El Chapo Drug Cartel would have followed and killed informants by hacking a FBI phone

The Mexican Sinaloa cartel hired a hacker to follow and monitor the FBI, then used this information to intimidate and even kill witnesses to Joaquin drugs “El Chapo” Guzmán, according to a Ministry of Justice report spotted by Ars Technica. The pirate used relatively sophisticated data collection techniques and weaknesses in the FBI cybersecurity to identify the witnesses, the report indicates.

According to the highly expelled report, which is based in part on the testimony of an “individual connected to the cartel”, the pirate offered gang managers “a menu of services related to the operation of mobile phones and other electronic devices”.

The pirate “observed people entering and leaving the United States Embassy in Mexico City” and identified people of interest, including the deputy legal attaché of the FBI (ALAT). They used Alat’s mobile phone number to “get calls made and received, as well as geolocation data associated with the phone (attaché)”. The pirate also used the Mexico Cameras system to follow the ALAT around the city and identify the people they met. “According to the case agent, the cartel used this information to intimidate and, in some cases, kill potential sources or cooperate witnesses,” said the report.

The exact technical methods are raised, but the report explains that the pirate used “omnipresent technical surveillance” (UTS) to spy on the FBI, which was investigating and finally condemned Guzmán. The report defines UTs as “generalized data collection and the application of analytical methodologies in order to connect people to things, events or places”. In other words, the cartel used some of the own FBI methods against it.

The report indicates that the recent availability of commercial tools that allow UTS is an “existential” threat. He has cited other examples, including the use of credit card transaction reports widely available from data brokers as well as telephone call newspapers.

The FBI’s response to the threat of the UTS was “disjointed and inconsistent”, according to the Ministry of Justice, and the countermeasures indicated in 2022 were “inadequate” and lacked “long-term vision”. He recommended (among other things) that the agency incorporates all UTS vulnerabilities into its final mitigation plan, identifies key officials authorized to execute the strategy, to establish a line of authority to respond to UT incidents and ensure continuous training on UTS strategies.