Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

Fueling Cartels’ Cybercrime

As drug cartels advance their technological expertise, ubiquitous surveillance technology threats evolve.
By Nuray Taylor
Transnational criminal organizations continue to leverage emerging technology for financial gain. Credit: Image by FBI
Transnational criminal organizations continue to leverage emerging technology for financial gain. Credit: Image by FBI

The rise of the drug cartel movement since the 1970s has ignited fear among many. From complex and undetected tunnel systems to leveraging ubiquitous technical surveillance (UTS), many of the recently designated foreign terrorist organizations have exemplified a sophisticated level of technological expertise with an enhanced use of organized cybercrime. 

An audit released by the FBI in June illustrated a 2018 case in which an agent was digitally followed by a member of the “El Chapo” drug cartel, leading to the murder of sources and witnesses. Although the majority of the audit was redacted for national security purposes, the document primarily focused on determining the level of technological threat mitigation to protect sensitive information.

An individual connected to the cartel had contacted the FBI to reveal the information, noting the cartel “had hired a ‘hacker’ who offered a menu of services related to exploiting mobile phones and other electronic devices,” the report reads. “According to the individual, the hacker had observed people going in and out of the United States Embassy in Mexico City and identified ‘people of interest’ for the cartel, including the FBI Assistant Legal Attache (ALAT), and then was able to use the ALAT’s mobile phone number to obtain calls made and received, as well as geolocation data, associated with the ALAT’s phone.”

The hacker was also able to access Mexico City’s camera systems and follow the ALAT’s movement, as well as identify ALAT’s contacts.

“I thought it was interesting that the inspector general made the decision to disclose to the public a failure of that scale,” Matthew Hedger told SIGNAL Media in an interview. 

Following a 17-year career in the intelligence community, nearly 13 of which were focused on targeting transnational organized crime and money launderers, Hedger is currently a partner at Artemist Advisory Group. The Virginia-based consulting group offers services in risk management, insider threat mitigation and more.

The audit results outlined inadequate mitigation against UTS threats. “Although the risk posed by UTS to the FBI’s criminal and national security operations have been longstanding, recent advances in commercially available technologies have made it easier than ever for less-sophisticated nations and criminal enterprises to identify and exploit vulnerabilities created by UTS,” the report states. “Some within the FBI and partner agencies, such as the [CIA], have described this threat as ‘existential.’”

What the report highlighted is a gap in tradecraft between law enforcement organizations and intelligence agencies, Hedger explained, noting the risk of carrying a government phone to a meeting with a source.

The risk is in underestimating the adversary, he said. “I think it’s detrimental to take an adversary and put them in a box ... that’s what led to this mistake.”

“[Cartels] hire the best people in the world, people who were some of the first in crypto ... some of the smartest people in the world handle this stuff for them,” he said.

Previous reports have cited cartels’ sophisticated technology-driven operations. 

In 2011, NPR reported that the Mexican military had discovered numerous telecommunications networks built and operated by drug cartels. Operations helped coordinate drug shipments, “monitor their rivals and orchestrate attacks on the security forces.” The Mexican military seized 167 antennas, more than 150 repeaters and thousands of radios and cellphones. The cartels also used solar panels to power some of the antennas and stations.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

According to HackRead, the U.S. Customs and Border Protection agency reported that drones deployed along the southern border had been hacked by drug cartels in 2016. Other reports state that drones operated by cartels are used to surveil U.S. security officers and agents. The use of drones to smuggle drugs has also been reported as early as 2015. 

A 2020 report by The Guardian noted mysterious text messages received by the editor-in-chief of a Mexican news group in 2016. The messages contained a link, which, according to analysis by Amnesty International, was an attempt to gain access to the writer’s phone. “When clicked, the link installs an invisible software that sucks all the phone’s data, including text messages. It also enables the microphone and camera to be activated remotely,” the article states, noting the use of an Israeli-developed NSO Group’s Pegasus spyware. 

A separate report by Hackers Arise offered a 2018 case in which the Gulf Cartel kidnapped and forced a technical advisor, who was formerly a Telcel engineer, to build a telecommunications network. “His eventual escape and testimony revealed the inner workings of these networks, including the extensive training programs developed for new technical recruits and the sophisticated maintenance protocols that kept the systems operational,” the report says. 

In 2020, according to the same report, Mexican authorities identified a network operated by the Jalisco New Generation Cartel, which “centered around a fully functioning telecommunications company that served as a front for the cartel’s communications infrastructure.” The network covered four states, employing more than 50 technical specialists, many of whom were telecommunication company recruits.

“You can track people in so many different ways now,” Hedger said. “The problem is that the public assumes you have to be a nation state or some big intelligence agency to collect this data, and that’s just not true.”

Many online users give up data voluntarily and, in many cases, unintentionally. “They don’t understand the differences on what types of data are hard to collect and which ones are not,” Hedger said.

Signals intelligence, Hedger explained, can be split into two different categories: external and internal communications. “So, while it might be difficult or sophisticated to collect somebody’s voice call and hear what’s happening, it is much less difficult to collect the fact that it did happen, who was talking and where they were geolocated.”

Offering another example, Hedger spoke on the importance of turning off the Wi-Fi on a mobile phone once leaving a destination. If Wi-Fi is left on to connect to other networks, a malicious user can track the location of the phone by following the Wi-Fi signal. “If somebody simulates being a signal, like a tower around you, they can follow you very easily because your phone is consistently trying to update and connect to it,” Hedger said. “It doesn’t take a warrant, you don’t have to be sophisticated, that’s you giving your information up to it.”

Although the recent FBI audit mentions the recruitment of a hacker to collect information, Hedger explained that hackers aren’t required for cartels to conduct such missions. What it often comes down to is insider threat, specifically within telecommunications companies. 

“We call this human-enabled [signal intelligence] collection,” he continued. “Why would I conduct this massive operation to hack into, let’s say, AT&T, if someone who’s a senior executive at AT&T is secretly taking money from me and just passes me that information?”

Relationships between cartels and telecommunications companies are stronger than people realize, Hedger stated, with cartel members deeply embedded in every level of society. Insider threat is an equally important, and possibly larger, threat, he noted. 

In the case of UTS, however, understanding the information voluntarily given is key.

“I think when people read this report and look at it, they think about geolocation being the most predominant part of it,” Hedger said. “That is only a pittance of what they can do with [UTS].”

“When you build a pattern of life out on somebody, you’re not just looking at where they go, you’re looking at who they talk to, what they’re into, what they like, what their hobbies are, what their secrets are. When you surveil somebody from that angle, you get to know them more than anybody else knows that person.”

Mexican drug cartels have reportedly built their own telecommunications networks to operate independently to avoid detection. Credit: Nelson Antoine-stock.adobe.com
Mexican drug cartels have reportedly built their own telecommunications networks to operate independently to avoid detection. Credit: Nelson Antoine-stock.adobe.com
As surveillance systems rise worldwide, so does the information shared with malicious actors Credit: Dmitrijs-stock.adobe.com
As surveillance systems rise worldwide, so does the information shared with malicious actors Credit: Dmitrijs-stock.adobe.com

The ability to collect so much information creates the perfect opportunity to manipulate someone, Hedger said, which is an extremely valuable asset to organized crime organizations. 

Today, with advanced technology like artificial intelligence and machine learning, compiling and fusing this information has become easier than ever, he emphasized. 

Intelligence of emerging technology is continuously growing among cartels.

In a 2021 opinion piece in the Geopolitical Monitor, Amanda Suarez offered an analysis on cyber cartels, who “use technology to further their business operations, including doxxing and surveillance software.” Suarez’s analysis also touched on cybercrime as a service, or CaaS, which involves cartels’ use of hacking tools for cybercrime operations. “Mexican cartels now use CaaS to acquire talent and buy exploit kits and network access,” the report states, referencing a 2018 theft of $15.2 million from five banks, allegedly making it the largest cyber attack in Mexico’s history at that time. 

Additionally, according to Suarez’s report, the Bandidos Revolutions Team leader had “Recruited 20 hackers who developed ATM malware that took advantage of vulnerabilities in Mexico’s interbanking system to extract cash and make deposits to third party accounts.”

The rapid growth in digital systems worldwide creates further opportunity for malicious actors. 

According to the U.S. Bureau of Labor Statistics, the number of surveillance cameras installed in the United States from 2015 to 2018 increased by almost 50%. By 2021, the expected number of surveillance cameras nationwide was 85 million, with a predicted increase of 21%.

Additional smart systems will continue to create further risks, Hedger explained, highlighting the need to remain safe by blending into the digital world, rather than standing out by attempting to be invisible. 

“The reality is that we have voluntarily invited surveillance into our lives through smartphones, smart watches, social media, home security cameras and other ‘smart’ home devices,” echoed MyCyberExec founder Adrianne George. “A determined adversary can access this surveillance data by mining or buying information from previous data breaches on the dark web without hacking a thing.”

A common misconception, George explained, is the cost of cybercrime. “Cyber capabilities are available to anyone with a motive and a modest budget,” she stated.

For drug cartels, the motive will exist as long as the money does. “You can’t beat an adversary while you’re fueling them by buying their products,” Hedger concluded.

Comments

The content of this field is kept private and will not be shown publicly.
About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enjoying The Cyber Edge?
The Cyber Edge is part of SIGNAL Magazine. Subscribe or join AFCEA to receive SIGNAL and its award winning news.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA

Related Cyber Content