El Chapo's Encryption Defeated by Turning His IT Consultant

Impressive police work:

In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade.

A Dutch article says that it's a BlackBerry system.

El Chapo had his IT person install "...spyware called FlexiSPY on the 'special phones' he had given to his wife, Emma Coronel Aispuro, as well as to two of his lovers, including one who was a former Mexican lawmaker." That same software was used by the FBI when his IT person turned over the keys. Yet again we learn the lesson that a backdoor can be used against you.

And it doesn't have to be with the IT person's permission. A good intelligence agency can use the IT person's authorizations without his knowledge or consent. This is why the NSA hunts sysadmins.

Slashdot thread. Hacker News thread. Boing Boing post.

EDITED TO ADD (2/12): Good information here.

Posted on January 16, 2019 at 6:53 AM • 21 Comments

Comments

AnJanuary 16, 2019 10:07 AM

Why do I get the feeling there's a lot more to this story than we've been told? Or ever will be told?

If he wasn't turned before this was announced, he certainly is now...

OliverJanuary 16, 2019 10:31 AM

Hi Bruce

Isn't that what they call "rubber-hose cryptanalysis"?
There is an xkcd for that.

cheers, Oliver

Alex BJanuary 16, 2019 11:55 AM

Insider threats defeat even the most well guarded institutions yet again.

Hoping for that guys sake that he goes into witness protection ASAP.

requiredJanuary 16, 2019 1:27 PM

Haha, IT guy moved servers to Netherland to let FBI to better listen to encrypted messages!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
This means that Canada is helping bad guys in Canada?????????

Although, whoever that steal money in million or billion dollars in other countries, they go to Canada and I have heard that Canada agencies protect them from extradition.

Clive RobinsonJanuary 16, 2019 1:34 PM

@ Gerard van Vooren,

If you need any translation, just ask.

How about the Dutch wire tap law that is alledgedly very very friendly to LEOs..

El Chapo, should have realised there was something up by moving from North America to Europe.

I guess it pays to check with various people about your Comms Security not just one guy... When you are an internationaly wanted man such as a terrorist, drugs cartel leader or just a whistle blower...

chrisJanuary 16, 2019 2:08 PM

@Clive Robinson: How do you know El Chapo was even aware that his servers had been moved? The "routine upgrade" cover story could have simply been an excuse for the outage caused by the move. Still, it just strengthens your point not to rely on one person for your IT/Comms security.

Clive RobinsonJanuary 16, 2019 3:21 PM

@ Chris,

How do you know El Chapo was even aware that his servers had been moved?

I didn't, but other stories about him tends to suggest he can be a paranoid micro manager one moment and an expansive friend to all at another moment. Which suggestes that he might be on somebodies scale of non-neuro-typical behaviour.

Thus I would assume that anything out of place would switch him from expansive to paranoid, unless he had been forewarned of changes.

But it also raises another issue. The likes of the FBI have legal powers that in effect can not only cause changes to be made but made discretely so that the target is "not alerted"... Why did the ICT tech need to be involved that way? At best it puts him in a position of avoidable risk...

One reason I can think of, is that it was the ICTtech who went out on his own and having "gift wrapped" El Chapo handed the information over to the FBI for some reason.

As someone else has observed above,

    Why do I get the feeling there's a lot more to this story than we've been told? Or ever will be told?

And I'ld be very supprised if they were the only one thinking that (hence why I mentioning "whistle blower")...

Gerard van VoorenJanuary 16, 2019 3:50 PM

@ Clive Robinson,

About that Dutch wiretap. They have a history and it originates back to the friendly state of Israel. Well, a part of it. But I have to say that "today" they are in a shady business.

65535January 16, 2019 4:32 PM

@ An

“…I get the feeling there's a lot more to this story than we've been told?”-An

I agree.

In Chirs’ post on the Friday squid thread includes an NTY paragraph indicated his main IT felt that his life was in danger and naturally would seek protection from the DEA or FBI.

“…All this came crashing down in 2012 when Mr. [Cristian or Christian] Rodriguez intercepted a phone call between two of Jorge Cifuentes’s siblings in which he heard them saying they had figured out that El Chapo’s tech guy was working with the Americans. After fleeing to the United States, Mr. Rodriguez said he had a “nervous breakdown” within a year… Mr. Rodriguez said he decided to put some “distance” between himself and Mr. Guzmán’s organization, training other technicians to run the cartel’s day-to-day communications. Shortly after, he recounted, the F.B.I. launched a covert operation to secure his cooperation.”- NYT

https://www.nytimes.com/2019/01/10/nyregion/el-chapo-trial.html

I don’t know the exact time frame when when Mr. Rodriguez because he was monitoring conversations for a long time. Further, Rodriguez hire a second “IT guy” handle day to day operations of said Viop system. And the FlexiSPY implant seemed to play a role but how much a role.

Then there is a confusing note:

‘Mr. Rodriguez had little experience or formal education, he had been recommended by one of his other clients: Jorge Cifuentes Villa, a veteran trafficker who worked with Mr. Guzmán making cocaine deals with left-wing guerrillas in Colombia. --- [and]…Guzmán’s Sinaloa Cartel in September 2010, forcing cartel leaders to temporarily rely on conventional cell phones. Cifuentes told the court he considered Rodriguez “an irresponsible person” who had compromised their security, with a terse phone call played by prosecutors showing Cifuentes warned the subordinate he was in “charge of the system always working.”’

https://gizmodo.com/the-feds-cracked-el-chapos-encrypted-communications-net-1831595734

If Rodriguez was monitoring all calls then he would drug distributor Cifuentes had told his cartel leader he was irresponsible or worse. Thus, Rodriquez would feel threateded.

The time frame is unclear reguarding when Rodriquez felt his life was in danger.
Odd, “El Chapo” son and trusted lieutenant was arrested in either 2010 to 2012 and turned over on his father for not being promoted to the head of drug cartel - posslby bribed by the DEA.

“At El Chapo’s Trial, a Son Betrays His Father, and the Cartel… the cartel prince betrayed his father — and his birthright — testifying for more than five hours about nearly every aspect of the drug-trafficking empire: smuggling routes, money-laundering schemes, bloody wars, personal vendettas and multimillion dollars in bribes. When it came to the enterprise he seemed poised to lead one day, Mr. Zambada proved he knew almost everyone and everything… before his trial began, his lawyers dropped a bombshell: They claimed that for years he had been working secretly as a spy for the D.E.A., swapping information about his rivals in exchange for the ability to run his business freely.”-NYT

https://www.nytimes.com/2019/01/03/nyregion/el-chapo-trial.html?action=click&module=RelatedCoverage&pgtype=Article®ion=Footer

At sometime around 2012 or before he rolled over on his father El Chapo

“…they flipped Rodriguez, having him transfer servers from Canada to the Netherlands in a move masked as an upgrade. During that process, Rodriguez slipped investigators the network’s encryption keys.”-Gizmodo

https://gizmodo.com/the-feds-cracked-el-chapos-encrypted-communications-net-1831595734

Why did Rodriquez flip over – felt in danger of his life or money from the DEA. What exactly was the time frame?

Why did El Chapo’s son flip on him – felt in danger of his life or money or power?

What about the interview in Rolling stone with Hollywood movie stars visited El Chapo? Would not they be carring trace able cell phones or possibly a gps unit in their gear?

Multiple arrest of El Chapo and better timeline
https://en.wikipedia.org/wiki/Joaqu%C3%ADn_%22El_Chapo%22_Guzm%C3%A1n

Manhunt for El Chapo
https://en.wikipedia.org/wiki/Manhunt_of_Joaqu%C3%ADn_%22El_Chapo%22_Guzm%C3%A1n_(2001%E2%80%932016)

All of the above is very interesting and very confusing

Cristian Rodrequez proper name.

https://www.reuters.com/article/us-usa-mexico-el-chapo/prosecutors-in-el-chapo-trial-play-calls-intercepted-by-fbi-idUSKCN1P2214

chrisJanuary 16, 2019 4:35 PM

@An:

The "IT Guy" was caught in a sting operation by the FBI in 2010 and flipped. Apparently, he feared US federal prison more than El Chapo which seems misplaced. One thing I'll be sure to do if I'm ever a crime kingpin is to pay my IT staff enough to keep them exclusive to my organization -- the FBI ensnared this guy in a sting operation by posing as Russian mobsters looking for a similar system.

requiredJanuary 16, 2019 7:47 PM

"he can be a paranoid micro manager one moment and an expansive friend to all at another moment. Which suggestes that he might be on somebodies scale of non-neuro-typical behaviour."

Are you describing him or yourself?

TomJanuary 16, 2019 10:17 PM

"he can be a paranoid micro manager one moment and an expansive friend to all at another moment. Which suggestes that he might be on somebodies scale of non-neuro-typical behaviour."

Could describe a guy on drugs.

Clearly not Clive Robinson.

65535January 16, 2019 11:45 PM

A different picture is beginning to emerge and it looks like a tug of war between who was paying off who. In fact, if EL Chapo’s son is telling the truth it is dirty picture.

El Chapo Son’s lawyer[s]:

“In essence,” his lawyers wrote in a 2011 pretrial motion, “the United States government entered into a conspiracy with one of the largest drug cartels in the world.”-NYY

Other odd points:

“…federal agents plucked him [El Chapo’s son] from his jail cell in Chicago late one night in 2012. From there, he said, he was taken to an office and handed a phone. His father was on the line…elder Mr. Zambada was a wanted man, an international criminal with a million-dollar bounty on his head. The agents asked the son to urge the father to surrender. Mr. Zambada said he did… Though there was no surrender, the two men spoke for several minutes, discussing their mood, health and legal situations…”-NYT

El Chapo’s IT guy went back to selling drugs for 10 years:

“Mr. Ramírez, suffering no harm, went back to selling drugs for an additional 10 years.”-NYT

Odd bit of surpression of testimony:

Federal prosecutors denied there was any conspiracy and in the end, a judge did not allow Mr. Zambada to defend himself by arguing one existed. He pleaded guilty in 2013 and agreed to cooperate…In a ruling this week, the judge forbade any mention of a possible quid pro quo agreement between Mr. Zambada and the government from the trial, saying it would “create a sideshow” that risked “confusing the issues” and “misleading the jury.”-NYT

If it is true the both El Chapo’s son and his IT guy continued to sell narcotics for a decade one begins to wonder why and how much momey was made, say in the billions of dollars, and who got the cash. If some of that money stuck to the hands of the DEA and US agents things would look a bit different. Why not let El Chapo’s son tell the full story?

This whole thing of letting a drug gang sell drugs for ten years and then shuting it down smells a bit fishy. Billions of dollars changed hands but who got the money? DEA agents, the drug Cartel or both?

See: El Chapo Trial: How a Cartel Prince Left the Drug Trade
https://www.nytimes.com/2019/01/04/nyregion/el-chapo-trial.html?action=click&module=RelatedCoverage&pgtype=Article®ion=Footer

JustBlowSnowJanuary 17, 2019 4:37 AM

@65535

US federal agencies like the DEA are falsely claiming to fight a war on drugs, since gangster sister agencies like the CIA have been trafficking since at least the mid 20th century to further their aims e.g. cash for black ops, arming paramilitaries, etc.

No doubt the competition are crushed if they are crowding the market or not playing ball i.e. must be made an example of. Hence the large profile busts to "protect the public" from time to time, which I guess El Chapo falls into.

Consider the CIA's virtually assured involvement in:

- moving smack in the Golden Triangle in the 60s and 70s
- moving huge amounts of coke from South America in the 80s (Contra scandal)
- supposed involvement in large-scale drug operations in Mexico in the 2010s (taking out the competition where necessary)
- allowing large shipments of coke to be freely shipped from Venezuela in the 1990s
- etc etc.

The "War on Drugs" always was, and always will remain strictly a propaganda exercise. Otherwise they would wage a war on legal opioids, which kill far more Americans than all illicit substances combined.

Clive RobinsonJanuary 17, 2019 5:16 AM

@ 65535,

A different picture is beginning to emerge and it looks like a tug of war between who was paying off who.

An earlier story I read, claims that the judge is keeping a great deal out of court thus out of the public eye. Such as bribed politicians on both sides of the border. Apparently on the South side of the border all the way up to the highest circles of Government and Telecommunications and Media...

efkJanuary 17, 2019 6:42 AM

Do people still have the illusion, that any data on electronic devices will be 'secure'? Wouldn't it be better to completely move away from devices that can be hacked at any time? How many possibilities are there for secret services to hack devices? The official story, that e.g. Apple devices are secure, are imo complete rubbish, if a service wants a device to be opened up, they can do it immediately, maybe the FBI (officially) doesn't get access to these fancy technologies like baseband hacks, but in case of emergency they would just call the NSA, and they could do the job.

Clive RobinsonJanuary 17, 2019 6:53 AM

@ JustBlowSnow,

The "War on Drugs" always was, and always will remain strictly a propaganda exercise.

Yup because it's a very lucrative market with very very high profit margins and no taxes or tracability of funds...

What's not to love it from the capatalist view point...

But as a quite famous economist put it, the current methord was not working and was in effect a massive sink hole of resources, thus unsustainable in an economic sense. He went on to point out the only two ways of dealing with it was the Chines way or the Indian way. In India if you were a druggy they just cut you off and let you rot. In China for anything drug related they took you into the village square forced you down on your knees and put a bullet down your spine, then billed your family for the bullet and fire wood. Your ashes would supposadly get thrown in a rubbish tip or some such.

However they stopped most public executions as some noticed around the time transplant surgery became viable... I'm not sure I'd want a body part from a drug addict, the chance of HepC or worse would be quite high. But then, being a member of the Falun Gong / Falun Dafa sudenly became a crime, and people started disappearing. The stories were such that a number of European Politicians came to believe that as the religion was about healthy body healty mind and that senior Chinese Politicians started living quite a bit longer than their predecessors that they were being used as organ donors for the Chinese elite. Worse that criminals were exporting harvested organs and making vast fortunens.

Every so often it resurfaces again as it did three months ago, but though there is apparently evidence, it's likewise apparently not quite sufficient,

https://www.forbes.com/sites/ewelinaochab/2018/10/16/organ-harvesting-in-china-and-the-many-questions/

65535January 17, 2019 3:27 PM

@ JustBlowSnow

“…the competition are crushed if they are crowding the market or not playing ball i.e. must be made an example of. Hence the large profile busts to "protect the public" from time to time, which I guess El Chapo falls into.” – JustBlowSnow

That could be true.

I have heard stories about the CIA’s blunt but effective means [not necessarily above board or legal means]. I can’t prove those stories or refute them. It is “National Security” and top secret. I am not in the loop so to speak.

@ Clive Robinson

“…I read, claims that the judge is keeping a great deal out of court thus out of the public eye. Such as bribed politicians on both sides of the border… up to the highest circles of Government...”-Clive R.

That court proceedings problem is particularly troubling to hear of – especially the notion of rigged trials. If the US court system cannot be trusted then the notion of open hearings, fair trials and democracy is in doubt.

If democracy fails the possibility of a second civil war in the USA could skyrocket. That is not a pleasant thought.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.