WEBVTT - Joseph Cox: Dark Wire 0:00:00.360 --> 0:00:05.480 This story contains adult content and language. Listener discretion is advised. 0:00:12.960 --> 0:00:15.760 And they can see all of these messages and they 0:00:15.800 --> 0:00:20.599 realize these phones this is where the criminals have been hided. 0:00:25.800 --> 0:00:29.680 I'm Kate Winkler Dawson, a nonfiction author and journalism professor 0:00:29.720 --> 0:00:32.440 in Austin, Texas. I'm also the co host of the 0:00:32.479 --> 0:00:36.320 podcast Buried Bones on Exactly Right, and throughout my career 0:00:36.600 --> 0:00:40.360 research for my many audio and book projects has taken 0:00:40.400 --> 0:00:43.640 me around the world. On Wicked Words, I sit down 0:00:43.680 --> 0:00:48.400 with the people I've met along the way, amazing writers, journalists, filmmakers, 0:00:48.400 --> 0:00:52.840 and podcasters who have investigated and reported on notorious true 0:00:52.840 --> 0:00:56.640 crime cases. This is about the choices writers make, both 0:00:56.680 --> 0:00:59.600 good and bad, and it's a deep dive into the 0:01:00.000 --> 0:01:05.679 publish details behind their stories. In twenty eighteen, the FBI 0:01:05.840 --> 0:01:09.440 discovered that high level criminals around the world were using 0:01:09.640 --> 0:01:14.319 encrypted devices to plot intricate crimes. When a powerful, secure 0:01:14.480 --> 0:01:18.320 new app began courting these syndicates, members of the underworld 0:01:18.400 --> 0:01:21.720 flocked to it. One problem for the criminals, though the 0:01:21.760 --> 0:01:25.679 app was created by the FBI. Joseph Cox tells us 0:01:25.720 --> 0:01:31.640 the incredible story from his book Dark Wire. Why don't 0:01:31.640 --> 0:01:33.800 you give me sort of your elevator pitch of what 0:01:34.040 --> 0:01:37.319 this book is about. When you're talking to someone who says, oh, 0:01:37.319 --> 0:01:38.880 I heard you read a book. I don't know anything 0:01:38.880 --> 0:01:40.040 about it. Tell me about it. 0:01:40.360 --> 0:01:42.920 I mean to come out swinging straight away. It is 0:01:42.959 --> 0:01:47.280 about how the FBI secretly ran a tech startup for 0:01:47.360 --> 0:01:51.720 organized crime in order to wiatap the world. It's very 0:01:51.760 --> 0:01:54.040 crazy when you put it into one sentence like that, 0:01:54.360 --> 0:01:58.240 but this was the largest sing operation ever. Usually you 0:01:58.280 --> 0:02:02.840 may think about the FBI investigating one drug trafficking ring, 0:02:03.080 --> 0:02:06.360 or some money launderers, or even one murder. Here they 0:02:06.440 --> 0:02:12.320 investigated thousands, potentially over ten thousand at once. By providing 0:02:12.760 --> 0:02:17.240 the critical infrastructure that these criminals use. It's basically the 0:02:17.240 --> 0:02:21.880 biggest wire app that's ever existed. And of course tons 0:02:21.919 --> 0:02:24.520 of interesting questions come up from that. And I really 0:02:24.520 --> 0:02:29.080 think the book is about trust. These criminals trusted this 0:02:29.240 --> 0:02:31.680 phone so much that they were willing to commit crimes 0:02:31.680 --> 0:02:35.240 on it. The FBI trusted its international partners, which I'm 0:02:35.280 --> 0:02:37.880 sure we'll get into, the Germans, the Swedes, the Dutch, 0:02:38.000 --> 0:02:41.880 and hoping that this audacious operation would not leak. It 0:02:41.919 --> 0:02:44.440 was basically a miracle and then also, I think for 0:02:44.600 --> 0:02:48.880 us trusting, well, when are we really communicating in private? 0:02:49.160 --> 0:02:51.840 And how do we know when the messaging apps that 0:02:51.880 --> 0:02:54.520 we're using, or the phone line we're using or whatever 0:02:55.120 --> 0:02:58.200 is really secure? And it's almost getting harder and harder 0:02:58.400 --> 0:02:59.880 to answer that question. 0:03:00.360 --> 0:03:03.760 How did the FBI get this kind of information about 0:03:03.840 --> 0:03:07.320 organized crime before we had wire taps and apps and 0:03:07.360 --> 0:03:09.519 all of that, was that mostly informants. 0:03:09.760 --> 0:03:13.320 Yeah, you're going to have human intelligence like informants, you're 0:03:13.360 --> 0:03:16.640 going to have old fashioned police work. I mean, the 0:03:16.639 --> 0:03:20.600 wiretap now is over a century old, right, and they 0:03:20.600 --> 0:03:23.639 were very very quick to exploit that, as were other 0:03:23.720 --> 0:03:27.320 law enforcement agencies. But then there is always this cat 0:03:27.360 --> 0:03:31.360 and mouse between law enforcement and criminals, and criminals will 0:03:31.360 --> 0:03:34.600 then move to something like a pager, for example, or 0:03:34.680 --> 0:03:38.280 then maybe they start using cell phones and mobile phones 0:03:38.280 --> 0:03:40.920 and that sort of thing. And you can imagine, of course, 0:03:41.240 --> 0:03:44.000 you know, the wire or the sopranos or something like that, 0:03:44.080 --> 0:03:46.760 and those are sort of the stereotypical cases of well, 0:03:46.800 --> 0:03:50.600 this is how the FBI or other agencies investigate organized crime. 0:03:51.040 --> 0:03:54.360 But there's been a technological leap that I think people 0:03:54.800 --> 0:03:57.040 in the general public aren't really aware of, which is 0:03:57.120 --> 0:04:00.960 that criminals have started using these very sophisticated encryptive phones, 0:04:01.320 --> 0:04:06.160 and it's basically the most important technological leap that criminals 0:04:06.200 --> 0:04:09.360 have made since the invention of the cell phone in 0:04:09.400 --> 0:04:12.720 the first place. So whereas for decades upon decades, as 0:04:12.720 --> 0:04:15.920 you say, going back, all of that time is informants 0:04:15.920 --> 0:04:18.760 and the normal phone lines, we're in a different world 0:04:18.839 --> 0:04:25.400 now where many top tier criminals can basically communicate securely, 0:04:25.640 --> 0:04:27.520 and they can communicate in such a way where law 0:04:27.600 --> 0:04:30.359 enforcement probably aren't actually going to get the contents of 0:04:30.400 --> 0:04:33.960 their communications. It's an entirely different world now to even 0:04:34.480 --> 0:04:37.080 you know, the eighties or seventies, the nineties, it's just 0:04:37.120 --> 0:04:38.320 a different ecosystem now. 0:04:38.520 --> 0:04:41.000 I know this might be an odd question. I'm curious, 0:04:41.120 --> 0:04:44.239 is there a way to easily explain why the FBI 0:04:44.440 --> 0:04:46.240 at some point in history might have been able to 0:04:46.320 --> 0:04:49.839 tap landlines but then not cell phones, Because I feel 0:04:49.839 --> 0:04:52.680 like in every kind of cloak and Dagger movie, it's like, oh, no, 0:04:52.760 --> 0:04:54.320 we're safe, let's talk on a cell phone, but we 0:04:54.360 --> 0:04:57.320 can't talk on landlines. So what would be the difference. 0:04:57.320 --> 0:05:00.280 As we're moving more towards the modern part of the story. 0:05:00.360 --> 0:05:04.440 Back with original wire taps. It was literally that law 0:05:04.560 --> 0:05:07.599 enforcement would go and they would place a device or 0:05:07.600 --> 0:05:11.800 even crocodile clips or some sort of interception capability onto 0:05:11.880 --> 0:05:15.520 the literal wires which are carrying the communication. Of course, 0:05:15.560 --> 0:05:19.520 when criminals start to move towards cell phones, the infrastructure 0:05:19.560 --> 0:05:21.320 of that has changed, and then that's where you see 0:05:21.360 --> 0:05:25.479 the FBI or other agencies doing closer collaboration with AT 0:05:25.600 --> 0:05:29.520 and TV, Verizon, T Mobile, whoever. And they're always catching 0:05:29.560 --> 0:05:32.760 up to where the criminals are moving towards. And that's 0:05:32.839 --> 0:05:35.440 just a constant theme over the past one hundred years 0:05:35.440 --> 0:05:37.920 and decades. The criminals go a few little steps forward, 0:05:38.080 --> 0:05:41.440 and then the law enforcement agencies catch up, and it's 0:05:41.440 --> 0:05:45.160 gone from something that was purely physical as in touching 0:05:45.200 --> 0:05:48.480 the cable getting the communication to of course, now not 0:05:48.560 --> 0:05:51.400 just cell phones, but the Internet writ large, and there 0:05:51.400 --> 0:05:54.279 are places where you can go and intercept Internet data. 0:05:54.760 --> 0:05:57.840 Thinking about the NSA and GCHQ, where they literally tap 0:05:57.920 --> 0:06:01.360 the undersea cables that carry the world data. Of course, 0:06:01.400 --> 0:06:03.880 that's not something that law enforcement is typically going and doing. 0:06:03.920 --> 0:06:06.960 That's in the realm of intelligence agency. So there's always 0:06:07.000 --> 0:06:08.479 going to be a divide there as well. 0:06:09.000 --> 0:06:11.599 Well. Before we get into the sting operation that just 0:06:11.640 --> 0:06:16.320 seems so elaborate and overwhelming and creative. I do want 0:06:16.360 --> 0:06:19.440 to dip in a tiny bit about the encrypted apps, 0:06:19.600 --> 0:06:22.280 because you know, in the last month or two apps 0:06:22.320 --> 0:06:26.560 that are encrypted, like Signal, have popped up in hearings 0:06:26.600 --> 0:06:29.880 and house hearings through a lot of controversy. To simplify it, 0:06:29.920 --> 0:06:34.039 are there sort of three levels of secure phone lines. 0:06:34.120 --> 0:06:36.240 There's the lowest level like what I use, where anybody 0:06:36.279 --> 0:06:39.600 could probably tap into it. Then there is something like Signal, 0:06:39.760 --> 0:06:41.960 you know, an app where it says it's encrypted, but 0:06:42.040 --> 0:06:46.159 obviously it's not as secure as the third highest level, 0:06:46.160 --> 0:06:48.400 which would be whatever the government is using. I'm not 0:06:48.440 --> 0:06:51.080 even one hundred percent sure what encrypted means, so maybe 0:06:51.080 --> 0:06:52.680 give me the dummy version of all of that. 0:06:52.960 --> 0:06:55.160 I think that's a totally fair characterization, where you have 0:06:55.240 --> 0:06:59.400 those free levels of a completely ordinary phone line, which yes, 0:06:59.480 --> 0:07:01.320 it might be rypt in some ways, but it's not 0:07:01.400 --> 0:07:03.680 exactly done in a robust way, and you can have 0:07:04.040 --> 0:07:06.600 people intercepting it, or you can have wide apps as 0:07:06.640 --> 0:07:10.840 well that next level, such as the Signals or potentially 0:07:10.920 --> 0:07:13.440 the telegrams of people familiar with that app as well. 0:07:13.680 --> 0:07:16.520 What that does is that it will take the message 0:07:16.560 --> 0:07:18.800 that you've typed out on your phone, a text message 0:07:18.880 --> 0:07:21.840 or a voicemail or whatever, and it will encrypt it 0:07:22.240 --> 0:07:24.720 while it's still on the phone, so it hasn't crossed 0:07:24.760 --> 0:07:27.760 the cables yet, it hasn't entered the wider Internet yet, 0:07:27.920 --> 0:07:31.040 and it's safely packaged that up it transmits across and 0:07:31.080 --> 0:07:34.680 then hopefully only the person who's supposed to receive that 0:07:34.920 --> 0:07:37.080 is able to decrypt it. And you don't notice any 0:07:37.080 --> 0:07:39.600 of this, right You're just using signal or whatever, and 0:07:39.640 --> 0:07:44.200 it happens instantaneously, but in the background, that very robust 0:07:44.400 --> 0:07:47.800 set of security steps is happening. Now, if somebody did 0:07:47.840 --> 0:07:50.760 intercept that, it would just be absolute gibber. It should 0:07:50.800 --> 0:07:53.240 be ones and zeros or random letters, and they could 0:07:53.280 --> 0:07:55.760 intercept something, but they won't be able to read any 0:07:55.760 --> 0:07:58.360 of it. And then, as you say, the next layer 0:07:58.960 --> 0:08:03.000 is the device and the systems that hopefully members of 0:08:03.040 --> 0:08:05.480 the US governments and other governments are using, whereas it 0:08:05.480 --> 0:08:09.040 won't just be encrypted, but the phone or the device 0:08:09.080 --> 0:08:12.920 itself will be hardened as well. You know, you can 0:08:12.960 --> 0:08:15.800 have the best encryption in the world. If someone has 0:08:15.880 --> 0:08:19.240 hacked your phone, that's the place where the message is landing, well, 0:08:19.240 --> 0:08:21.280 then potentially they can read it as well. 0:08:21.400 --> 0:08:24.400 What is the danger of sending something that's very sensitive 0:08:24.440 --> 0:08:26.720 through signal if they're not going to receive any kind 0:08:26.720 --> 0:08:28.280 of a real quote unquote information. 0:08:28.760 --> 0:08:34.120 The benefit of signal is that you can send stuff 0:08:34.440 --> 0:08:37.160 and then if it's intercepted, it's not going to be 0:08:37.200 --> 0:08:40.320 readable by any authorities or any third parties they're getting it. 0:08:40.480 --> 0:08:43.200 But yes, if you hack onto the if somebody hacks 0:08:43.200 --> 0:08:44.719 the phone at the end of that, they're going to 0:08:44.720 --> 0:08:46.680 be able to read that. And that's just something which 0:08:46.720 --> 0:08:50.360 is the limit of encryption technology. Encryption can protect the 0:08:50.400 --> 0:08:52.720 contents of your messages and can protect it as it's sent. 0:08:53.320 --> 0:08:55.960 It can't protect you if a hacker is broken into 0:08:56.000 --> 0:08:59.280 your phone, or if you accidentally add a journalist to 0:08:59.320 --> 0:09:01.640 a group chat and then they are of course receiving 0:09:01.679 --> 0:09:04.400 all of that data as well. It can't protect against 0:09:04.840 --> 0:09:08.400 mistakes or to be less charitable, stupidity depending on the 0:09:08.400 --> 0:09:10.439 way that you're looking at it. You have to use 0:09:10.480 --> 0:09:13.760 the technology in the right way. And the great thing 0:09:13.760 --> 0:09:16.480 about these consumer apps like Signal or other ones like it, 0:09:16.600 --> 0:09:21.359 they try to eliminate the room for you to make mistakes. Basically, 0:09:21.640 --> 0:09:24.480 encryption has been around for decades, but I remember when 0:09:24.520 --> 0:09:26.360 I started using it round about the time of the 0:09:26.520 --> 0:09:30.400 Edward snowd Of revelations of twenty thirteen. It was so difficult. 0:09:30.480 --> 0:09:33.280 It was cumbersome. You had to use all these different 0:09:33.280 --> 0:09:36.920 tools and encrypture email in this really fancy way. Nowadays, 0:09:37.080 --> 0:09:39.040 you can just use WhatsApp, which is also end to 0:09:39.120 --> 0:09:41.120 end encrypted. You can use I Message, you can use 0:09:41.160 --> 0:09:43.000 any of these other ones and we don't even have 0:09:43.080 --> 0:09:45.560 to think about it. And that's a net positive that 0:09:45.679 --> 0:09:48.920 billions of people around the world are able to communicate 0:09:49.240 --> 0:09:52.880 more privately with confidentiality, and of course criminals can now 0:09:52.920 --> 0:09:53.520 do that as well. 0:09:56.760 --> 0:09:59.600 So was there to get to your story? Was there 0:10:00.040 --> 0:10:03.280 an incident that started all of this for the FBI? 0:10:03.480 --> 0:10:06.760 Did they start realizing that the criminal enterprises around the 0:10:06.800 --> 0:10:10.360 world were getting these encrypted phones that they could not access. 0:10:10.559 --> 0:10:14.200 Yeah, So, in around twenty fifteen twenty sixteen, the FBI 0:10:14.640 --> 0:10:18.960 is investigating this drug trafficker called Owen Hanson, and it 0:10:19.040 --> 0:10:23.120 seems he's pretty successful. They use an informant to basically 0:10:23.240 --> 0:10:27.120 bait him into doing a methmthetamine deal. They presume he's 0:10:27.160 --> 0:10:30.360 selling many more drugs. But they actually can't get a 0:10:30.360 --> 0:10:33.600 tap on his phone because he's using this very unusual 0:10:34.040 --> 0:10:36.680 BlackBerry back when those were cool and popular. 0:10:36.800 --> 0:10:37.760 I love blackberries. 0:10:38.000 --> 0:10:40.640 They had they're very cool keyboard. Drug traffickers loved those 0:10:40.679 --> 0:10:43.439 as well. But the FBI found that owen Hanson was 0:10:43.559 --> 0:10:46.400 using one of those and it could send encrypted emails. 0:10:46.679 --> 0:10:50.240 It also had the microphone removed, the camera taken out, 0:10:50.440 --> 0:10:53.800 the GPS as well. It basically wasn't a phone, it 0:10:53.840 --> 0:10:56.520 was like a computer in his pocket that could send 0:10:56.640 --> 0:11:02.120 encrypted messages. So the FBI investigate him without fully understanding 0:11:02.440 --> 0:11:05.199 all of the contours of his crimes, they still have 0:11:05.320 --> 0:11:08.120 enough to prosecute him. They get hold of this phone 0:11:08.400 --> 0:11:12.320 made by a company called Phantom Secure. Unfortunately for owen Hanson, 0:11:12.559 --> 0:11:15.559 he hadn't changed the default password, so the FBI were 0:11:15.559 --> 0:11:18.600 able to log in very very quickly, and they can 0:11:18.640 --> 0:11:21.760 see all of these messages because again now they're on 0:11:21.760 --> 0:11:24.559 the endpoint, they're on the device, and they're scrolling through 0:11:24.840 --> 0:11:29.480 and there's just thousands talking about criminal activity and they realize, oh, 0:11:29.840 --> 0:11:34.240 these phones, this is where the criminals have been hiding. 0:11:34.520 --> 0:11:36.679 They're not on the normal phone lines anymore. They're not 0:11:36.760 --> 0:11:41.200 on the cell phones. They're on these really sophisticated, customized 0:11:41.760 --> 0:11:46.880 pocket sized computers, And that basically starts the FBI's near obsession, 0:11:47.240 --> 0:11:51.080 or the San Diego fbis near obsession with looking into 0:11:51.120 --> 0:11:55.000 these companies, shutting them down, and eventually running their own 0:11:55.000 --> 0:11:55.439 as well. 0:11:55.600 --> 0:11:59.000 So the FBI's understanding in twenty fifteen or before was 0:11:59.040 --> 0:12:02.720 that these enterprises were run over at and T cell phones, 0:12:02.760 --> 0:12:04.400 normal cell phones that were encrypted. 0:12:04.760 --> 0:12:08.000 I think when they've been investigating drug trafficking rings before 0:12:08.120 --> 0:12:11.960 or other criminals, the sort of approach of these criminals 0:12:12.000 --> 0:12:16.040 has just been to sort of compartmentalize information, only tell 0:12:16.200 --> 0:12:19.160 people certain things, maybe use code words, all of the 0:12:19.280 --> 0:12:22.440 very stereotypical things you see in TV. But then when 0:12:22.480 --> 0:12:26.120 they're scrolling through these messages Owen Hanson and other people 0:12:26.200 --> 0:12:29.959 later on, they're not using code words. They're saying I'm 0:12:30.000 --> 0:12:33.280 going to send the five thousand kilos of cocaine or whatever. 0:12:33.440 --> 0:12:36.640 Because they're so confident in this encryption technology. Well, what's 0:12:36.679 --> 0:12:38.360 the point of using code words. We can just be 0:12:38.760 --> 0:12:41.360 explicit and blunt about it and say I'm sending the 0:12:41.400 --> 0:12:43.719 heroin to this place. And as they were going through 0:12:43.760 --> 0:12:47.920 the messages. There were addresses of where where these drugs 0:12:47.920 --> 0:12:49.800 were being picked up, where they were being sent to, 0:12:49.880 --> 0:12:53.480 as well the names of contacts. It was like opening 0:12:53.559 --> 0:12:57.239 up an entire new window to criminality. 0:12:57.760 --> 0:13:01.880 So in twenty twenty five terms this twenty fifteen technology, 0:13:01.920 --> 0:13:05.160 where does that fall, that encryption technology? Where does what 0:13:05.240 --> 0:13:07.520 Owen Hansen was using. Where does that fall on our 0:13:07.600 --> 0:13:10.400 three levels? Is it closer to the government level these days? 0:13:10.520 --> 0:13:12.360 Or is it more the signal level. 0:13:12.600 --> 0:13:15.160 It's kind of in between two of them, in between 0:13:15.200 --> 0:13:17.280 the signal one and the sort of the government level, 0:13:17.320 --> 0:13:20.920 because yes, it's encrypted, so if it gets intercepted, you're 0:13:20.920 --> 0:13:22.840 not going to be able to read it. But where 0:13:23.240 --> 0:13:26.400 these companies selling these phones to organize criminals, they did 0:13:26.440 --> 0:13:30.000 take that extra step of removing the camera, removing the GPS, 0:13:30.080 --> 0:13:33.040 taking out the microphone as well, and you know, it's 0:13:33.120 --> 0:13:37.160 kind of debatable how beneficial those removals are. But your 0:13:37.280 --> 0:13:41.840 traffickers love it when these companies introduce bells and whistles, 0:13:41.880 --> 0:13:44.240 new gadgets, or they take features out, when really the 0:13:44.280 --> 0:13:47.120 most important thing is that it's sending encrypted text messages, 0:13:47.200 --> 0:13:50.479 but it sits somewhere in between because they're highly customized 0:13:50.640 --> 0:13:52.880 and they're really expensive as well. To get one of 0:13:52.920 --> 0:13:55.360 these phones, it's going to cost you thousands of dollars 0:13:55.679 --> 0:13:58.440 for a six or a twelve month subscription. This isn't 0:13:58.440 --> 0:14:01.320 something you just go into the T mobile store and buy. 0:14:01.960 --> 0:14:05.440 We go to Fison and his four three iPhones or whatever. 0:14:05.720 --> 0:14:09.240 It is a completely different business model. And the drug 0:14:09.240 --> 0:14:11.719 traffickers love is expensive as well, because well, if it 0:14:11.760 --> 0:14:14.160 cost me thousands of dollars, that's got to mean it's good. 0:14:14.200 --> 0:14:16.479 And I mean that literally. I've spoken to drug traffickers 0:14:16.720 --> 0:14:18.959 and the people who sell the phones, and price is 0:14:18.960 --> 0:14:21.600 a major factor of building that trust. 0:14:22.040 --> 0:14:23.840 So do you have to if we're just let's say 0:14:23.840 --> 0:14:26.280 we're just talking about Phantom Secure number one, is this 0:14:26.360 --> 0:14:29.080 an above board company in any way or do they 0:14:29.120 --> 0:14:32.800 strictly deal with criminal Back then criminal enterprise. 0:14:32.640 --> 0:14:36.440 They started legit and then when it became clear that 0:14:36.560 --> 0:14:40.840 criminals were the primary customer base, the CEO of the company, 0:14:40.880 --> 0:14:44.080 a guy called Vincent Ramos, he leaned into that essentially 0:14:44.200 --> 0:14:47.320 is very competitive space as well, and you have to 0:14:47.360 --> 0:14:51.720 think that unlike the normal phone market, where there's potentially 0:14:52.040 --> 0:14:54.680 an unlimited number of customers for AT and T to 0:14:54.680 --> 0:14:58.600 get or whoever there's a finite number of drug traffickers 0:14:58.600 --> 0:15:00.920 in the world, probably kind of want them to come 0:15:00.960 --> 0:15:04.040 over to your company. If criminals are using your phone, 0:15:04.320 --> 0:15:06.040 you start to lean into that, and that's what many 0:15:06.040 --> 0:15:06.920 of these companies did. 0:15:07.360 --> 0:15:10.160 When Owen Hanson was using this encrypted phone, did he 0:15:10.280 --> 0:15:13.600 have to message with somebody who also had a phone 0:15:13.680 --> 0:15:16.160 from phantom secure or was it? Could it be any 0:15:16.200 --> 0:15:18.000 kind of phone. What if he's calling somebody on AT 0:15:18.080 --> 0:15:21.320 and T who's not upon the latest criminal technology. 0:15:21.640 --> 0:15:25.440 Yeah, these operate generally as closed networks. So if you're 0:15:25.440 --> 0:15:28.680 a phantom secure you can only message another phantom secure phone. 0:15:28.760 --> 0:15:31.520 If you're on another phone from a different company called Sky, 0:15:31.640 --> 0:15:34.760 for example, you can only message Sky people. And that 0:15:34.840 --> 0:15:38.600 has sort of two reasons, the first being that presumably 0:15:38.640 --> 0:15:41.920 it's more secure. You know, if only the phantom phones 0:15:41.920 --> 0:15:45.480 are talking to each other, then maybe there's less chance 0:15:45.560 --> 0:15:48.760 of law enforcement infiltrating or in informant getting in or 0:15:48.800 --> 0:15:52.320 something like that. The other one is a pure business decision. 0:15:52.560 --> 0:15:55.320 It's like, well, if I'm phantom secure, I only want 0:15:55.360 --> 0:15:56.800 my customers to be able to talk to each other, 0:15:56.840 --> 0:15:58.520 because that means other people have to come to my 0:15:58.560 --> 0:16:01.640 ecosystem as well, kind of like Apple and its app store. 0:16:01.680 --> 0:16:04.480 You know, you can't really move apps between an Android 0:16:04.520 --> 0:16:06.800 phone and an Apple phone. It's the same sort of 0:16:06.800 --> 0:16:08.640 business decision for these guys as well. 0:16:09.040 --> 0:16:11.760 When the FBI talks to Owen Hanson, I'm assuming he 0:16:11.800 --> 0:16:14.520 doesn't illuminate anything about any of this. Is he at 0:16:14.560 --> 0:16:17.240 all helpful to the FBI once he has been convicted. 0:16:17.920 --> 0:16:21.680 Not At first He's put into a room and the 0:16:21.720 --> 0:16:24.880 authorities and Australian authorities which have been tracing him as well, 0:16:25.120 --> 0:16:28.680 they start telling Hanson all about the alleged crimes that 0:16:28.800 --> 0:16:31.640 he's done, and he very quickly shuts up and says, 0:16:32.200 --> 0:16:34.120 this is the moment when I'm going to bring in 0:16:34.360 --> 0:16:38.760 my lawyer. Later on. I think he does testify against 0:16:38.800 --> 0:16:42.000 other people in his organization, But of course his arrest 0:16:42.320 --> 0:16:44.960 is absolutely not the end, not just for the FBI 0:16:45.040 --> 0:16:46.800 but for his story as well, because then they start 0:16:46.800 --> 0:16:50.360 to round up more members of his criminal enterprise, because 0:16:50.400 --> 0:16:52.400 now they're in the phone which has all of their 0:16:52.480 --> 0:16:54.080 contact information as well. 0:16:54.320 --> 0:16:56.600 Oh my gosh, I wonder what his reaction was when 0:16:56.600 --> 0:16:58.720 he found out he just had never changed that password 0:16:58.760 --> 0:17:01.760 and didn't think it was necessary. In the FBI got 0:17:01.840 --> 0:17:03.640 in within you know, thirty seconds. 0:17:03.960 --> 0:17:06.760 Yeah. I mean I've spoken to Owen Hanson a couple 0:17:06.760 --> 0:17:10.399 of times. He didn't specifically talk about the password, but 0:17:10.440 --> 0:17:14.040 he did admit that to me. And I mean, it's 0:17:14.400 --> 0:17:17.160 a sloppy mistake for a drug trafficker to make. And again, 0:17:17.200 --> 0:17:19.840 I think that just shows how much confidence these people 0:17:20.320 --> 0:17:24.040 have in the technology, and technology can only go so far. 0:17:24.320 --> 0:17:27.840 You may have the fanciest quantum encryption in the world, 0:17:28.000 --> 0:17:32.120 just tons of fancy algorithms. What it doesn't matter if 0:17:32.119 --> 0:17:35.600 you make a mistake like that, like not changing the password. 0:17:39.000 --> 0:17:41.960 So the FBI is realizing that their traditional methods of 0:17:42.040 --> 0:17:45.439 monitoring these folks aren't working. What is their next step? 0:17:45.560 --> 0:17:48.480 Is it sort of taking you know, Hanson's contacts and 0:17:48.520 --> 0:17:51.040 looking through and then are they flipping these people? How 0:17:51.040 --> 0:17:53.480 do they know how many how many criminals are going 0:17:53.480 --> 0:17:55.360 to places like sky or Phantom Secure. 0:17:55.920 --> 0:17:59.760 Yeah, so they do flip people in and around Hanson's 0:17:59.880 --> 0:18:03.560 or organization, and they investigate them with sort of traditional 0:18:03.760 --> 0:18:09.639 law enforcement tactics, but a prosecutor inside the San Diego office, 0:18:10.040 --> 0:18:12.520 they start to have this really interesting idea, which is 0:18:12.560 --> 0:18:15.600 that well, we're looking at the messages inside this one phone, 0:18:16.000 --> 0:18:20.080 but presumably many other criminals are using Phantom Secure phones 0:18:20.240 --> 0:18:22.959 as well, and they get some intelligence from other agencies, 0:18:23.400 --> 0:18:25.960 the Canadians and the Australians, and they do start to 0:18:25.960 --> 0:18:29.280 build up a picture of oh, Phantom Secure is a 0:18:29.320 --> 0:18:33.320 serious player in this space with thousands and thousands of customers. 0:18:33.640 --> 0:18:35.840 If we're looking at the messages of this one phone 0:18:36.000 --> 0:18:39.000 because we got lucky with this guy's bad password, what 0:18:39.080 --> 0:18:41.760 would it be like to look at the messages of 0:18:41.880 --> 0:18:44.280 all of these customers. And that plants the seed of 0:18:44.320 --> 0:18:48.120 an idea, which is, like, we need to infiltrate one 0:18:48.160 --> 0:18:51.280 of these companies, and specifically they focus on Phantom Secure 0:18:51.560 --> 0:18:53.280 because that's the one that's right in front of them. 0:18:53.520 --> 0:18:57.720 Eventually, their plan is to build their own telecommunications company 0:18:57.760 --> 0:19:00.000 to draw these guys in, which I just think is 0:19:00.160 --> 0:19:03.560 so brilliant and I'm sure a daunting task for them, 0:19:03.720 --> 0:19:05.960 But they start with saying, we need to figure out 0:19:06.000 --> 0:19:08.560 how this company works before we replicate our own company. 0:19:08.600 --> 0:19:09.040 Is that right? 0:19:09.280 --> 0:19:13.280 Yeah, So they focus first on Phantom Secure. They investigate 0:19:13.440 --> 0:19:18.560 the CEO I mentioned, Vincent Ramos, and they do various 0:19:19.119 --> 0:19:22.399 sort of undercover exercises. The Canadians try to buy the 0:19:22.480 --> 0:19:26.879 phones while posing as drug traffickers, and Phantom Secure is like, sure, 0:19:27.640 --> 0:19:30.640 here you go. In another case, I think the Canadians 0:19:31.000 --> 0:19:34.679 also then ask Phantom to wipe one of their phones. 0:19:34.720 --> 0:19:36.879 And that's sort of another key feature of these devices, 0:19:36.920 --> 0:19:40.239 which is that for Apple iPhones, you have iCloud. You know, 0:19:40.480 --> 0:19:42.640 your phone gets stolen or you lose it, you log 0:19:42.680 --> 0:19:45.000 into iCloud and you wipe the device so nobody gets 0:19:45.000 --> 0:19:47.639 all of your personal details or your photos or whatever. 0:19:48.160 --> 0:19:51.239 Phantom Secure in these companies have that as well. But 0:19:51.359 --> 0:19:54.520 you go to the company and you say, my phone 0:19:54.680 --> 0:19:57.680 has landed in somebody else's hands, and you can say 0:19:57.680 --> 0:20:00.680 specifically law enforcement, and there's a bunch of evidence about 0:20:00.800 --> 0:20:03.679 cocaine trafficking on my phone. Can you wipe it? And 0:20:03.720 --> 0:20:06.720 they will do that. And the allegation, which was later 0:20:06.800 --> 0:20:10.600 proved in court, is that Phantom Secure knew it was 0:20:10.640 --> 0:20:14.119 obstructing justice by wiping these phones, which is again is 0:20:14.160 --> 0:20:17.480 different to Tim Cook and Apple. You know, Tim Cook 0:20:17.560 --> 0:20:22.080 is not knowingly wiping Apple iPhones of criminal evidence, but 0:20:22.160 --> 0:20:26.800 Phantom Secure absolutely was doing that. So the FBI, the Australians, 0:20:26.880 --> 0:20:29.760 and the Canadians, they get all of these little bits 0:20:29.760 --> 0:20:34.320 and bobs about Phantom Secure until crucially they trick Vincent 0:20:34.400 --> 0:20:37.679 Ramos in a Las Vegas hotel room. They're filming it 0:20:37.760 --> 0:20:42.160 with undercover agents posing as drug traffickers, who they say 0:20:42.200 --> 0:20:45.080 they're interested in buying some Phantom Secure phones, and they 0:20:45.119 --> 0:20:47.760 make it very clear that they're drug traffickers. You know, 0:20:47.760 --> 0:20:50.760 we're trying to move cocaine from South America to Europe. 0:20:50.960 --> 0:20:53.439 We want to use these phones as part of that expansion. 0:20:53.800 --> 0:20:57.520 And they even ask Vincent Ramos, what if we wanted 0:20:57.840 --> 0:21:00.720 to kill one of our associates who maybe steals money 0:21:00.720 --> 0:21:03.399 from us or something, could we use your phones to 0:21:03.480 --> 0:21:07.200 do that? And Vincent sort of dances around it until 0:21:07.359 --> 0:21:11.080 eventually admitting, Hey, you don't know me, but we made 0:21:11.080 --> 0:21:14.520 the phones for this, meaning drug trafficking. And that's the 0:21:14.560 --> 0:21:16.840 moment where he's basically sealed his fate. Even though it 0:21:16.880 --> 0:21:19.919 was like a very passing comment, he's just basically omitted 0:21:19.960 --> 0:21:23.359 to under cover officials that Phantom Secure is made or 0:21:23.400 --> 0:21:27.199 at least used for drug trafficking. So they let Vincent 0:21:27.240 --> 0:21:29.720 go for a bit while they're still investigating. They lure 0:21:29.800 --> 0:21:33.639 him back to Vegas, and this time the FBI is 0:21:33.640 --> 0:21:36.200 not undercover. They're all waiting for him in the hotel room. 0:21:36.960 --> 0:21:40.119 He comes in and the agents tell him, look, we 0:21:40.200 --> 0:21:42.840 know what you're doing, we know all about Phantom Secure. 0:21:43.200 --> 0:21:46.000 We are prepared to arrest you on the spot right now, 0:21:46.600 --> 0:21:49.199 or you do something for us, and that's put a 0:21:49.240 --> 0:21:52.480 backdoor into Phantom Secure so we can read all of 0:21:52.520 --> 0:21:57.320