Forwarded from: William Knowles <wkat_private> http://www.business2.com/articles/mag/0,1640,41206,00.html By: Paul Kaihla Issue: July 2002 Colombian cartels have spent billions of dollars to build one of the world's most sophisticated IT infrastructures. It's helping them smuggle more dope than ever before. On a rainy night eight years ago in the Colombian city of Cali, crack counter-narcotics troops swarmed over the first floor of a low-rise condominium complex in an upscale neighborhood. They found no drugs or guns. But what they did find sent shudders through law enforcement and intelligence circles around the world. The building was owned by a front man for Cali cocaine cartel leader José Santacruz Londono. Inside was a computer center, manned in shifts around the clock by four to six technicians. The central feature of the facility was a $1.5 million IBM AS400 mainframe, the kind once used by banks, networked with half a dozen terminals and monitors. The next day, Colombia's attorney general secretly granted permission for U.S. agents to fly the mainframe immediately back to the United States, where it was subjected to an exhaustive analysis by experts from the Drug Enforcement Administration and various intelligence agencies. The so-called Santacruz computer was never returned to Colombian authorities, and the DEA's report about it is highly classified. But Business 2.0 has ferreted out many of its details. They make it clear why the U.S. government wants the Santacruz case kept quiet. According to former and current DEA, military, and State Department officials, the cartel had assembled a database that contained both the office and residential telephone numbers of U.S. diplomats and agents based in Colombia, along with the entire call log for the phone company in Cali, which was leaked by employees of the utility. The mainframe was loaded with custom-written data-mining software. It cross-referenced the Cali phone exchange's traffic with the phone numbers of American personnel and Colombian intelligence and law enforcement officials. The computer was essentially conducting a perpetual internal mole-hunt of the cartel's organizational chart. "They could correlate phone numbers, personalities, locations -- any way you want to cut it," says the former director of a law enforcement agency. "Santacruz could see if any of his lieutenants were spilling the beans." They were. A top Colombian narcotics security adviser says the system fingered at least a dozen informants -- and that they were swiftly assassinated by the cartel. A high-level DEA official would go only this far: "It is very reasonable to assume that people were killed as a result of this capability. Potential sources of information were compromised by the system." The discovery of the Santacruz computer gave law enforcement officials a chilling glimpse into the cartels' rapidly evolving technological sophistication. But here's what is truly frightening: Since the discovery of the Santacruz system in 1994, the cartels' technological mastery has only grown. And it is enabling them to smuggle more dope than ever before. The drug lords have deployed advanced communications encryption technologies that, law enforcement officials concede, are all but unbreakable. They use the Web to camouflage the movement of dirty money. They track the radar sweeps of drug surveillance planes to map out gaps in coverage. They even use a fleet of submarines, mini-subs, and semisubmersibles to ferry drugs -- sometimes, ingeniously, to larger ships hauling cargoes of hazardous waste, in which the insulated bales of cocaine are stashed. "Those ships never get a close inspection, no matter what country you're in," says John Hensley, former head of enforcement for the U.S. Customs Service. Most of the cartels' technology is American-made; many of the experts who run it are American-trained. High-tech has become the drug lords' most effective counter-weapon in the war on drugs -- and is a major reason that cocaine shipments to the United States from Colombia hit an estimated 450 tons last year, almost twice the level of 1998, according to the Colombian navy. In a sense, the cartels are putting their own dark twist on the same productivity-enhancing strategies that other multinational businesses have seized on in the Internet age. Indeed, the $80 billion-a-year cocaine business poses some unique challenges: The supply chain is immense and global, competition is literally cutthroat, and regulatory pressure is intense. The traffickers have the advantages of unlimited funds and no scruples, and they've invested billions of dollars to create a technological infrastructure that would be the envy of any Fortune 500 company -- and of the law enforcement officials charged with going after the drug barons. "I spent this morning working on the budget," the head of DEA intelligence, Steve Casteel, said recently. "Do you think they have to worry about that? If they want it, they buy it." That's an especially troubling thought just now, as the Bush administration pressures Congress to expand the $1.3 billion anti-narcotics plan for Colombia and to allow the U.S. military to take a more forceful role in the savage fighting between Colombia's left-wing rebels, right-wing paramilitary units, and the drug-trafficker allies of both. Archangel Henao is the man whom authorities credit with much of the drug runners' recent technological progress. According to Colombian and U.S. narcotics officials, Henao heads the North Valley Cartel, the largest and most feared criminal organization to emerge from the chaos that gripped Colombia's underworld after the old Medellín and Cali cartels were broken up in the 1990s by the country's military -- with extensive U.S. help. Officials say that Henao, a heavyset 47-year-old born with a withered left arm, controls Buenaventura, the principal port on a stretch of the Pacific coast that is the launching point for most of the cocaine and heroin smuggled into North America from Colombia. His North Valley Cartel foot soldiers are known for dismembering the bodies of their enemies with chain saws and dumping them into the Cauca River. The U.S. Treasury Department has banned Henao from doing business with U.S. companies because he is a "drug kingpin," and the DEA publicly calls him one of Colombia's biggest traffickers. He has never been convicted of a drug-related offense, although a DEA official says the agency is "trying to build an indictment" against him. Henao's cartel is a champion of decentralization, outsourcing, and pooled risk, along with technological innovations to enhance the secrecy of it all. For instance, to scrub his profits, he and fellow money launderers use a private, password-protected website that daily updates an inventory of U.S. currency available from cartel distributors across North America, says a veteran Treasury Department investigator. Kind of like a business-to-business exchange, the site allows black-market money brokers to bid on the dirty dollars, which cartel financial chiefs want to convert to Colombian pesos to use for their operations at home. "A trafficker can bid on different rates -- 'I'll sell $1 million in cash in Miami,'" says the agent. "And he'll take the equivalent of $800,000 in pesos for it in Colombia." The investigator estimates the online bazaar's annual turnover at as much as $3 billion. Henao and other cartel leaders recruit IT talent from many sources, intelligence officials say. The traffickers lure some specialists from legitimate local businesses, offering scads of cash. They also contract with Israeli, U.S., and other mercenaries who are former electronic warfare experts from military special ops units. Cartel leaders have sent members of their own families to top U.S. engineering and aeronautical schools; when the kids come home, some serve as trusted heads of technical operations. Most of the high-end gear the cartels deploy comes from household-name multinational companies, many of them American; typically, front companies purchase equipment from sales offices in Colombia or through a series of intermediaries operating in the United States. The talent and tools are among the best that money can buy, and it shows. For instance, Henao's communications have become so advanced that they have never been intercepted, Colombian intelligence sources say. The last clear view inside the organization's technical operations was provided in 1998, when a small army of Colombian police arrested Henao's top IT consultant, Nelson Urrego. That bust soon led to the discovery of an elaborate communications network that allowed Urrego to coordinate fleets of North Valley Cartel planes and ships that were smuggling 10 to 15 tons of cocaine each month. The network's command center was hidden in a Bogotá warehouse outfitted with a retractable German-made Rhode & Schwarz transmission antenna about 40 feet high, and 15 to 20 computers networked with servers and a small mainframe. The same kind of state-of-the-art setup existed in communications centers at Urrego's ranch in Medellín, at an island resort he owned, and at a hideout in Cali. Seized invoices and letters show that Urrego or his associates had recently bought roughly $100,000 worth of Motorola (MOT) gear: 12 base stations, 16 mobile stations installed in trucks and cars, 50 radio phones, and eight repeaters, which boost radio signals over long distances. The range of Urrego's network extended across the Caribbean and the upper half of South America. He and his operatives used it to send text messages to laptops in dozens of planes and boats to inform their pilots when it was safe to go, and to receive confirmations of when loads were dropped and retrieved. According to one intelligence official who analyzed Urrego's network, it was transmitting 1,000 messages a day -- and not one of them was intercepted, even by U.S. spy planes. When Urrego typed a message into his computer, it created a digital bit-stream that was then encrypted and fed through a converter that parceled the data out at high frequencies. Digital communications over a radio network can be put into a code much more easily than voice transmissions, and thus are far tougher to intercept and decipher. "There's going to be a delay in sending and receiving messages," says a surveillance expert who does code-breaking work for the DEA and CIA, "but it's going to be fairly friggin' secure." The cartel's fleets still had to dodge surveillance aircraft like the dozen or so P3 Orions that U.S. Customs flies over Colombia. But by bribing officials and drawing on an elaborate counterintelligence database maintained by the cartels, Urrego learned the operations schedule of the planes. According to a former narcotics operative in the U.S. Army's Southern Command, cartel pilots routinely map the radar coverage of U.S. spy planes by putting FuzzBuster radar detectors in their drug plane cockpits and logging the hits. "They'd use every piece of data to build a picture, just like a jigsaw puzzle," the retired officer explains. "A piece of data could be 'One of our airplanes was flying on this azimuth at this altitude, and his FuzzBuster went off,' which means he was being painted by the radar. So they put that piece of data in the computer. Then another airplane was flying on that azimuth at that altitude, and his FuzzBuster did not go off. As they put that data together, they'd build a picture of the radar signature." Law enforcement officials believe that much of Urrego's system has simply been reconstituted -- with upgrades based on the latest advances in communications and encryption gear. A lanky man with deep bags under his eyes sits in a cinder-block office within a heavily fortified army base. He may have the most dangerous job in Colombia. He is a top special operations commander, and he probably knows more about the drug cartels' technological prowess than anyone on the outside. He rarely gives interviews, but late one Saturday night, he agrees to discuss one of his special areas of expertise: Archangel Henao. Lately, the commander says, he has been studying how Henao's cartel uses technology for what amounts to corporate espionage and competitive advantage against business rivals. The North Valley Cartel has waged a war against other smuggling groups over a variety of issues, including control of the port of Buenaventura. The commander recites a litany of recent assassinations and bombings. In February 2001, for instance, North Valley Cartel operatives commandeered a Bell helicopter used by the government in coca fumigation programs and pressed it into service in an attempted assassination of a rival trafficker. The rival was in jail in Cali at the time, so the hit men flew over the prison and dropped a homemade bomb containing 440 pounds of TNT. The detonator failed, but had the bomb gone off, it would have killed more than 3,000 people, the commander estimates. Within a month of that attack, the intended victim's organization retaliated with a flurry of hits -- among them, a submachine-gun ambush of four North Valley Cartel figures in a Cali hospital cafeteria. (In February, Henao's brother-in-law, a top North Valley Cartel capo, was poisoned to death in a maximum-security prison.) Many of the targets in the power struggle, the commander says, were located by signals intelligence -- things like pager and e-mail intercepts, transmitters planted on vehicles, or bugs hidden in homes and offices. "This is a technological war," he says. Actually, it has been for a long time -- as the mysterious story of the Santacruz computer suggests. According to Carlos Alfonso Velásquez Romero, a now-retired colonel who commanded the elite unit that discovered the computer, one of the principal IT gurus behind the system was Jorge Salcedo Cabrera, a former army intelligence operative and electrical engineer who crossed over to the underworld. The Santacruz computer wasn't his first big technological splash. When the Colombian government launched the unit that Velásquez would later head, it established a toll-free tip line for information about Cali Cartel leaders. The traffickers tapped the line, with deadly consequences. "All of these anonymous callers were immediately identified, and they were killed," a former high-ranking DEA official says. Henao's cartel built on this and other prior technology initiatives, in part by creating what amounts to a narco research and development program. One early fruit of that effort, intelligence officials say, was an advanced version of a cheap boat called a semisubmersible. Shaped like the Civil War-era Monitor, the small craft cruises below the waterline, except for a conning tower where one of its two-man crew pilots the boat. The vessel has underwater propulsion, radar, and short-band radio towers. And it's virtually invisible to even the most sophisticated spy gear. "You basically need a visual sighting to detect one, because you're not going to pick them up in a radar sweep," says Hensley, the former U.S. Customs enforcement chief. Semisubmersibles, however, are unstable, and narcotics officials think the cartels have lost several at sea -- one reason that the traffickers upgraded to submarines. According to the head of the Colombian navy, Adm. Mauricio Soto, the North Valley Cartel and other organizations have used real subs for years. Authorities believe that the Cali Cartel purchased a Soviet sub in the early '90s, and that its crew accidentally sank it off Colombia's Pacific coast during its first smuggling run, probably because they lacked the 10 skilled people needed to operate it. More recently, the cartels have built their own subs, with help, Soto suspects, from Italian engineers who stayed in Colombia after overseeing the construction of the navy's own fleet of commando submarines two decades ago. Henao, for instance, is believed by military and intelligence officials to have a small fleet of mini-subs -- used for, among other things, hauling dope to those toxic waste freighters. So far, Colombian authorities have found only two drug subs, both of which were under construction. The most recent one, discovered 21 months ago outside Bogotá, was a 78-foot craft that cost an estimated $10 million. Intelligence sources say it belonged to Henao's North Valley Cartel. A Colombian official says Henao wanted a vessel that could carry several more tons than the Buenaventura mini-subs and travel as far as 2,000 miles -- say, to the coast of Mexico or Southern California. Arrayed against this formidable technological arsenal is, well, not much. The commander of the narcotics agents in the Buenaventura area is a world-weary man who rarely ventures outside his military compound not far from town. He never goes into Buenaventura itself. Traffickers have put a price of 35 million pesos (about $17,000) on his head. "Life is cheap here," he mutters. He displays boxes and boxes of seized high-tech gear. Even personnel at the bottom of the cartel food chain have Israeli night-vision goggles, ICOM radio frequency scanners, and Magellan GPS handhelds. The commander says an informant told him about mini-subs off Buenaventura months ago. But neither he nor his men have ever seen one. His outfit doesn't have the equipment to detect underwater craft. Nor does the commander know many details about the Santacruz computer bust that first alerted officials to how technologically advanced his adversaries had become. He is unaware, for instance, of one of the biggest reasons U.S. officials want details of the system and the murders of U.S. intelligence sources it triggered kept top secret. Jorge Salcedo Cabrera, the main IT whiz who set up the Santacruz computer, eventually became an informant against cartel bosses. The DEA declined to comment on Salcedo. But according to several intelligence officials, he is now living in America at taxpayer expense, under the witness protection program. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Jul 02 2002 - 05:03:39 PDT