September, 4, 2018

Ring Share: The Phantom Secure Network

In our previous posts, we introduced Quantifind’s platform for financial crimes and outlined an approach to sharing purely public (external to banks) crime ring data centered on a particular area of focus. This blog post demonstrates an example of this for the crime ring centered on “Phantom Secure”, a technology company being used to encrypt drug trafficking communications. If you would like the data extract for this crime ring (or any other crime ring) to check your internal data for exposure, please email to make a request.


“Canada-based Phantom Secure was a criminal enterprise that provided secure communications to high-level drug traffickers and other criminal organization leaders.” - Department of Justice Press Release, 3/15/2018, Link

Money launderers and other criminals will always take advantage of new technologies to stay a step ahead of law enforcement. Certain bands of criminals are “early adopters” of technology and will adopt new methods before the authorities have a chance to catch up. A recent Department of Justice (DOJ) press release highlights the case of “Phantom Secure”, a Canadian provider of supposedly secure communications technology. While there are many legitimate corporate attempts at providing encrypted infrastructure for non-illegal use cases, Phantom Secure and its associates seemed to cater directly towards illicit use cases, such as developing communication systems for drug trafficking networks, spanning the globe, from Australia to Canada to multiple South American countries.

Using the process outlined in the previous blog post, we have prepared an “extract data set” seeded by the keywords “Phantom Secure” but stretching to equally suspicious entities. This data is free to be used by financial institutions to screen their internal data for exposure to risk associated with this particular criminal subculture. We encourage banks and other financial institutions to be proactive and screen for potential threats, before they are forced into a position of being reactive.

The DOJ press release details a handful of individuals involved in the scheme. But, as with most crime rings, this is the tip of the iceberg. In the Phantom Secure case we were able to find many more relevant entities beyond those mentioned in the DOJ press release. Even if the crime ring in question is completely covered, there are often others laying in the wings who are more than happy to fill the void left behind, so it is also important to identify and screen for “comparables”. In the Phantom Secure case, we have identified several other organizations in the position to be next-in-line if Phantom Secure fades away.


Time Series

The time series below shows the volume of documents over time related to Phantom Secure and gives a sense of the activity in question. Although the peak of the activity occurs in March of 2018 at the time of the DOJ press release, there exist articles both before and after that add to the story and provide information on other key players.

Network Graph

The network graph below demonstrates how individuals in the Phantom Secure sphere of influence are connected based on document co-occurrence. Black nodes represent the “principal” participants from the original DOJ press release. Red nodes are suspected criminal individuals found via expanding the set to related articles. This is the principal piece of value because official documents often omit a much larger ring of players who are involved. Note that there are sub-rings (disconnected from most of the data) that connect to Phantom Secure with suspect individuals, but do not connect to the principal actors.

The remaining gray nodes are all other connected entities (often journalists, law enforcement, etc.). Labels for most nodes are redacted in this graph but available in the data extract upon request.


The following statistics summarize the size and scope of the data extract.

Name Value
Number of Documents 61
Number of Entities 118
Number of Suspected Criminals 46
Number of Entities with Age 16
Number of Aliases 17
Date Range Mid 2017 - Mid 2018
Peak Activity Date 2018-03-16 (DOJ Press Release)
Sources News, Forums, DOJ Press Releases

Request Extract

The data behind the summary above is not on this blog, but is available for free to individuals who qualify on behalf of an acceptable institution. If you would like a copy of the full data set, please contact, and reference this blog post. We highly recommend evaluating your institution’s internal data for exposure to this crime ring using this extract.

Disclaimer: The data contains all relevant entities from matching documents, both good and bad, e.g., law enforcement officials and suspected accomplices. Any final assessment of the role and suspiciousness of an entity is up to the consumer of the data. Also no data set is perfect and there may be mistakes. The responsibility is on the consumer of this data to evaluate every evidence URL we have given before taking any actions on the given data.