This is the mobile phone of a drug trafficker like El Chapo | Technology
Two FBI agents cornered the young Colombian computer scientist Christian Rodríguez in Bogotá in 2011. They knew that he worked for El Chapo Guzmán, they told them. Either you collaborate, they added, or you will have "a serious problem".
Rodriguez made the decision that same day: he agreed to collaborate.
During the next two years, Rodriguez helped the FBI get dozens of calls and messages that El Chapo thought no one was listening to. This week, during the trial in New York The famous drug trafficker, Rodriguez, 32, has explained how he mounted what he was going to destroy: an encrypted network of 100 Nokia and Blackberry phones so that Guzman's family and the Sinaloa cartel could communicate in secret.
The content of the messages will serve to demonstrate the operation of the cartel. But the new details discover something more about how the criminals of this world communicate.
The person most wanted by the most powerful government in the world does not have the same need as a cannabis producer
There are two previous data: encrypted phones are not illegal. It depends on use. And second, there are many levels of security: the person most wanted by the most powerful government in the world does not have the same need, as El Chapo happened to be after the assassination of Osama bin Laden in 2011, that a cannabis producer or simply someone A little paranoid with espionage.
El Chapo therefore required its own unique system. "If we put the security and usability axes on a graph, the safest is custom hardware and software," says David Marugán, security and secure communications consultant.
This is a very secure network
The basic conditions of a network with this level of encryption are three. First, calls should not go through the mobile network, but over the internet. The best way to encrypt is with the VoIP protocol (voice over internet protocol), which is the one used by Skype or WhatsApp calls.
Second, tuned phones. The safest devices are those that do not have a microphone, camera or GPS sensor, which can be activated with a malware that is entered remotely or by cable.
The safest devices are those that do not carry a microphone, camera or GPS sensor
There are phones of this type manufactured specifically. But the numerous companies that live in the limit of legality choose to tune an Android, iPhone or Blackberry "Blackberry is very customizable, it sits halfway between hypermodern and old devices, its architecture is modern, but it allows you to modify and program a lot of things," says Juan Tapiador, a professor at the Carlos III University in Madrid.
Third, and more sensitive, the mobile operating system, the servers and the encryption must be their own. Or as possible as possible. The Android operating system or commercial apps are in permanent contact with servers because the objective is to know the activity of the user: "Mobile phones have a series of functions that make it very easy to track or compromise them." Operating systems are continually in contact by network with Google or Facebook, "says Alfredo Reino, specialist in cybersecurity. Nothing of all that can be left in an encrypted mobile.
So the software can not be found in the market. If it is, even if it's a dark company, the FBI could pose as a Russian mobster, acquire an equal system and try to break it. And if not, force that company to give it to you. In the case of El Chapo, the company was basically a type: the computer scientist Rodríguez.
And the FBI hunted him down.
When a company sells such a device, it also offers subscription to its programs and servers. And they are not cheap. "They sell you a subscription, you pay not only for the phone, but for the entire service, they keep the messages, they give you the chat service and they have their small army of technicians, the most powerful companies even guarantee that nothing is stored in any site, "says Tapiador.
El Chapo had his specialist, although he fled. The intercepted messages that have come out in the trial are from 2011 and 2012. We do not know at the moment what happened since then, years in which El Chapo entered and left prison. Maybe the FBI also has those communications, achieved with other methods. The Israeli company formerly known as NSO, famous for having been implicated in numerous espionage cases, has presumed this week to help in the capture of El Chapo.
All these necessities made El Chapo control the distribution of mobile phones to their lackeys, lovers and suppliers. El Chapo took advantage of this advantage to place espionage systems in the rest of the devices. In the trial it has been revealed that El Chapo called someone with a vague excuse, hung up and immediately remotely connected the microphone of his interlocutor. So he knew what they said about him just hanging up.
One of the biggest problems with encrypted networks is their discomfort
The depth of the FBI's knowledge of the work of El Chapo reveals a double truth about the world of mafia communication: one, if they go for you they will catch you. But two, these systems allow another delinquent profile to live under the radar of the security forces.
One of the biggest problems with encrypted networks is their discomfort. These phones are used to call and chat with their own systems, but neither social networks, nor Google, nor regular messaging. "This is designed so that two people communicate having two equal phones, they need two or more, they are like the walkie talkies of the 21st century," says Tapiador. It is not a versatile technology.
This is how mistakes or oversights come. One, because you have two phones and they track you on the normal phone. Or two, because you use a secure phone to talk to people who have a normal cell phone. "If you set up your own server, weave an encrypted network with your contacts, all phones must have the same configuration, anything that comes out is not safe," says Marugán. If someone uses a secure network, they should not call a terminal outside that network. The software does not encrypt the recipient. It is a huge vulnerability.
These days there are in Spain a case of eavesdropping which shows that something like this can happen. It is what is called errors in operational safety. In the end, whoever uses the most sophisticated technology is also human.