El Chapo drug cartel reportedly tracked and killed informants by hacking an FBI cellphone

The Mexican Sinaloa cartel employed a hacker to trace and surveil the FBI, then used that data to intimidate and even kill witnesses in opposition to drug lord Joaquín “El Chapo” Guzmán, in response to a Justice Department report noticed by Ars Technica. The hacker used comparatively subtle knowledge assortment methods and weaknesses within the FBI’s cybersecurity to establish the witnesses, the report states.

Based on the extremely redacted report, which is predicated partially on testimony from an “particular person related to the cartel,” the hacker provided gang leaders “a menu of companies associated to to exploiting cellphones and different digital gadgets.”

The hacker “noticed folks going out and in of the USA Embassy in Mexico Metropolis” and recognized folks of curiosity, together with the FBI’s Assistant Authorized Attache (ALAT). They used the ALAT’s cell phone quantity to “receive calls made and obtained, in addition to geolocation knowledge related to the [attache’s] cellphone.” The hacker additionally used Mexico Metropolis’s digicam system to comply with the ALAT across the metropolis and establish folks they met with. “Based on the case agent, the cartel used that data to intimidate and, in some cases, kill potential sources or cooperating witnesses,” the report states.

The precise technical strategies are redacted however the report explains that the hacker used “ubiquitous technical surveillance” (UTS) to spy on the FBI, which was investigating and ultimately convicted Guzmán. The report defines UTS because the “widespread assortment of knowledge and software of analytic methodologies for the aim of connecting folks to issues, occasions or areas.” In different phrases, the cartel used a few of the FBI’s personal strategies in opposition to it.

The report mentioned that the current availability of business instruments that permit UTS is an “existential” menace. It cited different examples together with using bank card transaction reviews extensively accessible from knowledge brokers together with cellphone name logs.

The FBI’s response to the UTS menace was “disjointed and inconsistent,” in response to the Justice Division, and countermeasures instated in 2022 had been “insufficient” and missing in “long-term imaginative and prescient.” It advisable (amongst different issues) that the company incorporate all UTS vulnerabilities into its last mitigation plan, establish key officers approved to execute the technique, set up a line of authority for responding to UTS-related incidents and guarantee ongoing coaching on UTS methods.