In 2018, an informant from the Sinaloa drug cartel revealed to the FBI that the organization employed a sophisticated cybercriminal. This individual had deep-seated access to critical infrastructure, including Mexico City’s camera system and the ability to exploit mobile phones and other devices. The cyber-mercenary’s services allowed the cartel to track the movements of “people of interest,” including FBI personnel, specifically an Assistant Legal Attaché, by extracting call details and geolocation data from their devices. This information was then used by the cartel to intimidate and even kill potential sources and cooperating witnesses, posing a significant threat to ongoing FBI investigations.
This alarming discovery was brought to light in a new audit examining the FBI’s efforts to protect its investigations from technological surveillance.
The audit’s findings underscore long-standing concerns regarding “Ubiquitous Technical Surveillance” (UTS), a threat that has escalated due to advances in commercially available technologies. These advancements have made it easier for various entities, including less-sophisticated organizations like drug cartels, to exploit vulnerabilities in law enforcement operations, compromising sensitive information and endangering individuals involved in investigations.
The Department of Justice had previously identified “immediate concerns” in 2022 regarding the FBI’s management of the UTS threat, deeming their response “disjointed and inconsistent” and calling for improved agent training. In response, the FBI elevated the UTS threat to a Tier 1 risk and established a “red team” to pinpoint vulnerabilities. However, the initial findings from this red team and their proposed mitigation and training plans were met with dissatisfaction by the audit division, primarily due to omissions of previously identified vulnerabilities and a lack of clear lines of authority for addressing UTS incidents.
The audit further highlighted a redacted data breach that exposed internal policy and procedural gaps within the FBI’s incident response. The Office of Inspector General’s report emphasized that the FBI’s actions to address the 2022 concerns were inadequate. Consequently, the audit has put forth additional recommendations, stressing the critical need for establishing clear lines of authority for responding to UTS-related cases to ensure a more coherent and effective strategy across the entire enterprise.
Despite the 2016 arrest of former leader Joaquín “El Chapo” Guzmán, the Sinaloa cartel remains a formidable operation, adapting its tactics to include sophisticated cyber espionage.
The cartel’s ability to leverage advanced technology to track and eliminate informants demonstrates a significant evolution in their operational methods. This ongoing threat underscores the urgent need for the FBI to comprehensively address its technological vulnerabilities and improve its defense mechanisms against pervasive surveillance to safeguard its personnel and informants.
Reference: