I have used Joaquin “Chapo” Guzman as a case study for cell phone interception in my classes for several years. Only now do I have the full story of how the world’s most notorious drug trafficker was brought down due to his reliance on electronic communications. If you have an interest in how government agencies exploit cell phone activity you should read Hunting El Chapo by Andrew Hogan. The technical specifics are dated but the concepts, like link and network analysis, are not.
Review: Hunting El Chapo
This book began, like most others of the genre, with an account of the author’s life prior to joining the Drug Enforcement Administration. This portion of Hunting El Chapo was the least interesting of the book. Some of the author’s antics (driving his Harley into a bar because he had not been accepted by the Kansas Highway Patrol) were flat-out annoying and I questioned why he chose to include them. Being stuck on an airplane with little else in the way of entertainment, I continued reading and I’m glad I did. Once I got past this first literary hurdle, Hogan began to describe his time as a DEA agent in Phoenix, and his transition to a full-time agent working Mexico City. Once the story got to Mexico, it really got good.
The author took a permanent position in Mexico, and moved his family to Mexico City for the duration. He describes his initial introduction to Mexico, the violence, and the corruption of police and government officials. Hogan surprised me with the revelation that there was no massive task force working to locate or capture Guzman; through a stroke of luck he got connected with an agent from DHS’s Homeland Security Investigations (HSI) who was doggedly pursuing the case.
Before the elite task force of Mexican Marines was launched on the capture mission for Guzman, Hogan and his counterpart at HSI spent hundreds of hour combing through Blackberry intercepts and conducting analysis. Good analysis teased out who individuals were, identified locations, and helped reveal the inner workings of the Sinaloa drug cartel. This was the bulk of the book. I was pleased to find that such a tangled web was explained so well. Hunting El Chapo culminates with Guzman’s capture, and an epilogue covers the aftermath to present day. This part of the story is a exciting, even though I didn’t buy it for the guns-blazing adventure. I was much more interested in the investigative aspects leading to the arrest.
Tradecraft vs. Technology
Chapo Guzman was no idiot. A number of other tradecraft measures were used by Chapo’s drug trafficking organization, which I found fascinating. First, the organization used a sophisticated system of cutouts (called “mirrors” in the book) to relay communications to the top. No text messages went directly to Chapo – they went to a worker bee. This worker bee would then key them into another device (for sometimes 16 hours a day according to the author) and relay them to a second-tier relay, who would relay them to the boss, in person. Fortunately for law and order, some good analysis revealed what was actually going on.
The entire system would switch to new Blackberries (Chapo’s preferred device) on a set schedule. To the American investigators the entire network would suddenly go opaque, requiring them to piece the whole thing back together, again through good analysis. Additionally, each relay in the chain would use an alias, and refer to key players by aliases. These, too, were eventually “decrypted” by the agents working the case. A number of other, smaller tradecraft measures were employed in Hunting El Chapo, but I’m not going to give them all away here.
While the tradecraft used by the drug-trafficking organization was good, it could have been better. One problem with the entire setup is the cutouts rarely (if ever) moved physical locations. Additionally, nicknames and callsigns were rarely rolled; the same nicknames for key players and locations were used over and over again…and were poorly chosen to begin with. For example, Chapo was always referred to in honorifics; deferential terms meant to show respect. I’ve never been a detective, but that seems like a clue. It did to the agents working case, too, and it turned out to be correct.
Once the mission to capture Guzman had launched, he initially escaped the noose. It is very likely that he would have remained on the lam a bit longer, but for his reliance on Blackberry communications. This is one aspect of the man’s tradecraft I found disappointing. While his initial setup was good he had very little imagination for alternate communication networks. He was always re-structuring the same old Blackberry-driven model with the same key players and no backups. This smacks of both a failure of imagination and a failure to fully realize the implications of relying on cellular technology. Fortunately for us this directly contributed to his capture.
There was also some extremely questionable tradecraft utilized by the “good guys” in this story. Hogan, rightfully distrustful of the Mexican cellular network’s integrity, communicated with his HSI counterpart (who was stationed in El Paso, TX) using WhatsApp. This story culminated in with Guzman’s second capture in February of 2014, long before WhatsApp had integrated the strong encryption of the Signal Protocol. Key takeaway: “different” doesn’t necessarily equate to ” more secure” and WhatsApp was a poor choice when better options were available.
Hogan also reported using iOS’s Find My Friends feature. Shockingly, he reported using this on the ground in Culiacán during the raid to capture El Chapo as a way to find the handful of other Americans on the ground. Find My Friends is theoretically secure but it relies on a number of things happening correctly. First, if one friend of the agent in question has a weak iCloud password this could be an “in” for the cartel. Once inside the account the bad guys could maintain a constant, near-real-time location of every American agent working against them. One hopes that such investigative teams and high-risk personnel are doing much better now. If you are on a team that is not, feel free to contact me for training.
So far, this review has mostly focused on the criminal organization in the story. Unfortunately (or maybe fortunately) the only case studies we have of individuals and organizations operating under sophisticated, persistent opposition are criminals. But think about how these lessons apply to your special operations team, task force, investigative unit…or you personally. There are definitely some lessons from Hunting El Chapo that we can apply.
I will let the reader decide on his or her own tradecraft. As for the technology? I’m happy to weigh in on some of the technology aspects. First, if Guzman had been a bit more tech-literate, he could probably have kept his good thing going a while longer. An encrypted messenger would have gone a long way toward sparing him the indignity of capture. It wouldn’t have been everything because some metadata would probably still have been generated, but it would have rendered the content opaque to investigators.
Stepping it up even further, the use of a VPN would have provided almost unimaginable benefit. The massive success of the DEA/HSI collection effort hinged being able to read the intercepted traffic. Using a VPN would have encrypted all traffic, so that not even the messenger’s metadata would have been visible to the agents. This is not an impenetrable system but it would have taken much longer to discover and it would have required a massively more complex operation to unmask.
Finally the heavy reliance on cellular-enabled devices was probably Guzman’s single biggest problem. These devices allowed not only the communications to be read, but the locations of the devices to be pinpointed at any time. Cellular devices are always a compromise between convenience and security. The Sinaloa organization chose convenience, and it ended up hurting them in a big way.
Hunting El Chapo: Wrap-Up
Though it took me a little while to get into it, Hunting El Chapo was a great read. Hogan accepted a dangerous posting to Mexico City that few wanted. He had vision and pursued it. And overall, he tells the tale well, and gives credit to the other investigators, Mexican counterparts, and even DEA leadership. After the initial chest-beating, this book was pretty refreshing change from the standard complaining about risk-averse leaders. If you’re looking for a fast-paced read with some hard OPSEC lessons, check it out.