In a story that should interest anyone involved in on-line security the Canadian Press reports that:
The chief executive of a Vancouver-based company appeared in a Washington state court on Thursday in the first U.S. case in which a company has been targeted for providing criminal drug cartels with the technology to evade law enforcement, the U.S. Justice Department said.
Phantom Secure CEO Vincent Ramos was indicted, along with four of his associates, on charges related to providing criminal organizations with cellular phones and encrypted networks to coordinate the shipment of illegal drugs around the world.
"Phantom Secure allegedly provided a service designed to allow criminals the world over to evade law enforcement to traffic drugs and commit acts of violent crime without detection," said FBI Director Christopher Wray in a statement.
CNBC suggests that Phantom Secure was selling "hacked" BlackBerry and Samsung phones:
The people behind a company that hacked Samsung and BlackBerry phones to make them more secure, have been indicted for allegedly conspiring with drug cartels to help them evade law enforcement and sell narcotics.
Phantom Secure, a Canada-based firm, sold Samsung and BlackBerry devices that had been modified with a higher encryption. This made it difficult for the authorities to trace drug traffickers.
Phantom Secure's web site does say that:
We are a law-abiding company that is permitted to deliver encrypted communication services to our clients in order for them to protect their communications, without having the ability to decrypt their communications. Our service does not require personal information and has no back doors.
In providing such a service we do understand that there will be a very small number of people that may use our service to do activities we do not support. We do not condone the use of our service for any type of illegal activities and if known we will terminate the use of our service without notice. Considering this, requests for the contents of communications may arise from government agencies, which would require a valid search warrant from an agency with proper jurisdiction over Phantom Secure. However, our response to such requests will be the content and identity of our clients are not stored on our server and that the content is encrypted data, which is indecipherable.
(Score: 5, Insightful) by Bot on Saturday March 17 2018, @08:28AM (2 children)
CEO arrested for actually delivering on its promises.
Account abandoned.
(Score: 2) by legont on Saturday March 17 2018, @03:59PM
Secure phones kill people.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @04:45PM
Nope. These are not secure as Apple phones and not as secure as regular Android phones. Read the summary:
Same lame "encryption" service as most other providers. Hint - Your data isn't safe if someone else has access (keys) to it. This company is a lot smaller than google or apple and likely has a much smaller legal department. They would roll on their clients pretty quickly.
(Score: 5, Informative) by tonyPick on Saturday March 17 2018, @08:52AM (6 children)
And it appears to be over something other than "just" supplying secure phones.
https://www.theregister.co.uk/2018/03/13/phantom_secure_ceo_arrested/ [theregister.co.uk]
Link to the Affidavit...
https://regmedia.co.uk/2018/03/13/vincent-ramos-arrest.pdf [regmedia.co.uk]
(Score: 3, Insightful) by Runaway1956 on Saturday March 17 2018, @01:49PM (5 children)
Fair 'nuff - you found some more info. But, let us remember that an affadavit is just some guy's word put into writing, for court purposes. So - Ramos is ACCUSED OF a whole buncha shit.
I wonder if this isn't just a warning shot. "Anyone who goes into business making phones impossible for Gubbermint to crack will be destroyed."
Alternatively, maybe Ramos is guilty as charged, and Buggermint (hmm, is that a misspelling, or not?) has just been waiting for a case like this. They are now drooling like rabid dogs over this case.
“Take me to the Brig. I want to see the “real Marines”. – Major General Chesty Puller, USMC
(Score: 2) by tonyPick on Saturday March 17 2018, @04:05PM (4 children)
Yeah, but in this case the accusation is sworn testimony based on a long and detailed set of FBI, RCMP and Australian law enforcement activity records that would be very hard to manufacture (e.g. tracing drug shipment details between Australia and the US). It's not likely to be something one guy, or even one agency, could just make up in a field office to get promotion, and it's not something the FBI would use unless they're confident they can incorporate it into their case reliably.
I mean Ramos & Phantom Secure might have a spectacular defence planned for all of this, but it sounds like it'll have to be pretty good, and until we see a response then the Affidavit is the only set of facts we actually _have_.
Actually I think it counts against the various government "weaken encryption" arguments - it highlights that weakening or subverting public encryption tech won't affect the criminals (since they'll just be rolling their own anyway), and it shows that regardless of the encryption the criminals have the traditional law enforcement and social engineering techniques work against it.
(Score: 2) by hemocyanin on Saturday March 17 2018, @05:10PM (3 children)
Sworn testimony by the FBI? LOL
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @09:12PM (1 child)
I'd take their word over yours any day. And twice on Sundays.
(Score: 2) by hemocyanin on Sunday March 18 2018, @04:46AM
Weird -- I've never tried to get a national hero to kill himself, but have it your way.
(Score: 2) by tonyPick on Sunday March 18 2018, @12:56PM
If you ignore what the FBI says just because they are "big government", and then just take the "big government is bad" spin on stories as true, then all you've done is swap out one form of Gullible for another. Only you're easier to fool, because you're being taken in by things you want to believe,
You don't have to *trust* the FBI, to look at the evidence they actually produce and judge how plausible (or otherwise) that evidence is, and you don't have to like the conclusions to assess how likely they are to be true.
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @09:06AM (7 children)
The crypto wars are still on, and it's still a battle of the (potentially) opressed against the (potential) opressors. The first (two-fronted) battle was availability. The second battle was usability. The third, current, battle is broad acceptance.
This incident is a fallback to the first war, by people who didn't get the notice that they lost.
Lest you forget: even though it is incomprehensible to many of us here, most(!) people will gladly trade stability over freedom. The Romans called it "Bread and Circuses", and they were very capable judges of human behaviour.
(Score: 4, Informative) by Anonymous Coward on Saturday March 17 2018, @09:40AM (3 children)
Same AC here:
This reads like an actual drug case, not a crypto case.
After having read the affidavit (a sworn statement by an FBI agent - decide yourself whether he's manufacturing evidence) here's the central points:
1. Phantom Secure has extremely good tradecraft, and it's customers are no dummies either (which is legal...)
2. Law enforcement across several nations has not yet identified a single customer *not* being associated with drug trafficking (which could be simple incompetence, sampling bias, randomness, ...)
3. Phantom devices have been used for actual drug trafficking (which was foreseen as possible in the company's mission statement and is always a problem with secure communications)
4. The accused *was told personally* by an undercover agent in very explicit terms that drug stuff would be taking place over the phones
Points 1-3 are usually spun into a classic crypto-wars argument ... but not this time. The CEO was acutely, personally aware that he was helping drug runners (while not being aware they really were undercover agents) in at least one case.
So in my opinion they are busting him with all due justification. Police have been doing there work in exactly the way which we regularly demand around here: good, old-fashioned investigation.
I applaud the police for their work, keep it up, keep us safe! Thank you!
(Score: 2, Interesting) by Anonymous Coward on Saturday March 17 2018, @12:08PM (2 children)
In that case, I'd like to ask if every gun manufacturer should be held liable for crimes committed with their guns. After all, they are also personally aware that they are helping criminals. How about crowbar manufacturers? Or Tor developers and liability for the dark web?
Being aware that your products are being used by criminals should not be enough for liability. If the company was actively working with drug cartels, promoting their products as tools for criminals, or had specific knowledge that a particular sale will be used for crime, it's a different story.
Here's where that "specific knowledge" part comes into play. Was the statement believable, or was it something like "duuude, I'm totally using this to sell drugs, it's wicked"? And how did he respond?
A) "Great, keep up the good work, here's your phones."
B) "We do not condone our product being used for crime."
If he was told that phones were going to be used for crime, believed it, and still sold them to be used like that, prosecute the bastard. Is that what (allegedly) happened?
(Score: 5, Informative) by Runaway1956 on Saturday March 17 2018, @01:57PM
Gun dealers *can be* held liable for murder. You run a gun shop or pawn shop in an inner city ghetto. Dude stumbles into your shop, and hollers, "I gotta kill some sumbitch - gimme something cheap, and something deadly!" And, you proceed to sell him a cheap, lethal weapon for the express purpose of killing someone.
Forget about all the guns laws. Forget those laws that make sense, as well as those laws that are nonsense. You have just aided and abetted a murder. Your ass is grass, and the cops are the lawn mower.
“Take me to the Brig. I want to see the “real Marines”. – Major General Chesty Puller, USMC
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @03:45PM
From the Affidavit, section 25: RCMP undercover officer who'd been posing as drug dealer, and asking Phantom Secure personnel to delete evidence on a seized device after "learning" the police had arrested the owner. This section doesn't look very good for the specific knowledge defence. Quoting Directly from the Affidavit:
Annoyingly the PDF is just a text scan, so I had to retype it, but you get the gist.
Full thing here: https://regmedia.co.uk/2018/03/13/vincent-ramos-arrest.pdf [regmedia.co.uk]
(Score: 3, Insightful) by Bot on Saturday March 17 2018, @09:51AM (1 child)
I dunno if this is a win for the enemies of crypto.
I mean, crypto did not prevent a police op to jail baddies. That is, you can permit crypto and operate in the real domain, where crimes actually happen.
Sure, crypto enables criminals. So does money and banks, and weapons, and politics, and lawyers. So, apart killing all lawyers which is a no brainer, what else shall we ban?
Account abandoned.
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @02:11PM
Independent discussion forums obviously only harbor terrorists. Otherwise the users would be on Twatter and Failbook like fair, honorable folk.
(Score: 2) by All Your Lawn Are Belong To Us on Monday March 19 2018, @03:42PM
Which is why the Roman Empire still exists, eh?
Sorry, that was too easy and inaccurate. But if you buy into Maslow's hierarchy of needs [wikipedia.org], the need for food is physiological and primary. The circuses element is trickier, but it might fit into social belonging, or a sense of safety (See, you can be entertained so you're safe!) In any event, where does a desire for freedom fit on that scale? Unless you can convince someone it's better to starve and be free, or be bored and free, only those who have been fed will want freedom.
This sig for rent.
(Score: 1, Touché) by Anonymous Coward on Saturday March 17 2018, @09:14AM (7 children)
I hope they prevail against the government and gain more customers due to this free advertising done for them by no less than the FBI director.
(Score: 3, Interesting) by stormwyrm on Saturday March 17 2018, @11:34AM (6 children)
Numquam ponenda est pluralitas sine necessitate.
(Score: 3, Insightful) by TheReaperD on Saturday March 17 2018, @11:52AM (2 children)
Sadly, as the American Civil Liberties Union and the Free Software Foundation have long since discovered, you have to fight the cases for people's rights and freedoms with the cases you get handed, not the cases you want. Sometimes you have to defend the child rapist or drug smuggler if the government is overstepping its bounds and hoping it'll get a pass because you hate what the person has done enough to overlook any government transgressions, planning only to then use that new leeway on everyone else (because courts run on president). Now, whether or not this is one of those cases, I don't know, it requires a lot more information than we have here to make that judgement.
Ad eundum quo nemo ante iit
(Score: 4, Informative) by stormwyrm on Saturday March 17 2018, @12:23PM
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @12:53PM
Auto-correct alert!
> (because courts run on president)
What a terrible, terrible situation that would be.
Fortunately, the courts and the president are different branches of government and the courts actually run on *precedent* :)
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @02:16PM (2 children)
Are banksters getting charged with fraud facilitated by encrypted communications? How about cops who shoot innocent people?
If they are guilty, then they should be charged for the crime the committed. Encryption has nothing to do with it.
(Score: 0) by Anonymous Coward on Saturday March 17 2018, @02:35PM (1 child)
(Score: 2) by shortscreen on Saturday March 17 2018, @09:36PM
Maybe HSBC will file an amicus brief for them.
In other news, the War on Drugs is still dumb.
(Score: 2) by arcz on Saturday March 17 2018, @09:32PM
The FBI's press release makes it seem like they are able to arrest people for operating darknets. They aren't.
You can view the indictment which I've uploaded a copy of here:
https://rpnx.net/S.D.Cal._3_18-cr-01404-WQH_1_0.pdf [rpnx.net]
Two things are notable:
1) They (the executives) were basically using the network to smuggle drugs (allegedly), and
2) They didn't allow non-criminals to use the network. It was basically a criminal encrypted network without any legitimate uses (if the allegations are true).
So no, darknet isn't in danger yet.