Anti-Money Laundering (AML) , Cybercrime , Cybercrime as-a-service
Report: Encrypted Smartphone Takedown Outed Canadian MoleAfter Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale
The Canadian government has arrested a senior intelligence official on charges of working as a mole. Investigators reportedly identified the suspect due to his contact with the CEO of Phantom Secure, a secure smartphone service shuttered by authorities last year that was marketed to criminals to help them evade law enforcement agencies.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
On Thursday, the Royal Canadian Mounted Police arrested Cameron Ortis, director general of the RCMP's National Intelligence Coordination Center. Ortis is a 12-year RCMP veteran who previously held positions in operations research and national security criminal investigations.
"By virtue of the positions he held, Ortis had access to information the Canadian intelligence community possessed," says RCMP Commissioner Brenda Lucki in a statement. "He also had access to intelligence coming from our allies both domestically and internationally. This level of access is appropriate given the positions he held."
Ortis has been charged under Canada's Criminal Code and its Security of Information Act. He faces seven charges, including obtaining information to pass to a “foreign entity or terrorist organization," "unauthorized communication of special operational information" as well as "preparing for the commission of an offense by obtaining or gaining access to information, or possessing any device, apparatus or software used for concealing, surreptitiously communicating or obtaining information."
Authorities have released no details on what exactly Ortis might have stolen or with whom he might have shared it.
"This is an ongoing investigation, and we are assessing the impacts of the alleged activities as information becomes available," Lucki says. "We are aware of the potential risk to agency operations of our partners in Canada and abroad, and we thank them for their continued collaboration. We assure you that mitigation strategies are being put in place as required."
Ortis was arrested at the RCMP's national headquarters building in Ottawa and appeared in court briefly on Friday. He's due back in court this Friday for a bail hearing.
A brief LinkedIn profile for Ortis says he speaks Mandarin and also that he earned a Ph.D. in international relations and political science from the University of British Columbia in 2006.
The subject of Ortis' Ph.D. thesis involved information security vulnerabilities, including “compromised nodes” online, and the “digital black market,” Global News reports, noting that his thesis also traced potential connections between organized crime and hackers in Hong Kong and Shenzen, China.
“Is transnational organized crime a threat to state security in the digital age?” Ortis wrote in his thesis, Global News reports. “This chapter introduces that concept of a nexus between two previously distinct, hidden networks: systems intruders and transnational organized crime," Ortis wrote.
Potentially Exposed: Classified Information
Bill Majcher, a former RCMP officer with extensive experience in conducting undercover operations, tells Global News that Ortis would have had access to almost any type of classified information, which the publication notes "could include the force’s blueprints for covert operations worldwide, as well as the identities of undercover officers, police agents working within transnational crime groups, officers from Five Eyes partners used in RCMP probes, and even witnesses relocated to other countries." (See: Intelligence Agencies Seek Fast Cyber Threat Dissemination)
Lucki says the charges against Ortis have "shaken many people throughout the RCMP," as well as Canada's intelligence partners. "While these allegations, if proven true, are extremely unsettling, Canadians and our law enforcement partners can trust that our priority continues to be the integrity of the investigations and the safety and security of the public we serve," she says.
Phantom Secure CEO's Arrest Triggered Probe
The arrest of Ortis appears to have resulted from authorities taking down a secure smartphone service marketed to criminals.
Last year, a cross-border investigation involving the FBI, Australian law enforcement and the RCMP led to a U.S. indictment against five men accused of running and operating that Phantom Secure Communications secure smartphone service that was designed and marketed to help criminals evade law enforcement agencies (see: Feds: Secure Smartphone Service Helped Drug Cartels).
Authorities arrested Vincent Ramos, CEO of Phantom Secure, in March 2018. Subsequently, they discovered that he had been contacted by an individual offering to sell secrets, CBC News reports, saying that it has reviewed documents containing emails that the FBI said were sent to Ramos.
"You don't know me. I have information that I am confident you will find very valuable," an email contained in one of the documents said. Another one promised to provide "intel about your associates and individuals using their network internationally," CBC reports.
The Globe and Mail, citing an unnamed government source, reports that the communications were recovered from Ramos' laptop.
Global News, citing unnamed sources, reports that while the sender didn’t reveal his or her identity, authorities traced back the materials offered to identify who might have had access to them, leading them to Ortis.
CBC reports that the government documents it has reviewed say that Ortis, at the time of his arrest, was more than $67,000 in debt, that authorities covertly searched his condo last month, and that investigators recovered instructions for removing metadata from PDF files, as well as about 25 files that the documents described as having been "sanitized to remove identifying information."
Police Seized Phantom Secure
Looking beyond the charges filed against Ortis, the takedown of Phantom Secure last year was notable because it was the first time that a global police operation disrupted a major, encrypted phone service that was marketed to criminals.
Authorities say Phantom Secure, a Vancouver, Canada-based secure phone provider, amassed $80 million per year in revenue from subscriptions for encrypted smartphones supported by its "worldwide encrypted telecommunications network." The service's operators were accused of aiding and abetting drug trafficking as well as obstruction of justice, funneling their revenue through multiple shell companies and using cryptocurrencies - including bitcoin - to help launder the funds.
Former Phantom Secure CEO Ramos, now 41, pleaded guilty last October to one count of racketeering conspiracy, admitting that he "maintained Phantom Secure servers in Panama and Hong Kong, used virtual proxy servers to disguise the physical location of its servers and remotely deleted or 'wiped' devices seized by law enforcement," the U.S. Justice Department said.
Ramos also admitted that the network of phones his service provided - police say there were 10,000 to 20,000 such phones - "facilitated the distribution of cocaine, heroin, and methamphetamine to locations around the world." According to court documents, the firm's customers included the Sinaloa cartel - one of the most powerful drug-trafficking syndicates in the world - and the Hells Angels gang.
In May, Ramos was sentenced to serve nine years in prison. He's currently incarcerated in Texas.
Seized: BlackBox 'Cryptophone' Service
After Phantom Secure was was disrupted, in November 2018, Dutch police said they had seized encrypted messaging handset provider BlackBox's supposedly secure communications network and servers. BlackBox provided so-called IronPhones to customers, giving them a customized version of OTR Messaging - for off-the-record - called IronChat that was marketed as offering end-to-end encryption for messages.
When police seized BlackBox's servers is unclear, but doing so gave authorities the ability to monitor all messages (see: Dutch Police Bust 'Cryptophone' Operation).
"We had sufficient evidence that these phones were used among criminals. We have succeeded in intercepting encrypted communication messages between these phones, decrypting them and having them live for some time," Dutch police said at the time. "This has not only given us a unique insight into existing criminal networks; we have also been able to intercept drugs, weapons and money."