Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

A hacker working on behalf of the Sinaloa drug cartel infiltrated cameras and phones to track an FBI official in Mexico investigating the drug lord El Chapo, then used data from that surveillance to kill and intimidate potential sources and witnesses the agent was meeting with, a Justice Department watchdog report revealed.

An FBI case agent learned about the hacker from someone affiliated with the cartel in 2018, according to the inspector general report released Friday.

“That individual said the cartel had hired a ‘hacker’ who offered a menu of services related to exploiting mobile phones and other electronic devices,” the report states. “According to the individual, the hacker had observed people going in and out of the United States Embassy in Mexico City and identified ‘people of interest’ for the cartel, including the FBI Assistant Legal Attache (ALA T), and then was able to use the ALA T’s mobile phone number to obtain calls made and received, as well as geolocation data, associated with the ALAT’s phone.

“According to the FBI, the hacker also used Mexico City’s camera system to follow the ALAT through the city and identify people the ALAT met with,” the report continues. “According to the case agent, the cartel used that information to intimidate and, in some instances, kill potential sources or cooperating witnesses.”

The revelations mark the second time in a week that, if accurate, a hacker was shown to contribute to someone’s death. A patient died in the United Kingdom after a cyberattack delayed blood test results across hospitals there, according to a National Health Service review, as first reported by the Health Services Journal.

The FBI referred a request for comment on the inspector general report Saturday to the Department of Justice, which did not immediately respond. El Chapo, the nickname for Joaquín Archivaldo Guzmán Loera, is currently serving a life sentence in a U.S. prison for 26 drug-related violations and one murder conspiracy.

The overall report assessed how effectively the FBI has protected sensitive investigations in a world of ubiquitous technical surveillance (UTS), ranging from physical surveillance to surveillance of phones or financial records. The FBI had formed a “red team” to address the threat.

“We do not believe that the initial effort of the Red Team to identify the specific, enterprise-wide risks was adequate, potentially leaving several UTS-related threats unmitigated,” the report concludes. “We are particularly concerned that the Red Team’s recent threat mitigation efforts did not adequately consider existing FBI efforts to mitigate the UTS threat, and that it did not include a sufficient long-term vision for how the FBI will approach the evolving UTS threat after its initial action items are addressed.”

Much of the FBI’s response to the draft report is redacted. But it says that “FBI efforts have been multi-faceted and involved many components of the enterprise, working separately and in collaboration, including with other U.S. government agencies facing similar threats. We nevertheless agree that to better understand the threat posed by changing operational technologies, an enterprise-wide assessment of threats posed by operational technology is warranted.”

It also agreed with a recommendation to train FBI personnel on the nature of the threat posed by ubiquitous surveillance.