customary smartphone functionalities, PHANTOM marketing materials state that when PHANTOM SECURE receives the BlackBerry handsets, its technical team removes the hardware and software responsible for all external architecture, including voice communication, microphone, GPS navigation, camera, Internet, and Messenger service.

PHANTOM SECURE then installs Pretty Good Privacy software and Advanced Standard on top of an email program, which it routes through servers located in countries, such as Panama and Hong Kong, believed by PHANTOM SECURE to be uncooperative with law enforcement. According to PHANTOM marketing materials, there are several advantages of having our servers and a portion of our business located in Panama, including the fact that Panama does not cooperate with any other country's.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.