[ISN] The Technology Secrets of Cocaine Inc.

From: InfoSec News (isnat_private)
Date: Tue Jul 02 2002 - 02:36:52 PDT

  • Next message: InfoSec News: "Re: [ISN] Government Not Ready for Cyberattacks"

    Forwarded from: William Knowles <wkat_private>
    By: Paul Kaihla 
    Issue: July 2002
    Colombian cartels have spent billions of dollars to build one of the
    world's most sophisticated IT infrastructures. It's helping them
    smuggle more dope than ever before.
    On a rainy night eight years ago in the Colombian city of Cali, crack
    counter-narcotics troops swarmed over the first floor of a low-rise
    condominium complex in an upscale neighborhood. They found no drugs or
    guns. But what they did find sent shudders through law enforcement and
    intelligence circles around the world.
    The building was owned by a front man for Cali cocaine cartel leader
    José Santacruz Londono. Inside was a computer center, manned in shifts
    around the clock by four to six technicians. The central feature of
    the facility was a $1.5 million IBM AS400 mainframe, the kind once
    used by banks, networked with half a dozen terminals and monitors. The
    next day, Colombia's attorney general secretly granted permission for
    U.S. agents to fly the mainframe immediately back to the United
    States, where it was subjected to an exhaustive analysis by experts
    from the Drug Enforcement Administration and various intelligence
    agencies. The so-called Santacruz computer was never returned to
    Colombian authorities, and the DEA's report about it is highly
    classified. But Business 2.0 has ferreted out many of its details.  
    They make it clear why the U.S. government wants the Santacruz case
    kept quiet.
    According to former and current DEA, military, and State Department
    officials, the cartel had assembled a database that contained both the
    office and residential telephone numbers of U.S. diplomats and agents
    based in Colombia, along with the entire call log for the phone
    company in Cali, which was leaked by employees of the utility. The
    mainframe was loaded with custom-written data-mining software. It
    cross-referenced the Cali phone exchange's traffic with the phone
    numbers of American personnel and Colombian intelligence and law
    enforcement officials. The computer was essentially conducting a
    perpetual internal mole-hunt of the cartel's organizational chart.  
    "They could correlate phone numbers, personalities, locations -- any
    way you want to cut it," says the former director of a law enforcement
    agency. "Santacruz could see if any of his lieutenants were spilling
    the beans."
    They were. A top Colombian narcotics security adviser says the system
    fingered at least a dozen informants -- and that they were swiftly
    assassinated by the cartel. A high-level DEA official would go only
    this far: "It is very reasonable to assume that people were killed as
    a result of this capability. Potential sources of information were
    compromised by the system."
    The discovery of the Santacruz computer gave law enforcement officials
    a chilling glimpse into the cartels' rapidly evolving technological
    sophistication. But here's what is truly frightening: Since the
    discovery of the Santacruz system in 1994, the cartels' technological
    mastery has only grown. And it is enabling them to smuggle more dope
    than ever before.
    The drug lords have deployed advanced communications encryption
    technologies that, law enforcement officials concede, are all but
    unbreakable. They use the Web to camouflage the movement of dirty
    money. They track the radar sweeps of drug surveillance planes to map
    out gaps in coverage. They even use a fleet of submarines, mini-subs,
    and semisubmersibles to ferry drugs -- sometimes, ingeniously, to
    larger ships hauling cargoes of hazardous waste, in which the
    insulated bales of cocaine are stashed. "Those ships never get a close
    inspection, no matter what country you're in," says John Hensley,
    former head of enforcement for the U.S. Customs Service. Most of the
    cartels' technology is American-made; many of the experts who run it
    are American-trained. High-tech has become the drug lords' most
    effective counter-weapon in the war on drugs -- and is a major reason
    that cocaine shipments to the United States from Colombia hit an
    estimated 450 tons last year, almost twice the level of 1998,
    according to the Colombian navy.
    In a sense, the cartels are putting their own dark twist on the same
    productivity-enhancing strategies that other multinational businesses
    have seized on in the Internet age. Indeed, the $80 billion-a-year
    cocaine business poses some unique challenges: The supply chain is
    immense and global, competition is literally cutthroat, and regulatory
    pressure is intense. The traffickers have the advantages of unlimited
    funds and no scruples, and they've invested billions of dollars to
    create a technological infrastructure that would be the envy of any
    Fortune 500 company -- and of the law enforcement officials charged
    with going after the drug barons. "I spent this morning working on the
    budget," the head of DEA intelligence, Steve Casteel, said recently.  
    "Do you think they have to worry about that? If they want it, they buy
    it." That's an especially troubling thought just now, as the Bush
    administration pressures Congress to expand the $1.3 billion
    anti-narcotics plan for Colombia and to allow the U.S. military to
    take a more forceful role in the savage fighting between Colombia's
    left-wing rebels, right-wing paramilitary units, and the
    drug-trafficker allies of both.
    Archangel Henao is the man whom authorities credit with much of the
    drug runners' recent technological progress. According to Colombian
    and U.S. narcotics officials, Henao heads the North Valley Cartel, the
    largest and most feared criminal organization to emerge from the chaos
    that gripped Colombia's underworld after the old Medellín and Cali
    cartels were broken up in the 1990s by the country's military -- with
    extensive U.S. help. Officials say that Henao, a heavyset 47-year-old
    born with a withered left arm, controls Buenaventura, the principal
    port on a stretch of the Pacific coast that is the launching point for
    most of the cocaine and heroin smuggled into North America from
    Colombia. His North Valley Cartel foot soldiers are known for
    dismembering the bodies of their enemies with chain saws and dumping
    them into the Cauca River. The U.S. Treasury Department has banned
    Henao from doing business with U.S. companies because he is a "drug
    kingpin," and the DEA publicly calls him one of Colombia's biggest
    traffickers. He has never been convicted of a drug-related offense,
    although a DEA official says the agency is "trying to build an
    indictment" against him.
    Henao's cartel is a champion of decentralization, outsourcing, and
    pooled risk, along with technological innovations to enhance the
    secrecy of it all. For instance, to scrub his profits, he and fellow
    money launderers use a private, password-protected website that daily
    updates an inventory of U.S. currency available from cartel
    distributors across North America, says a veteran Treasury Department
    investigator. Kind of like a business-to-business exchange, the site
    allows black-market money brokers to bid on the dirty dollars, which
    cartel financial chiefs want to convert to Colombian pesos to use for
    their operations at home. "A trafficker can bid on different rates --
    'I'll sell $1 million in cash in Miami,'" says the agent. "And he'll
    take the equivalent of $800,000 in pesos for it in Colombia." The
    investigator estimates the online bazaar's annual turnover at as much
    as $3 billion.
    Henao and other cartel leaders recruit IT talent from many sources,
    intelligence officials say. The traffickers lure some specialists from
    legitimate local businesses, offering scads of cash. They also
    contract with Israeli, U.S., and other mercenaries who are former
    electronic warfare experts from military special ops units. Cartel
    leaders have sent members of their own families to top U.S.  
    engineering and aeronautical schools; when the kids come home, some
    serve as trusted heads of technical operations. Most of the high-end
    gear the cartels deploy comes from household-name multinational
    companies, many of them American; typically, front companies purchase
    equipment from sales offices in Colombia or through a series of
    intermediaries operating in the United States.
    The talent and tools are among the best that money can buy, and it
    shows. For instance, Henao's communications have become so advanced
    that they have never been intercepted, Colombian intelligence sources
    say. The last clear view inside the organization's technical
    operations was provided in 1998, when a small army of Colombian police
    arrested Henao's top IT consultant, Nelson Urrego. That bust soon led
    to the discovery of an elaborate communications network that allowed
    Urrego to coordinate fleets of North Valley Cartel planes and ships
    that were smuggling 10 to 15 tons of cocaine each month.
    The network's command center was hidden in a Bogotá warehouse
    outfitted with a retractable German-made Rhode & Schwarz transmission
    antenna about 40 feet high, and 15 to 20 computers networked with
    servers and a small mainframe. The same kind of state-of-the-art setup
    existed in communications centers at Urrego's ranch in Medellín, at an
    island resort he owned, and at a hideout in Cali. Seized invoices and
    letters show that Urrego or his associates had recently bought roughly
    $100,000 worth of Motorola (MOT) gear: 12 base stations, 16 mobile
    stations installed in trucks and cars, 50 radio phones, and eight
    repeaters, which boost radio signals over long distances.
    The range of Urrego's network extended across the Caribbean and the
    upper half of South America. He and his operatives used it to send
    text messages to laptops in dozens of planes and boats to inform their
    pilots when it was safe to go, and to receive confirmations of when
    loads were dropped and retrieved. According to one intelligence
    official who analyzed Urrego's network, it was transmitting 1,000
    messages a day -- and not one of them was intercepted, even by U.S.  
    spy planes.
    When Urrego typed a message into his computer, it created a digital
    bit-stream that was then encrypted and fed through a converter that
    parceled the data out at high frequencies. Digital communications over
    a radio network can be put into a code much more easily than voice
    transmissions, and thus are far tougher to intercept and decipher.  
    "There's going to be a delay in sending and receiving messages," says
    a surveillance expert who does code-breaking work for the DEA and CIA,
    "but it's going to be fairly friggin' secure."
    The cartel's fleets still had to dodge surveillance aircraft like the
    dozen or so P3 Orions that U.S. Customs flies over Colombia. But by
    bribing officials and drawing on an elaborate counterintelligence
    database maintained by the cartels, Urrego learned the operations
    schedule of the planes. According to a former narcotics operative in
    the U.S. Army's Southern Command, cartel pilots routinely map the
    radar coverage of U.S. spy planes by putting FuzzBuster radar
    detectors in their drug plane cockpits and logging the hits. "They'd
    use every piece of data to build a picture, just like a jigsaw
    puzzle," the retired officer explains. "A piece of data could be 'One
    of our airplanes was flying on this azimuth at this altitude, and his
    FuzzBuster went off,' which means he was being painted by the radar.  
    So they put that piece of data in the computer. Then another airplane
    was flying on that azimuth at that altitude, and his FuzzBuster did
    not go off. As they put that data together, they'd build a picture of
    the radar signature."
    Law enforcement officials believe that much of Urrego's system has
    simply been reconstituted -- with upgrades based on the latest
    advances in communications and encryption gear.
    A lanky man with deep bags under his eyes sits in a cinder-block
    office within a heavily fortified army base. He may have the most
    dangerous job in Colombia. He is a top special operations commander,
    and he probably knows more about the drug cartels' technological
    prowess than anyone on the outside. He rarely gives interviews, but
    late one Saturday night, he agrees to discuss one of his special areas
    of expertise: Archangel Henao.
    Lately, the commander says, he has been studying how Henao's cartel
    uses technology for what amounts to corporate espionage and
    competitive advantage against business rivals. The North Valley Cartel
    has waged a war against other smuggling groups over a variety of
    issues, including control of the port of Buenaventura. The commander
    recites a litany of recent assassinations and bombings. In February
    2001, for instance, North Valley Cartel operatives commandeered a Bell
    helicopter used by the government in coca fumigation programs and
    pressed it into service in an attempted assassination of a rival
    trafficker. The rival was in jail in Cali at the time, so the hit men
    flew over the prison and dropped a homemade bomb containing 440 pounds
    of TNT. The detonator failed, but had the bomb gone off, it would have
    killed more than 3,000 people, the commander estimates. Within a month
    of that attack, the intended victim's organization retaliated with a
    flurry of hits -- among them, a submachine-gun ambush of four North
    Valley Cartel figures in a Cali hospital cafeteria. (In February,
    Henao's brother-in-law, a top North Valley Cartel capo, was poisoned
    to death in a maximum-security prison.)
    Many of the targets in the power struggle, the commander says, were
    located by signals intelligence -- things like pager and e-mail
    intercepts, transmitters planted on vehicles, or bugs hidden in homes
    and offices. "This is a technological war," he says.
    Actually, it has been for a long time -- as the mysterious story of
    the Santacruz computer suggests. According to Carlos Alfonso Velásquez
    Romero, a now-retired colonel who commanded the elite unit that
    discovered the computer, one of the principal IT gurus behind the
    system was Jorge Salcedo Cabrera, a former army intelligence operative
    and electrical engineer who crossed over to the underworld. The
    Santacruz computer wasn't his first big technological splash. When the
    Colombian government launched the unit that Velásquez would later
    head, it established a toll-free tip line for information about Cali
    Cartel leaders. The traffickers tapped the line, with deadly
    consequences. "All of these anonymous callers were immediately
    identified, and they were killed," a former high-ranking DEA official
    Henao's cartel built on this and other prior technology initiatives,
    in part by creating what amounts to a narco research and development
    program. One early fruit of that effort, intelligence officials say,
    was an advanced version of a cheap boat called a semisubmersible.  
    Shaped like the Civil War-era Monitor, the small craft cruises below
    the waterline, except for a conning tower where one of its two-man
    crew pilots the boat. The vessel has underwater propulsion, radar, and
    short-band radio towers. And it's virtually invisible to even the most
    sophisticated spy gear. "You basically need a visual sighting to
    detect one, because you're not going to pick them up in a radar
    sweep," says Hensley, the former U.S. Customs enforcement chief.
    Semisubmersibles, however, are unstable, and narcotics officials think
    the cartels have lost several at sea -- one reason that the
    traffickers upgraded to submarines. According to the head of the
    Colombian navy, Adm. Mauricio Soto, the North Valley Cartel and other
    organizations have used real subs for years. Authorities believe that
    the Cali Cartel purchased a Soviet sub in the early '90s, and that its
    crew accidentally sank it off Colombia's Pacific coast during its
    first smuggling run, probably because they lacked the 10 skilled
    people needed to operate it.
    More recently, the cartels have built their own subs, with help, Soto
    suspects, from Italian engineers who stayed in Colombia after
    overseeing the construction of the navy's own fleet of commando
    submarines two decades ago. Henao, for instance, is believed by
    military and intelligence officials to have a small fleet of mini-subs
    -- used for, among other things, hauling dope to those toxic waste
    freighters. So far, Colombian authorities have found only two drug
    subs, both of which were under construction. The most recent one,
    discovered 21 months ago outside Bogotá, was a 78-foot craft that cost
    an estimated $10 million. Intelligence sources say it belonged to
    Henao's North Valley Cartel. A Colombian official says Henao wanted a
    vessel that could carry several more tons than the Buenaventura
    mini-subs and travel as far as 2,000 miles -- say, to the coast of
    Mexico or Southern California.
    Arrayed against this formidable technological arsenal is, well, not
    much. The commander of the narcotics agents in the Buenaventura area
    is a world-weary man who rarely ventures outside his military compound
    not far from town. He never goes into Buenaventura itself. Traffickers
    have put a price of 35 million pesos (about $17,000) on his head.  
    "Life is cheap here," he mutters. He displays boxes and boxes of
    seized high-tech gear. Even personnel at the bottom of the cartel food
    chain have Israeli night-vision goggles, ICOM radio frequency
    scanners, and Magellan GPS handhelds.
    The commander says an informant told him about mini-subs off
    Buenaventura months ago. But neither he nor his men have ever seen
    one. His outfit doesn't have the equipment to detect underwater craft.
    Nor does the commander know many details about the Santacruz computer
    bust that first alerted officials to how technologically advanced his
    adversaries had become. He is unaware, for instance, of one of the
    biggest reasons U.S. officials want details of the system and the
    murders of U.S. intelligence sources it triggered kept top secret.  
    Jorge Salcedo Cabrera, the main IT whiz who set up the Santacruz
    computer, eventually became an informant against cartel bosses. The
    DEA declined to comment on Salcedo. But according to several
    intelligence officials, he is now living in America at taxpayer
    expense, under the witness protection program.
    "Communications without intelligence is noise;  Intelligence 
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Jul 02 2002 - 05:03:39 PDT