El Chapo drug cartel reportedly tracked and killed informants by hacking an FBI phone

The Mexican Sinaloa cartel hired a hacker to track and surveil the FBI, then used that information to intimidate and even kill witnesses against drug lord Joaquín "El Chapo" Guzmán, according to a Justice Department report spotted by Ars Technica. The hacker used relatively sophisticated data collection techniques and weaknesses in the FBI's cybersecurity to identify the witnesses, the report states.

According to the highly redacted report, which is based in part on testimony from an "individual connected to the cartel," the hacker offered gang leaders "a menu of services related to to exploiting mobile phones and other electronic devices." 

The hacker "observed people going in and out of the United States Embassy in Mexico City" and identified people of interest, including the FBI's Assistant Legal Attache (ALAT). They used the ALAT's mobile phone number to "obtain calls made and received, as well as geolocation data associated with the [attache's] phone." The hacker also used Mexico City's camera system to follow the ALAT around the city and identify people they met with. "According to the case agent, the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses," the report states.

The exact technical methods are redacted but the report explains that the hacker used "ubiquitous technical surveillance" (UTS) to spy on the FBI, which was investigating and eventually convicted Guzmán. The report defines UTS as the "widespread collection of data and application of analytic methodologies for the purpose of connecting people to things, events or locations." In other words, the cartel used some of the FBI's own methods against it.

The report said that the recent availability of commercial tools that allow UTS is an "existential" threat. It cited other examples including the use of credit card transaction reports widely available from data brokers along with cell phone call logs. 

The FBI's response to the UTS threat was "disjointed and inconsistent," according to the Justice Department, and countermeasures instated in 2022 were "inadequate" and lacking in "long-term vision." It recommended (among other things) that the agency incorporate all UTS vulnerabilities into its final mitigation plan, identify key officials authorized to execute the strategy, establish a line of authority for responding to UTS-related incidents and ensure ongoing training on UTS strategies.  

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/el-chapo-drug-cartel-reportedly-tracked-and-killed-informants-by-hacking-an-fbi-phone-120002259.html?src=rss https://www.engadget.com/cybersecurity/el-chapo-drug-cartel-reportedly-tracked-and-killed-informants-by-hacking-an-fbi-phone-120002259.html?src=rss