Modified BlackBerry phones sold to drug dealers, five indicted

By Lisa Vaas

A cocaine bust in Southern California has led to the indictment of five execs at “uncrackable” phone seller Phantom Secure. The investigation involved a suspect who allegedly used the devices to coordinate shipments of thousands of kilos of cocaine and other drugs.

As of this morning, Phantom Secure’s site was still up, advertising BlackBerry and other mobile devices with encrypted email and chat that make them impervious to decryption, wiretapping or legal third-party records requests.

But while Phantom Secure’s site was still up, the secure-phone company has been hollowed out.

The US Department of Justice (DOJ) indicted five of the company’s execs on Thursday, including Phantom Secure CEO Vincent Ramos. He’s the only one in custody. The remaining four execs are fugitives.

Authorities also seized Phantom Secure’s property, including more than 150 domains and licenses allegedly used by transnational criminal organizations to send and receive encrypted messages. They also seized bank accounts and property in Los Angeles, California and Las Vegas, Nevada.

According to the FBI’s criminal complaint, a Phantom Secure device whose hardware and software had been modified – including the technology that enables voice communication, microphone, GPS navigation, camera, internet access and Messenger service – cost between $2,000 to $3,000 for a six-month subscription.

You couldn’t become a client until a current subscriber vouched for you – a strategy likely meant to keep the company from being infiltrated by law enforcement agents, the FBI says. That strategy ultimately failed: investigators managed to infiltrate the company and eavesdrop on alleged conversations between drug dealers and Ramos. The bust involved agents around the world, including in the US, Canada (where Phantom Secure is based), Australia, Panama, Hong Kong and Thailand.

Ramos was arrested in Seattle on 7 March and has been charged with allegedly helping illegal organizations, including the Sinaloa drug cartel. He and his four fugitive colleagues have been charged with participating in and aiding and abetting a racketeering enterprise and conspiring to import and distribute controlled substances around the world.

Vice reports that the allegations include members of the notorious Sinaloa drug cartel having used Phantom’s devices, and that the “upper echelon members” of transnational criminal groups have bought Phantom phones.

Read more at https://nakedsecurity.sophos.com/2018/03/19/modified-blackberrys-sold-to-drug-dealers-five-indicted/

Russia accused of burrowing into US energy networks

By John E Dunn

Russia has been accused of so many things recently, it’s easy to lose track.

This week the Department of Homeland Security (DHS) added cyber-intrusion and surveillance of the US critical infrastructure sector to the growing list of accusations – in a move that might have been missed by commentators had it not come packaged with sanctions connected to alleged interference in elections.

Posted as an alert on US-CERT, this one matters. Anxiety about the probing of the energy grid goes back years but this is the first time the US has formally accused another country, Russia, of being behind such incidents.

Until now, the public alerts have been coy about attribution. Not this time:

Since at least March 2016, Russian government cyber actors targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.

Although it didn’t appear that any disruption had taken place this time, the incident pointed to menacing intent:

DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.

Coming only weeks after the US and its Five-Eyes allies joined forces to condemn Russia for last year’s global NotPetya malware attack, the report looks like another signal of a changed strategy.

Only days before, the UK Defense Secretary Gavin Williamson warned that Russia’s attitude to the UK might include wanting to:

Damage its economy, rip its infrastructure apart, actually cause thousands and thousands and thousands of deaths.

Attack reports traditionally include technical detail but without naming names. Now, it’s as if the US and UK have decided to play Russia at its own game of information war, exposing them in as much detail as possible.

Read more at https://nakedsecurity.sophos.com/2018/03/19/russia-accused-of-burrowing-into-us-energy-networks/

Facebook loses control of 50 million users’ data, suspends analytics firm

By Lisa Vaas

Cambridge Analytica – the data-crunching firm with tools so muscular that founder Christopher Wylie has described it as “Steve Bannon’s psychological warfare mindf**k tool” – has been collecting Facebook user data without permission through “a scam and a fraud,” Facebook said on Friday.

That statement to the New York Times came from Paul Grewal, a Facebook vice president and deputy general counsel. It preceded a day of chaos inspired by big data use and abuse that has raged all weekend and promises to keep playing out as lawmaker’s pledge to launch investigations.

On Friday, after a week of questions from investigative reporters, Facebook suspended Cambridge Analytica and parent company Strategic Communication Laboratories (SCL) from its platform. The suspensions came late in the game, news outlets are charging, given that Facebook has known about this for three years. Facebook, for its part, claims that the parties involved lied about having deleted harvested data years ago. At least one of the parties involved has shown evidence that points to Facebook having done very little to make sure the data was deleted.

The banishment was unveiled a day before the publishing of two investigatory reports – one from the New York Times, another from The Observer. The reports both detailed how Cambridge used personal information taken without authorization from more than 50 million Facebook users in early 2014 to build a system that could profile individual US voters in order to target them with personalized political ads.

Cambridge is owned by conservative Republican hedge fund billionaire Robert Mercer. It’s a voter-profiling company that was used by conservative investors during both the Trump and Brexit campaigns.

The NYT/Observer reports relied on interviews with six former employees and contractors plus a review of the firm’s emails and documents. One such source was whistleblower Christopher Wylie, who worked with Cambridge University professor Aleksandr Kogan to obtain the data. The Observer quoted Wylie:

We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.

Cambridge did so, the newspapers reported, because it had a $15 million investment from Mercer burning a hole in its pocket. Cambridge wanted to woo Steve Bannon with a tool to identify American voters’ personalities and to influence behavior, but it first needed data to flesh out that tool. So it took Facebook users’ data without their permission, according to the newspapers.

Read more at https://nakedsecurity.sophos.com/2018/03/19/facebook-loses-control-of-50-million-users-data-suspends-analytics-firm/