Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says
A Mexican drug cartel hired a hacker to surveil the movements of a senior FBI official in Mexico City in 2018 or earlier, gathering information from the city's camera system that allowed the cartel to kill potential FBI informants, the Justice Department inspector general said in a new report.
The hacker also was able to 'see calls made and received' by the FBI official and their geolocation data in a major breach of operational security that occurred as the FBI was working on the case of former Sinaloa cartel boss Joaquin 'El Chapo' Guzmán Loera, the inspector general said.
The hacker tracked people coming in and out of the US Embassy in Mexico City before zeroing in on the FBI's assistant legal attache, a role that works closely with Mexican law enforcement, the report said, citing an FBI case agent at the time. The report did not identify the hacker.
'According to the case agent, the cartel used (information provided by the hacker) to intimidate and, in some instances, kill potential sources or cooperating witnesses,' says the inspector general report, which was a broader review of the FBI's approach to protecting sensitive information and avoiding surveillance.
The stunning new details offer a rare look at how technology can be exploited in the high-stakes battle between US law enforcement and the violent Mexican cartels that control illicit drug trade. The Trump administration has made cracking down on cartels a national security priority, in part by declaring them as foreign terrorist groups.
The FBI, DEA and US military have in recent years used advanced surveillance techniques to try to infiltrate Sinaloa and the Jalisco New Generation Cartel, the other big Mexican cartel that US officials say smuggles large volumes of deadly fentanyl into the US. CNN reported in April that the CIA was reviewing its authorities to use lethal force against the cartels.
With El Chapo now behind bars, the cartels themselves are increasingly run by a younger generation of tech-savvy drug lords. 'We've identified people in the cartels that specialize in cryptocurrency movements,' a senior DEA official previously told CNN.
'The cartels run a multi-billion-dollar global enterprise and utilize sophisticated technology to enhance their business operations,' Derek Maltz, who until May served as the acting DEA administrator, told CNN. 'They utilize state-of-art sophisticated surveillance techniques to identify law enforcement activities and their adversaries.'
The new inspector general report raises broader concerns about the threat of high-tech surveillance to US national security.
'Some within the FBI and partner agencies, such as the Central Intelligence Agency (CIA), have described this threat as 'existential,' the report said.
There have been 'longstanding' risks posed by 'ubiquitous technical surveillance' — jargon for the widespread availability of data to adversaries — to the FBI's criminal and national security cases, the report said. But recent advances in commercial technology 'have made it easier than ever for less-sophisticated nations and criminal enterprises to identify and exploit vulnerabilities' related to such surveillance, according to the report.
The FBI is working on a 'strategic plan' to address some of the inspector general's concerns about the bureau's approach to the threat, the report said.
The bureau referred questions about the inspector general's report to the Justice Department. CNN has requested comment from the department.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
San Francisco Chronicle
2 hours ago
- San Francisco Chronicle
Trump administration sues Los Angeles in latest attack on sanctuary cities
President Donald Trump escalated his war against sanctuary policies on Monday in a lawsuit blaming alleged 'rioting, looting and vandalism' in Los Angeles on the city's refusal to allow its police to enforce immigration law or cooperate with federal agents. The suit comes two months after a judge barred Trump's administration from denying federal funds to sanctuary cities, and five years after the Supreme Court rejected Trump's challenge to California's sanctuary law. 'The United States is currently facing a crisis of illegal immigration,' Trump's Justice Department said in its lawsuit, filed in U.S. District Court. 'But its efforts to address the crisis are hindered by Sanctuary Cities such as the City of Los Angeles, which refuse to cooperate or share information' with immigration agents. 'Sanctuary policies were the driving force of the violence, chaos, and attacks on law enforcement that Americans recently witnessed in Los Angeles,' Attorney General Pamela Bondi said in a statement. But a state official said that as of mid-June, two weeks after Trump's deployment of 4,000 National Guard troops to Los Angeles, less than 20% of them were actually in the city. Some of those troops were sent to a rural area of Riverside County, 130 miles away, to raid a suspected marijuana farm. Meanwhile, studies contradict the administration's claims that undocumented immigrants are more dangerous than American citizens. A report last September by the National Institute of Justice, part of the U.S. Justice Department, said data from Texas showed that undocumented immigrants were arrested less than half as often as native-born Americans for crimes of drugs or violence. Similar findings were reached in October in a nationwide study by the American Immigration Council, a nonprofit that supports immigration. And in 2018, during Trump's first term, the National Institutes of Health, part of his administration, said data from all states between 1990 and 2014 'reveal that undocumented immigration does not increase violence.' In an unusual action, six Republican state legislators released a letter they addressed to Trump on Friday urging him to focus immigration enforcement on violent criminals rather than on all undocumented immigrants. 'Immigrants are essential to the fabric of America,' wrote the lawmakers, led by state Sen. Suzette Valladares, R-Santa Clarita (Los Angeles County), and federal agents should try 'to avoid the kinds of sweeping raids that instill fear and disrupt the workplace.' The Trump appointee whose office filed the suit, U.S. Attorney Bill Essayli, is a Riverside Republican known for attention-seeking behavior while serving in the state Assembly from 2022 to 2024. As a legislator, he denounced gun-control advocates as 'fake leftist groups' and unsuccessfully sought to require schools to notify parents whose children identified as transgender. After a bill banning parental notification won approval in the Assembly last year, Essayli accused its supporters of 'fearmongering,' had his microphone cut off by a Democratic floor leader, then banged his fist on the desk, called the leader a 'f---ing liar' and said he 'wasn't prepared to address the Chinese Communist Party house today.' Kevin Johnson, an immigration law professor and former law school dean at UC Davis, called the Trump administration's latest lawsuit 'a publicity measure.' 'There is no evidence that undocumented immigrants commit crimes at rates higher than U.S. citizens,' Johnson told the Chronicle. 'In fact, the data shows the opposite.' 'It was Trump's immigration enforcement in the Los Angeles area that prompted the massive protests, not the fact that Los Angeles was a sanctuary city,' said Stephen Yale-Loehr, an immigration law professor at Cornell University and author of multiple books on the subject. Trump took control of California's National Guard on June 7, saying its forces were needed to protect federal immigration agents and property from violence in protests against workplace raids. While a federal appeals court has allowed the deployment to continue, California officials are still urging the courts to conclude that the action is both illegal and dangerous. California's 2018 sanctuary law, the first in the nation, prohibits local and state officers from notifying immigration agents of the release dates of undocumented immigrants in their custody and holding them so that they can be picked up for deportation. The law does not apply to immigrants convicted of violent crimes. In a lawsuit by Trump's first administration, the law was upheld in 2018 by U.S. District Judge John Mendez of Sacramento, an appointee of President George W. Bush. 'California's decision not to assist federal immigration enforcement in its endeavors is not an 'obstacle' to that enforcement effort,' Mendez wrote. The 9th U.S. Circuit Court of Appeals upheld his ruling, and the Supreme Court denied review of Trump's appeal in June 2020, with only Justices Samuel Alito and Clarence Thomas voting to take up the case. U.S. District Judge William Orrick III of San Francisco cited that case in his ruling April 24 prohibiting the current Trump administration from withholding billions of dollars in federal funding from San Francisco and other local governments with sanctuary policies. As part of that case, multiple Bay Area law enforcement officials submitted declarations with the court detailing how sanctuary policies make things safer for all residents – the opposite of the Trump administration's contention. Sanctuary policies 'create an environment where individuals can be candid and forthcoming with law enforcement, and feel comfortable reporting crimes, serving as witnesses, and assisting with investigations,' San Francisco Sheriff Paul Miyamoto wrote in a declaration. He also said that responding to federal notification requests takes deputies' time away from ensuring the safety of those they're charged with protecting. But while there has been little change in the Supreme Court's membership in the last five years – only Trump's appointment of Justice Amy Coney Barrett to succeed the late Justice Ruth Bader Ginsburg – Yale-Loehr said the judicial climate seems to have changed. 'The Supreme Court has taken up many emergency appeals by the Trump administration this year,' the Cornell law professor said. 'Also, the court is more conservative now than in 2020. So we could see a ruling on sanctuary jurisdictions sometime this year.'
Fox News
2 hours ago
- Fox News
North Korean IT workers infiltrated Fortune 500 companies in massive fraud scheme
Federal authorities have unraveled several schemes by the Democratic People's Republic of North Korea (DPRK) that were used to fund its regime through remote information technology (IT) work for U.S. companies, resulting in two indictments, tech and financial seizures and an arrest. The Department of Justice (DOJ) said Monday that North Korean actors were helped by individuals in the U.S., China, the United Arab Emirates and Taiwan to obtain employment with over 100 U.S. companies, including Fortune 500 companies. In one scheme, U.S.-based individuals created front companies and fraudulent websites to promote the legitimacy of remote workers, while hosting laptop farms where remote North Korean IT workers could remotely access company-provided laptop computers. In another scheme, IT workers in North Korea used false identities to gain employment with a blockchain research and development company in Atlanta, Georgia, and steal virtual currency worth over $900,000. Assistant Attorney General John A. Eisenberg of the DOJ's National Security Division said the schemes target and steal from U.S. companies and are designed to evade sanctions while funding illicit programs, including weapons programs, in North Korea. "North Korea remains intent on funding its weapons programs by defrauding U.S. companies and exploiting American victims of identity theft, but the FBI is equally intent on disrupting this massive campaign and bringing its perpetrators to justice," Assistant Director Roman Rozhavsky of the FBI Counterintelligence Division said. "North Korean IT workers posing as U.S. citizens fraudulently obtained employment with American businesses so they could funnel hundreds of millions of dollars to North Korea's authoritarian regime." As part of its announcement about the North Korean scheme, the DOJ unsealed a five-count indictment against Zhenxing Wang, a U.S. national living in New Jersey, who has since been arrested. Wang and his co-conspirators, the DOJ said, obtained remote IT work with U.S. companies and generated over $5 million in revenue. Also charged in the indictment are Chinese nationals Jing Bin Huang, Baoyu Zhou, Tong Yuze, Yongzhe Xu, Ziyou Yuan and Zhenbang Zhou. Taiwanese nationals Mengting Liu and Enchia Liu were also charged in the indictment. Also indicted was U.S. national Kejia "Tony" Wang, also of New Jersey, who was charged separately. "The threat posed by DPRK operatives is both real and immediate. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies," U.S. Attorney Leah B. Foley for the District of Massachusetts said. "We will continue to work relentlessly to protect U.S. businesses and ensure they are not inadvertently fueling the DPRK's unlawful and dangerous ambitions." The indictment alleges that from 2021 and through most of 2024, the defendants and other co-conspirators compromised the identities of over 80 people in the U.S. to obtain remote jobs at more than 100 companies. As a result, the victim companies incurred legal fees, computer network remediation costs and other damages and losses to the tune of at least $3 million. Kejia and Zhenxing, along with at least four other U.S. facilitators, allegedly helped overseas IT workers with various parts of the scheme. For example, the allegations claim the U.S. facilitators received laptops from U.S. companies at their homes and enabled overseas IT workers to access the laptops remotely. This was done by connecting the laptops to hardware devices designed to allow for remote access — things like keyboard-video-mouse, or KVM, switches. Kejia and Zhenxing allegedly established shell companies with websites and financial accounts to make it appear as though the overseas IT workers were affiliated with legitimate businesses in the U.S. Once established, the two allegedly received money from U.S. companies, and the funds were transferred to co-conspirators overseas. In exchange for their services, Kejia, Zhenxing and the other four conspirators in the U.S. received at least $696,000 from the IT workers. The DOJ said one of the companies the schemers allegedly accessed data from was a defense contractor that develops artificial intelligence-powered equipment and technology. By accessing the company's data, the schemers were privy to International Traffic in Arms Regulations (ITAR), the DOJ said. The DOJ also announced that the FBI and Defense Criminal Investigative Service (DCIS) seized 17 web domains used as part of the scheme, along with 29 financial accounts holding tens of thousands of dollars, used to launder revenue for the North Korean regime. The DOJ unveiled another part of the scheme, which resulted in a five-count wire fraud and money laundering indictment against four North Korean nationals: Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju and Change Nam II. The suspects are accused of scheming to steam virtual currency from two companies, with a value of over $900,000 at the time of the thefts, and to launder the proceeds. All four nationals, the DOJ said, are at large and wanted by the FBI. "The defendants used fake and stolen personal identities to conceal their North Korean nationality, pose as remote IT workers, and exploit their victims' trust to steal hundreds of thousands of dollars," U.S. Attorney Theodore S. Hertzberg for the Northern District of Georgia said. "This indictment highlights the unique threat North Korea poses to companies that hire remote IT workers and underscores our resolve to prosecute any actor, in the United States or abroad, who steals from Georgia businesses." The indictment alleges the four defendants traveled to the United Arab Emirates on North Korean travel documents and worked as a co-located team. Jin and Ju were also allegedly hired by a blockchain research and development company in Atlanta, and a virtual token company based in Serbia. While hired, Jin and Ju hid their North Korean identities from their employers and provided false identification documents, the DOJ alleged. Both defendants ultimately earned the trust of their employers and allegedly stole hundreds of thousands of dollars from them in multiple instances. The funds were then laundered and transferred to accounts held by Bok and Nam, which were allegedly opened fraudulently using Malaysian identification documents. During the investigation, the FBI executed searches of 21 premises across 14 states that were hosting known and suspected laptop farms. During the execution, the FBI seized 137 laptops.
UPI
2 hours ago
- UPI
Feds uncover remote tech workers scheme to benefit North Korea
June 30 (UPI) -- The U.S. Department of Justice on Monday announced a crackdown on North Korea using people to pose as tech workers to earn money and steal sensitive information for the regime. In two unsealed charging indictments in Massachusetts and Atlanta, schemes were outlined to trick U.S. companies into hiring people who funneled their paychecks to the government and stole sensitive information and cryptocurrency. The FBI and Justice Department have investigated in 16 states since 2021 with most searches conducted earlier this month. The targeted companies were not announced. U.S. companies were warned to carefully screen their remote employees to avoid falling victim to similar ruses. "The FBI will do everything in our power to defend the homeland and protect Americans from being victimized by the North Korean government," Roman Rozhavsky, assistant director of the FBI's Counterintelligence Division, said in a statement. The phony North Korean workers were assisted by individuals in the United States, China, the United Arab Emirates and Taiwan, DOJ said. They successfully obtained employment with more than 100 U.S. companies, including Fortune 500 ones. "These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime's illicit programs, including its weapons programs," Assistant Attorney General John A. Eisenberg of the Department's National Security Division said. "The Justice Department, along with our law enforcement, private sector, and international partners, will persistently pursue and dismantle these cyber-enabled revenue generation networks." DOJ announced searches of 29 known or suspected "laptop farms" across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites from October 2024 to June. From June 10-17, the FBI executed searches of 21 premises across 14 states. In total, the FBI seized approximately 137 laptops. "North Korean IT workers defraud American companies and steal the identities of private citizens, all in support of the North Korean regime," Brett Leatherman, assistant director of the FBI's Cyber Division, said. "That is why the FBI and our partners continue to work together to disrupt infrastructure, seize revenue, indict overseas IT workers and arrest their enablers in the United States. Let the actions announced today serve as a warning: if you host laptop farms for the benefit of North Korean actors, law enforcement will be waiting for you." Obtained were salary payments, and in some cases, sensitive employer information such as export-controlled U.S. military technology and virtual currency. In one scheme, they allegedly created front companies and fraudulent websites. They received access to company-provided laptop computers. Obtained were salary payments. U.S. national Zhenxing "Danny" Wang of New Jersey was arrested in a 50-page, five-count indictment in Massachussets. The document details a multi-year fraud scheme by Wang and his co-conspirators to obtain remote IT work with U.S. companies that generated more than $5 million in revenue. Several Chinese and Taiwanese nationals were charged but haven't been arrested. From approximately 2021 until October 2024, the defendants and other co-conspirators compromised the identities of more than 80 U.S. people to obtain remote jobs at more than 100 U.S. companies. They cost the companies at least $3 million for legal fees, computer network remediation costs, and other damages and losses. In another scheme, people used false or fraudulently obtained identities to gain employment with an Atlanta-based blockchain research and development company where they stole virtual currency worth approximately $900,000. The five-count wire fraud and money laundering indictment charged four North Korean nationals. The defendants remain at large and are wanted by the FBI. These remote works were assisted by individuals in the United States, China, United Arab Emirates and Taiwan. The U.S. Department of State has offered potential rewards for up to $5 million to disrupt the North Korean illicit financial activities, including for cybercrimes, money laundering and sanctions evasion.
