Mexican Drug Cartels with High-Tech Spyware

Sophisticated spyware, sold by surveillance tech companies to Mexican government agencies, are ending up in the hands of drug cartels:

As many as 25 private companies — including the Israeli company NSO Group and the Italian firm Hacking Team — have sold surveillance software to Mexican federal and state police forces, but there is little or no regulation of the sector — and no way to control where the spyware ends up, said the officials.

Lots of details in the article. The cyberweapons arms business is immoral in many ways. This is just one of them.

Posted on December 17, 2020 at 7:19 AM12 Comments

Comments

Clive Robinson December 17, 2020 9:36 AM

@ ALL,

Remember tools software or otherwise care not the hand that holds them, or to what task they are put. The tools have no morals nor can they ever have[1].

Morals are as far as we can tell a human inovation to provide excuses for behavior driven essentialy by a form of greed.

Thus it is the directing mind that is immoral and the definition of immoral is a movable feast.

When you read the article, understand it is the same base drivers for the Israeli Government and other “supplying nations” Governments as it is in individuals of the Mexican Government.

It’s been noted in the past that both the UK and US have used any technology they can against their own polititians, journalists, protestors, and inconvenient Whistleblowers.

Ask why it should be OK for the UK and US but not other nations including Pakistan, Saudi Arabia, Quata, and many many others including France.

It’s an excuse for psychopathic behaviour that gives rise to the excuses for the other 75-95% of the population they see as gullible or stupis. It’s those, “We are the good guys”, “For the common good”, “for God King and Country” etc, that hides the “Might is right”, “divine rule”, “God told me to”, of Kings in times past. But worse those who know it’s wrong acquiescing via “My country right or wrong”…

Such tools only exist because ordinary people alow them to be made. That is we alow specifications that have loop holes big enough for battle ships to sail through, protocols more permisive than a cat in heat, implementations riddled with more holes than termite infested wood.

Each and every one we let get by is going to be found and used for harm to someone some how it may be some one we know nothing about or someone you deeply care about.

The word “Engineer” had a different meaning a century and a half or so ago. They were the men who designed, built and deployed the engines and fortifications of war.

It was as these engines and fortifications became so important to the spilling of blood and scheding of lives that ethics started to enter the proffessions, and people started to say “enough” and “not in my name”, but for some reason we appear to have lost sight of previous generations of ethics.

But what are we doing about it?

Now might be a time to rediscover ethics, but will we be alowed to. Technology has moved on almost unimaginably in recent years as such it has acted as a force multiplier, we can now all be spied upon without our knowledge by things we can not see nor are we alowed to see by “Walled Gardens” that have taken the simple right of control of our posessions away from us and vested it in others over whom we have no individual control.

I’ll leave others to consider the mess we are in due to our own stupidity, and think up ways out against the enemy driven by greed for money and or power…

[1] One of the ideas proposed for military drones and such like is that they be fitted with some form of AI. The idea is of course madness to anyone that understands technolog. But to others, it makes a good talking point, but of course must be removable by the right people. It’s a war we are going to have to fight, just like the Crypto-Wars we are still fighting and loosing.

JonKnowsNothing December 17, 2020 10:53 AM

@Clive @All

Just a side tidbit: Mexico just passed a law stripping foreign law enforcement of Diplomatic Immunity. The new law strips USA LEAs and DEA etc from crossing into Mexico for at-will police operations.

It also requires LEAs and DEA etc to share all intelligence with Mexican Police Agencies and Authorities. No more blindsided raids.

Of course, the USA is horrified because of the information sieve seeping out. It probably seeped out long long ago.

Getting the law enforced is a whole ‘nother enchilada. The USA has done regime-change for far less.

Clive Robinson December 17, 2020 12:38 PM

@ JonKnowsNothing,

Of course, the USA is horrified because of the information sieve seeping out. It probably seeped out long long ago.

Yup if any barrel gets large enough it will have a rotten apple or three in it… And the US law rnforcment as we know from the little that gets into the MSM is no exception.

Mind you I don’t what the US is complaining about, they are always complaing other Governments are not transparent enough or accountable enough.

It’s about time they started finding out what it’s like on the other side of the fence.

And just be thankfull the Mexican Government has not decided to say that any US person paid for out of Public Funds carrying arms across the boarder or using them is a primary act of war (which legaly it is unless permission is given correctly).

The more countries that do this the better in the long run things will be.

Jon December 18, 2020 7:04 AM

Whenever someone is given immunity they shall abuse it.

@ JonKnowsNothing:

Also a bit aside, but the UK has passed laws removing diplomatic immunity from the spouses of spies – a bit too late for the kid on the motorcycle, though. J.

JonKnowsNothing December 18, 2020 11:08 AM

@Jon @Clive @All

re:Diplomatic Immunity

I think that Anne Sacoolas will find her choice of vacation spots limited. She may have been protected by the CIA at the time, but times change.

It’s not that surprising when “wanted folks” are able to travel or vacation and the locals ignore the warrants; politics and foreign aide packages are an incentive to look-the-other-way.

Politics and foreign aide packages change. On those rare occasion where a person is picked up, there is a Surpise! look on the mug shots.

Just waiting for Gina (1) to step out of bounds…. There will be schadenfreude parties when it happens.


1, The only redeeming thing DiFi can do is release her full copy of the Torture Report.

ht tps://en.wikipedia.org/wiki/Death_of_Harry_Dunn
ht tps://en.wikipedia.org/wiki/Schadenfreude

ht tps://en.wikipedia.org/wiki/Senate_Intelligence_Committee_report_on_CIA_torture
(url fractured to prevent autorun)

Aether December 18, 2020 1:16 PM

Maybe a stupid question, but why do these spy tools even work? Isn’t it the job of every “provider” to ensure the safe, secure end-to-end transmission of communications that customers pay for over their networks? And isn’t it the job of public regulatory agencies to ensure they do so and to hold them accountable if they fail to ensure the secure end-to-end transmission?

JonKnowsNothing December 18, 2020 3:48 PM

@Aether

re: …why do these spy tools even work? Isn’t it the job of every “provider” to ensure the safe, secure end-to-end transmission of communications that customers pay for over their networks? And isn’t it the job of public regulatory agencies to ensure they do so and to hold them accountable if they fail to ensure the secure end-to-end transmission?

The short answer is “yes”, the qualified answer is “maybe”, and the ultimate answer is “no”.

Much of the current discussions about the internet (aside from how many new emoji there are) is exactly this problem.

Governments want to check out The Other Guys while preventing the Other Guys from checking them out. This dichotomy is not possible to achieve.

If you put a backdoor into a program, hardware, or interface anyone who finds it can use it. Like Bilbo and the Thrush’s Knock.

If you do not allow Backdoors, then Governments cannot check out the Other Guys.

Other Guys maybe other countries, organizations, groups, people, citizens.

Backdoors can be called by many names but anything that lets you check out someone maybe considered a Backdoor. FindMyPhone.

Then there are problems of “goofs”, errors not intentionally introduced. These can be exploited as a backdoor because not everyone will tell about them. Governments and Other Guys horde them.

ht tps://en.wikipedia.org/wiki/United_States_Cyber_Command

ht tps://en.wikipedia.org/wiki/The_Hobbit
Gandalf unveils Thrór’s map showing a secret door into the Mountain

Stand by the grey stone when the thrush knocks and the setting sun with the last light of Durin’s day will shine upon the keyhole

(url fractured to prevent autorun)

Oscar Wilde December 21, 2020 10:56 AM

Human Rights Don’t Exist in Brazil

There is a criminal organization in Brazil using NSO Group’s Pegasus to infect devices for hack for hire, to incite terrorism, blackmail people, produce illegal pornography and assist in assassinations. They also have other advanced malware, like UEFI implants and even persistent implants for Kindle and Raspberry Pi. Plus face/voice recognition on every camera and microphone they can get into, in public or private places.

Brazil won’t do anything to stop them. Only the FBI, CIA and NSA can stop them.

There is also the possibility that they were engaged on the hack of Bezos’ smartphone.

If you know of any security researcher who wants to reverse engineer the exploits they are using, I am more than willing to help them.

If you want a story about how they operate, I am willing to work with you to expose them.

Anders December 21, 2020 6:52 PM

@Oscar Wilde

“If you know of any security researcher who wants to reverse engineer the exploits they are using, I am more than willing to help them.”

Yes.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.