Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Feds Cracked El Chapo's Encrypted Comms Network By Flipping His System Admin (gizmodo.com)

Posted by BeauHD on from the flip-of-a-switch dept.

With signs that the New York trial of notorious Mexican drug lord and alleged mass murderer Joaquin "El Chapo" Guzman is entering its end phase, prosecutors on Tuesday played copies of what they said were audio recordings of Guzman the FBI obtained "after they infiltrated his encrypted messaging system" with the help of Colombian and former cartel systems engineer Cristian Rodriguez, Reuters reported. Gizmodo reports: As has been previously reported by Vice, Colombian drug lord Jorge Cifuentes testified that Rodriguez had forgot to renew a license key critical to the communications network of Guzman's Sinaloa Cartel in September 2010, forcing cartel leaders to temporarily rely on conventional cell phones. Cifuentes told the court he considered Rodriguez "an irresponsible person" who had compromised their security, with a terse phone call played by prosecutors showing Cifuentes warned the subordinate he was in "charge of the system always working."

But on Tuesday it was revealed that the FBI had lured Rodriguez into a meeting with an agent posing as a potential customer much earlier, in February 2010, according to a report in the New York Times. Later, they flipped Rodriguez, having him transfer servers from Canada to the Netherlands in a move masked as an upgrade. During that process, Rodriguez slipped investigators the network's encryption keys. The communications system ran over Voice over Internet Protocol (VoIP), with only cartel members able to access it. Getting through its encryption gave authorities access to roughly 1,500 of Guzman's and other cartel members' calls from April 2011 to January 2012, the Times wrote, with FBI agents able to identify ones placed by the drug lord by "comparing the high-pitched, nasal voice on the calls with other recordings of the kingpin, including a video interview he gave to Rolling Stone in October 2015."

111 comments

  1. Biggest security vuln by phantomfive · · Score: 4, Interesting

    In every organization, there's always someone who has too much access. And there's not really a good way to avoid it.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Biggest security vuln by Kernel+Kurtz · · Score: 1

      In every organization, there's always someone who has too much access. And there's not really a good way to avoid it.

      Indeed. If the possibility of a horrible violent death for you and your family does not keep you loyal nothing will.

    2. Re:Biggest security vuln by ShanghaiBill · · Score: 3, Insightful

      Indeed. If the possibility of a horrible violent death for you and your family does not keep you loyal nothing will.

      Especially now knowing that the FBI will rat out their informers.

    3. Re:Biggest security vuln by phantomfive · · Score: 2, Insightful

      "Don't talk to the cops" is doubly true for the FBI, whether as an informer, a suspect, or even as a decent human being. Those guys are rather messed up.

      --
      "First they came for the slanderers and i said nothing."
    4. Re:Biggest security vuln by Hylandr · · Score: 1

      In today's dodgy legal system being honest can be a liability. when dealing with the authorities, do so anonymously.

      --
      ~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
    5. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      They likely had to rat out the informer. They had to enter the calls into record and needed someone to attest to the authenticity of the call data.

    6. Re:Biggest security vuln by Anonymous Coward · · Score: 1

      If you're being seriously looked at by FBI for a criminal offense, you've fucked up by proximity already whether guilty or innocent. That said, they aren't going to go out of their way to rope innocent people for petty shit.

      There are edge cases where Federal law is draconian and requires them to investigate trivial shit, Aaron Swartz etc, but that's obviously a different issue than LEO abuse of power, that's a legislative/judicial artifact rather than an FBI discretion.

      Being honest is never a liability unless you've done something wrong. The problem people find is that they HAVE done something wrong, and the FBI stumbles across that while looking for other things. That happens, sure.

      That's also not an abuse of power on their part, that's their fucking job. Don't like it? Move to Russia, try the bribe system instead.

    7. Re:Biggest security vuln by AHuxley · · Score: 1

      The FBI should have kept its method secret. They could have used the same method all over the world.
      Now every criminal group of any size knows what the FBI and any police that work with the FBI will be looking for.
      Decades of useful method lost to a few days of police publicity.

      --
      Domestic spying is now "Benign Information Gathering"
    8. Re:Biggest security vuln by ShanghaiBill · · Score: 1

      Decades of useful method lost to a few days of police publicity.

      The same thing happened when the CIA publicly bragged about nailing OBL by tracking Al Qaeda's cell phones. They all went dark within minutes.

    9. Re:Biggest security vuln by Anonymous Coward · · Score: 1

      "The FBI is far more professional and less likely to go after anyone not guilty of a crime than local police."

      that's utter bullshit. I dealt with the FBI several months ago for a post made on facebook saying "If I remember correctly, there has been case law where a person was held not guilty for using lethal force to defend their mining claim."

      And Newmont Mining Corp, the treacherous fucks that they are, instantly had the Feds at my front fucking door to harass and intimidate me.

      So I'd suggest you shut your mouth and start waking up to fucking reality, you tool.

      Meanwhile, Newmont Mining corp is about to face one of the biggest leaks they've ever conceived. Get ready because you're about to see how a corrupt mining corporation violates mining claims, and I'm putting that bitch CEO Gary Goldberg in prison and in bankruptcy where he belongs.

    10. Re: Biggest security vuln by Anonymous Coward · · Score: 0

      I don't recall CIA bragging about anything. I do recall Obama bragging about it, as well as a few JSOC operators...

    11. Re:Biggest security vuln by AHuxley · · Score: 1

      The use of satellite phones was well understood well before it all went dark.
      The West knew of the satellite phones. The US media had seen the satellite phones. The satellite phone use had been reported on.
      The fear about a satellite phone been part of tracking was not new.
      The real new fear was the use of the US mil to follow the network down with a real time missile strike.
      Chechnya was the real new mil fear re news a satellite phone was getting tracked and a direct missile strike resulted.
      So the network went down.
      The change to using a satellite phone to Pakistan, then Pakistan to the world did not slow down the NSA/CIA.
      The rest is about a human who changed out an altered US provided satellite phone battery pack that showed locations.
      That the US had a spy and that spy was trusted to swap a battery pack with one that allowed US tracking.
      I would say the "spy" story is just cover for the tracking skills/methods of the NSA.
      Every US satellite phone sold was tracked by default :)
      A human spy story would keep other groups trusting their US satellite phone.
      Everyone has seen and knew about the satellite phone. The change was the US option for a direct missile strike. That caused the change in communications.
      Someone talked about a US direct missile strike. The split loyalty would not have been in the US media as the satellite phone use was well published before going dark.
      The split loyalty problem was deep in the US mil that a missile strike was planned.

      --
      Domestic spying is now "Benign Information Gathering"
    12. Re: Biggest security vuln by Anonymous Coward · · Score: 0

      Bullshit. I have dealt with the fbi. They are snivelling cowards and do not enforce the law unless it suits them. Professionals dont allow personal prejudices bias them nor do professionals give up because something is hard. They do their job. A large chunk of the fbi just does what is easy.

    13. Re: Biggest security vuln by Anonymous Coward · · Score: 0

      Post the citation - or you're just another blathering Republican faggot hiding from the truth of Vietnam, like Trump the traitor. Show me Obama "bragging" more than the Drumpftard on any topic, I'll pull the rug out instantly lol.

    14. Re:Biggest security vuln by Rockoon · · Score: 2

      The FBI is far more professional and less likely to...

      I was expecting you to say "DOX THEIR INFORMANTS" because, you know, thats what you were trying to refute.

      Meanwhile, TFA is about the FBI DOXing one of their informants.

      --
      "His name was James Damore."
    15. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      They didn't track down OBL using cell phone communications. They identified a courier who was delivering communications on foot. They confirmed his location using a fake vaccination program in the neighborhood and satellite photos. The person who got hung out to dry and arrested by Pakistan was the doctor who conducted the vaccination program.

      Even the most moronic terrorist organizations do not use cell phones. Although Apple would conduct a vigorous defense if some law enforcement agency asked for help in cracking a terrorist cell phone. Every cell and landline switching network in the ME and beyond are being monitored 24/7 by multiple international intelligence agencies.

    16. Re: Biggest security vuln by Anonymous Coward · · Score: 0

      Please address replies to:

      Comrade Major Lifeng Wang
      Ministry of State Security
      14 East Chang'an Street
      Dongcheng Qu
      Beijing
      People's Republic of China

    17. Re:Biggest security vuln by phantomfive · · Score: 2

      Bro you need to watch this and educate yourself. Please don't comment again until you at least skim through that and see the 10 reasons not to talk to a cop.

      --
      "First they came for the slanderers and i said nothing."
    18. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      In every organization, there's always someone who has too much access. And there's not really a good way to avoid it.

      Which is why only a hacker can run a watertight organization. Want to be the next large-scale drug lord? Study CS first!

    19. Re:Biggest security vuln by swillden · · Score: 1

      In every organization, there's always someone who has too much access. And there's not really a good way to avoid it.

      I agree with the first sentence, not so much with the second.

      It is absolutely possible to divide responsibilities so that no single person has deep access. The larger the number of people who must collude in order to destroy your security, the stronger your actual security is.

      The problem is that security is rarely a high priority, and few organizations bother to do the analysis to decide whether they have any single points of failure. Apparently, even incredibly well-funded crime syndicates fail at this.

      The Sinaloa Cartel should not have had one IT guy, they should have had a half-dozen, each responsible for different areas of the technology stack. The guy who managed the VOIP servers should not have been the same guy who managed the keys... and the key management infrastructure should have been architected so that no human ever had access to the raw key material. Sometimes there's no way to avoid working on a machine that has the key material, but it's always possible to avoid displaying it, and you can use the "four eyes" rule to ensure that the guy doing the work doesn't try to grab copies of the keys. Oh, and the second pair of eyes should be both knowledgeable and rotated frequently, and randomly augmented with a third set.

      The Cartel should also have had at least two competent IT security people responsible for analyzing the systems and ensuring that no single points of security failure existed, and imposing process and demanding system changes where necessary. These two should have worked separately and cross-checked one another.

      Of course, although funding such a large IT and security team was no problem for the Cartel, I'm sure the criminal nature of the organization also imposed a desire to minimize the number of people involved. Probably a foolish desire. I think it would be more effective to include "flipping" in the threat model and structure the team and approach accordingly. I have to admit that I haven't spent much time thinking about what the "flipping" threat looks like or how to address it, since I wouldn't work for a crime syndicate. I do think about how to prevent attacks based on buying off or coercing key people of legitimate companies, which seems like almost the same thing, but maybe not.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    20. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      The FBI has always been a corrupt organization. Try to remember who led the FBI for almost 50 years; J Edgar Hoover, who we know was corrupt as hell.

      The FBI has always been a club that the government uses against people that threaten, not the United States, but the interest of those in power. Originally they were an equal opportunity aggressor, but lately they've been in the pocket of the political left, as can be seen by their efforts to disrupt the operation of the Republican party and their candidates in an attempt to "fix" the 2016 election.

      Now they are being used to attempt to reverse the Republican win.

      Remember you can lie to your wife, you can lie to your preacher, you can even lie to yourself, but if you lie to the FBI you're going to jail. This is a travesty. At no time a citizen is not under oath should anyone be required to tell the truth to a government agent. They are allowed to lie to you with impunity. They've forgotten who works for who.

      Never talk to the FBI without a lawyer present. Never give a definitive answer if you can avoid it. Always say "I think this happened" or "As I recall" or "I don't recall" or "My calendar says", but be aware if you do that they'll seize you calendar or at least demand access to it. Better to not remember at all.

    21. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      In the past the guy to flip in a criminal organization was the bookkeeper, and many a criminal went to prison because his bookkeeper flipped. It appears that now the guy(gal) to flip is the system admin.

      Of course the bookkeeper was usually a patsy. We already know the system admin is evil ;)

    22. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      The FBI has always been a corrupt organization. Try to remember who led the FBI for almost 50 years; J Edgar Hoover, who we know was corrupt as hell.

      The FBI has always been a club that the government uses against people that threaten, not the United States, but the interest of those in power. Originally they were an equal opportunity aggressor, but lately they've been in the pocket of the political left, as can be seen by their efforts to disrupt the operation of the Republican party and their candidates in an attempt to "fix" the 2016 election.

      Now they are being used to attempt to reverse the Republican win.

      Remember you can lie to your wife, you can lie to your preacher, you can even lie to yourself, but if you lie to the FBI you're going to jail. This is a travesty. At no time a citizen is not under oath should anyone be required to tell the truth to a government agent. They are allowed to lie to you with impunity. They've forgotten who works for who.

      Never talk to the FBI without a lawyer present. Never give a definitive answer if you can avoid it. Always say "I think this happened" or "As I recall" or "I don't recall" or "My calendar says", but be aware if you do that they'll seize you calendar or at least demand access to it. Better to not remember at all.

      Go tell it to Faux...errr...Fox News...

    23. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      The job of the System / Network Administrator is often an underappreciated one.

      Even if you've taken steps to limit the influence of a single admin, they still possess large amounts of implementation knowledge about your systems that can be exploited. What could be vulnerable, when your patch cycles are, what systems are except from immediate patches for various reasons, who has what permissions, who's most likely to be vulnerable to social engineering, who's most likely to forget their password and when, etc. All of this and more is a gold mine for a would be infiltrator, and it's knowledge you can't keep from them without rendering them unable to do their job.

      There is a reason why the CIO and their underlings should be trusted by the rest of the C-Level execs. It's not a matter of pay or privilege, it's a matter of self-preservation. Your rights as the organization owners when it comes to the systems running it are ultimately derived from the rights of those who set them up. You may gain back control if they take it from you, but usually by the time you realize that your trust was misplaced in one of them the damage has long been done. Those who fail to appreciate that relationship are taking a ridiculous and unnecessary risk. If I was one of the shareholders of such a company, I'd sue them for criminal negligence.

    24. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      So you think Newmont stock is a good purchase, but you're trying to push the price down before you buy, eh. You realize you're breaking the law, right?

    25. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      Go study up on how/why the FBI was formed and get back to me.

    26. Re:Biggest security vuln by Anonymous Coward · · Score: 0

      The Cartel should also have

      You do realize that they have the best in the form of loyalty through threat of death correct? Fun thing about criminals, especially organized crime, is that they tend to ignore things like laws against murdering an entire family. The guy that the FBI flipped will be looking over his shoulder for the rest of his life, and his family, and possibly his friends, are just fucked if the cartel ever decides to take out their anger on them. If that type of threat isn't enough to secure one's loyalty nothing is. Sure you can pay more money, just like you would with the enhanced security, but it's a blackhole of greed all the same.

      The whole reason he had the job was because the cartel didn't have the expertise to set up and manage secure infrastructure. They were relying on him to provide said expertise. Even if they did do exactly what you said, even if they spent all of that money required to do so, the whole damn thing would have been just as vulnerable because he, being the expert in a room of idiots, could easily backdoor or otherwise sabotage the system being set up and no-one would have been the wiser.

      ensuring that no single points of security failure existed

      Every system no matter how well built has at least one point of failure. It may not be exploitable in any practical way, but it does exist. To demand otherwise is beyond foolish, it's denying reality.

      Sometimes there's no way to avoid working on a machine that has the key material, but it's always possible to avoid displaying it, and you can use the "four eyes" rule to ensure that the guy doing the work doesn't try to grab copies of the keys. Oh, and the second pair of eyes should be both knowledgeable and rotated frequently, and randomly augmented with a third set.

      "Trust no one." That line of thinking only works when you are personally capable of performing the actions alone. Even then you'll have to trust someone eventually. No-one is perfect at or even capable of doing everything. Further, if you're so paranoid about security that you have entire teams cross-checking each other for malice, why do you trust their reports? Given that you know nothing about the theory or implementation of such systems and hence why those teams are here, if you don't trust the teams, why do you trust their reports on trust? That's an even bigger flaw than denying reality, it's a non sequitur.

    27. Re:Biggest security vuln by swillden · · Score: 1

      Every system no matter how well built has at least one point of failure. It may not be exploitable in any practical way, but it does exist.

      I'm talking about single points of failure. And I disagree with your statement. Do you have any evidence to support it?

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    28. Re:Biggest security vuln by Megol · · Score: 1

      In today's episode of "things that never happened"...

    29. Re:Biggest security vuln by RockDoctor · · Score: 1

      You kill the family. You leave the perpetrator alive to suffer. You might pulp his hands to prevent him being able to suicide. Keep him around "pour encourager les autres". (page 123)

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    30. Re:Biggest security vuln by Agripa · · Score: 1

      If you try to lie to them then YOU messed up, moron.

      This is exactly the problem except the FBI gets to decide what are lies. Silence does not give them anything to work with.

  2. FBI and encryption by dlleigh · · Score: 5, Insightful

    This shows that the FBI doesn't need to force key escrow or any other form of weakened encryption on the public.

    If they really want the crypto keys, they can get them.

    1. Re:FBI and encryption by AHuxley · · Score: 1

      All the people who say the math will always be secure, not no "big" US brand would use junk crypto. PRISM and this shows the methods the US gov/mil/police use.
      The US gov reads along in real time with all messages sent as they get all the keys.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:FBI and encryption by Anonymous Coward · · Score: 0

      If they really want the crypto keys, they can get them.

      Especially when the keys protect a distributed communication network to which many people had access. Added to that is the fact that the United States is world renowned for its signals intelligence capabilities. Any expectation these cartel guys had of keeping out American intelligence agencies was clearly in error.

    3. Re: FBI and encryption by c6gunner · · Score: 1

      Ignorance breeds paranoia.

    4. Re: FBI and encryption by Anonymous Coward · · Score: 0

      Funnily enough, this is pretty much proven and ignorants still call it paranoia.
      Technical fallacies to dismiss the truth like "they don't actually get the key" or "a person is not actually reading" are bullshit. It is all being read by the US gov and if they find it interesting they will get some person to read it.

    5. Re: FBI and encryption by Anonymous Coward · · Score: 0

      Funnily enough, it is a far, far stretch to call it proven.

  3. always, always pay lots of $$$ to your sysadmins! by kiviQr · · Score: 2

    ...they never learn!

  4. chingados consultants, man! by Jahoda · · Score: 4, Funny

    Colombian drug lord Jorge Cifuentes testified that Rodriguez had forgot to renew a license key critical to the communications network of Guzman's Sinaloa Cartel in September 2010

    I mean, Jesus H. Christo - it is goddamned *tough* to find competent IT support. If they can't do it with automatic weapons and methamphetamine torture parties, what hope do the rest of us have?

    1. Re:chingados consultants, man! by Anonymous Coward · · Score: 0

      Ironic that the sysadmin was more afraid of the feds than his boss.

      Black moon rising quote - "Don't fuck with the government"

    2. Re:chingados consultants, man! by Gravis+Zero · · Score: 3, Insightful

      I mean, Jesus H. Christo - it is goddamned *tough* to find competent IT support. If they can't do it with automatic weapons and methamphetamine torture parties, what hope do the rest of us have?

      Offer a good wage and free skills training and you can find lots of competent IT people. Be a cheap bastard and shun people because of their age and you get what you get.

      --
      Anons need not reply. Questions end with a question mark.
    3. Re: chingados consultants, man! by Provocateur · · Score: 1

      They never tried ALL the alternatives, e.g.outsourcing, and so on.

      Not that I was waiting for the phone to ring, or anything like that. Just saying, that's all.

      --
      WARNING: Smartphones have side effects--most of them undocumented.
    4. Re:chingados consultants, man! by Anonymous Coward · · Score: 0

      Colombian drug lord Jorge Cifuentes testified that Rodriguez had forgot to renew a license key critical to the communications network of Guzman's Sinaloa Cartel in September 2010

      I mean, Jesus H. Christo - it is goddamned *tough* to find competent IT support. If they can't do it with automatic weapons and methamphetamine torture parties, what hope do the rest of us have?

      Uhh, did you read the full article? He didn't "forget" to renew it, he was already working with the FBI by then and had been for months. Forcing them into plaintext was intentional.

    5. Re: chingados consultants, man! by Anonymous Coward · · Score: 0

      Anybody who doesn't mod you +1 funny is not Hispanic or has no Hispanic extended family. It's like my father in law works at my job.

    6. Re:chingados consultants, man! by Anonymous Coward · · Score: 0

      Offer a good wage and free skills training and you can find lots of competent IT people.

      Chapo's top lieutenants were said to have had a budget of millions of dollars per month just for bribes. How much can good IT help cost?

    7. Re:chingados consultants, man! by Opportunist · · Score: 2

      Why do you think a drug cartel works any different than the average corporation? Having a budget of millions just for brib... political donations don't mean that you waste more than a dime on the guy running your IT.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    8. Re:chingados consultants, man! by Anonymous Coward · · Score: 0

      Ironic that the sysadmin was more afraid of the feds than his boss.

      But of course. The Boss may have more horrible ways of punishing people - but only as long as he remains boss. The government will always be there. When the gov. is preparing to take down a boss, the employees start planning for a future without that boss. Preferably a future outside the jails - which is available for those who cooperate.

      They didn't "rat him out" until they had that boss, and there is always the witness protection system with new identities.

    9. Re:chingados consultants, man! by Anonymous Coward · · Score: 0

      And I was about to make a joke on easy to flip Millennial admins.. ;)

  5. RIP System Admin by NicknameUnavailable · · Score: 1

    Why would the announce that?

    1. Re:RIP System Admin by Gravis+Zero · · Score: 1

      Why would they announce that?

      1) The FBI didn't announce anything.
      2) The sysadmin is a criminal that assisted El Chapo. (no sympathy for the Devil's assistant)
      3) It makes for a good story.

      --
      Anons need not reply. Questions end with a question mark.
    2. Re:RIP System Admin by NicknameUnavailable · · Score: 4, Informative

      0) It makes it harder to flip people in the future when he turns up strung up by his intestines after having his penis flayed off and stuffed down his throat along with his fingers and toes with evidence it all happened while he was still alive and conscious.

    3. Re:RIP System Admin by guruevi · · Score: 1

      Most likely the dude got him and his family emigrated to America and in witness protection. Dreams come true - no longer living in the hole he came from, living in the US provided for by government funds.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    4. Re:RIP System Admin by Anonymous Coward · · Score: 1

      Yeah, I'm sure none of the 1500 drug lords and cartel members he ratted on bears him any grudge, they're known to be a forgiving and kind-hearted folk who don't take loyalty all that seriously. Poor too, so it's unlikely any have the resources to track him down and arrange for him to die painfully.

    5. Re:RIP System Admin by CohibaVancouver · · Score: 2

      Why would the announce that?

      Likely to override defense accusations of illegal wiretapping.

    6. Re:RIP System Admin by Anonymous Coward · · Score: 0

      Likely this is part of a plea deal that also includes some form of witness protection.

    7. Re: RIP System Admin by Anonymous Coward · · Score: 0

      I dunno. He made some space for others to advance. Those most directly impacted, like El Chapo, have bigger problems.

    8. Re: RIP System Admin by Anonymous Coward · · Score: 0

      It is likely that even those that benefited from it would like to see him made an example of to dissuade others from doing the same.

    9. Re:RIP System Admin by UnknowingFool · · Score: 1

      Your assumption is that Rodriguez is still at his admin job with the cartel. Don't you think that by the time he's been named, he's been extracted and possibly given a new identity. If I were Rodriguez that would have been essential of any agreement I made with the Feds.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    10. Re:RIP System Admin by UnknowingFool · · Score: 1

      Depends if you think witness protection doesn't involve new identities which would be the minimum I would request.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    11. Re:RIP System Admin by NicknameUnavailable · · Score: 0

      Oh hey, it's you again. So you never mentioned the last ~50 posts you've made to me: how many cocks can you stuff in your mouth at once?

    12. Re:RIP System Admin by UnknowingFool · · Score: 1

      So your response to a point which shows you haven't thought about your point for a second is to attack someone with inappropriate sexual and homophobic drivel? Ad hominem much?

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    13. Re:RIP System Admin by NicknameUnavailable · · Score: 1

      My response to you is to ask how many cocks you can stuff in your mouth at once, your points are irrelevant because you've stalked between most of my comments with stupid points lately and I won't give you the benefit of having read them any longer.

  6. Obligatory by Nkwe · · Score: 2

    Obligatory xkcd

    1. Re: Obligatory by Anonymous Coward · · Score: 0

      You're an idiot.

    2. Re: Obligatory by Nkwe · · Score: 2

      You're an idiot.

      If you don't see how the referenced xkcd is relevant to a compromised sysadmin, I doubt your qualifications to evaluate idiocy.

  7. How to survive that? by manu0601 · · Score: 5, Insightful

    Now that everyone knows sysadmin Cristian Rodriguez betrayed drug cartel, I wonder what is the plan to keep him alive.

    1. Re:How to survive that? by Anonymous Coward · · Score: 1, Interesting

      Witness Protection. Unlike the movies, it generally doesn't result in people getting killed after the fact.

    2. Re: How to survive that? by Anonymous Coward · · Score: 1

      They will just him and his family another name, move him to like Montana or whatever, and that will be that. Hopefully they give him enough cash to make turning on the bad guy actually profitable instead of just "enjoy this harsh cold pseudosiberia" or whatever.

    3. Re:How to survive that? by AHuxley · · Score: 1

      The networks will go back to the old ways. A week round trip for a message by using a human.
      Face to face messages for the long term strategic planning.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re: How to survive that? by AHuxley · · Score: 4, Funny

      +1 for computer repair shop in Montana.
      The only shop in the village that can support a middle class lifestyle doing working class electronics repair work.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:How to survive that? by Anonymous Coward · · Score: 0

      Damnit AC! Now we have to move him again. :-\

    6. Re: How to survive that? by Anonymous Coward · · Score: 0

      Nobody has ever been killed while in WITSEC, provided they used proper Opsec.

    7. Re:How to survive that? by sysrammer · · Score: 1

      From the QOTD below: ""Security is mostly a superstition. It does not exist in nature... Life is either a daring adventure or nothing." -- Helen Keller"

      I guess he's opted for the daring adventure.

      --
      His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
    8. Re: How to survive that? by Anonymous Coward · · Score: 0

      The trouble is fame and a fat bounty. Every district has desperate drug addicts - a face to make them rich is always going to be a problem. Social media and selfies and automatic matching is improving.

      It is easy to turn the mark/SE he had no option. If he leaves solitary it will be game on.
      There is a vacancy and a reward for Skype voice pattern matching down south. Patience is a virtue.

    9. Re:How to survive that? by DigiShaman · · Score: 2

      Turn Amish and blend in. His only chance now is a 2nd life as someone completely different. New identity and everything!

      --
      Life is not for the lazy.
    10. Re:How to survive that? by manu0601 · · Score: 1

      Witness Protection.

      It works for non US residents? That an odd way to get a green card!

  8. License key, eh? by bill_mcgonigle · · Score: 5, Insightful

    Fascinating that this kind of organization trusts proprietary software. Too easy to sneak in back doors.

    But I guess if this shop were well run the headlines wouldn't be what they are.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    1. Re:License key, eh? by Frank+Burly · · Score: 1

      If your sysadmin has flipped, it doesn't matter if RMS wrote all the software himself.

    2. Re:License key, eh? by darkmeridian · · Score: 2

      Dude, the FBI compromised the sysadmin. I don't give a fuck if you use open source software, but if your sys admin is compromised by a "hostile" actor, then you're fucked.

      --
      A NYC lawyer blogs. http://www.chuangblog.com/
    3. Re:License key, eh? by AHuxley · · Score: 1

      The Soviet Union faced a problem in the 1950's.
      They knew the NSA and GCHQ had total control over all emerging crypto computer systems.
      The Soviet Union had two option. Stay with a one time pad system and transport new codes all over the world using humans. Slow and not good for the vast numbers of longer messages
      Upgrade to a new computer system and allow communication at a mil/gov level like a normal nation.
      But have the NSA/GCHQ be part of all further crypto communications.

      The Soviet Union had to go with computer networks and lost its codes and crypto to the NSA/GCHQ.
      The gain in real time and instant communications was see as worth the risk.

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:License key, eh? by Anonymous Coward · · Score: 0

      Hell no. I would never let some system admin manage my syndicate's communication system. There are some things you just need to learn and do yourself in that sort of situation.

    5. Re:License key, eh? by Anonymous Coward · · Score: 0

      Fascinating that this kind of organization trusts proprietary software. Too easy to sneak in back doors.

      It wouldn't have mattered if it was the most secure crypto software ever. They found the guy who knew the keys and paid him off. Why waste time with backdoors when you can just buy the keys? It's what any sensible government would and does do.

    6. Re:License key, eh? by Anonymous Coward · · Score: 0

      E2E encryption. OTR or OMEMO.
      DH key exchange at every communication initiation.
        Done. No need to trust any sysadmin.

    7. Re:License key, eh? by oobayly · · Score: 1

      Right, so you have a choice of running the org as well as the systems and likely making mistakes that will leave your systems open, or spending all your time keeping up-to-date on all the CVEs and keeping your systems nice and secure, leaving no time to run your cartel.

      I suppose you could delegate the running of the cartel to a subordinate, but that leaves you at the risk of being screwed over by those under you. This applies to every part - don't trust the people in the warehouse, do it yourself. The Sinaloa Cartel has (had) an estimated 50-60 thousand people involved - that's about the same size as AstraZeneca, an Anglo–Swedish multinational pharmaceutical. Would you expect a CEO or director to be the sysadmin of a multinational?

    8. Re:License key, eh? by UnknowingFool · · Score: 1

      How different would the outcome have been if they used open source software? Not much different. They flipped the admin. The proprietary license key renewal was a cover for something else that had been planned by the Feds. The admin could have easily sabotaged open source software requiring software to be "upgraded".

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    9. Re:License key, eh? by UnknowingFool · · Score: 1

      Who would you get to manage your communication system? I doubt El Chapo himself has the expertise to do it.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    10. Re:License key, eh? by Anonymous Coward · · Score: 0

      Fascinating that this kind of organization trusts proprietary software. Too easy to sneak in back doors.

      But I guess if this shop were well run the headlines wouldn't be what they are.

      Dude, that cartel was around for quite a while, and their sysadmin got flipped. Open source software isn’t going to change that outcome.

      Open source isnt exactly known as So Easy To Use, You Wont Need To Trust Other People To Help You With It (TM)

    11. Re:License key, eh? by Megol · · Score: 1

      The USSR did develop their own encryption standards (e.g. GOST), don't know what you are talking about.
      However in the 50's nobody used computer networks to transfer encrypted data so I _really_ don't know what you are talking about.

    12. Re:License key, eh? by AHuxley · · Score: 1

      Re "The USSR did develop their own encryption standards"
      That failed when the NSA and GCHQ could read along with the communications sent.
      Lots of nations had fast new methods to move transfer lots of encrypted data.
      All kinds of innovations to Teleprinters https://en.wikipedia.org/wiki/... :)

      --
      Domestic spying is now "Benign Information Gathering"
  9. Best decryption by TheMeuge · · Score: 1

    Nothing beats thermorectal cryptanalysis.

    1. Re:Best decryption by phantomfive · · Score: 1

      Too bad there's a shortage these days on Calcutecs that can do shuffling. It's the securest form.

      --
      "First they came for the slanderers and i said nothing."
  10. And that someone is always a sysadmin by raymorris · · Score: 1

    Not just "someone", but the sysadmin. The guy who actually enters the commands to give the boss access to stuff can use the same commands to give himself access. Don't hire shady people for those roles, and don't shortchange them on pay so they need a few bucks from someone else.

    1. Re:And that someone is always a sysadmin by phantomfive · · Score: 3, Funny

      Not everyone's like this. How do you find someone like that?

      --
      "First they came for the slanderers and i said nothing."
    2. Re:And that someone is always a sysadmin by Anonymous Coward · · Score: 0

      There's this one too. $5 wrenches are easier to come by then bulletproof encryption algorithms.

  11. Required : by Anonymous Coward · · Score: 0

    Citation :

  12. Re: Why go to such lengths? by astrofurter · · Score: 1

    Drug lords are rich. The rich have civil rights.

  13. underpaying, to keep the commoners common by astrofurter · · Score: 5, Insightful

    A long time ago I worked as a security sysadmin for a well known Wall Street company. As part of my work I was given access to the master passwords for ALL the financial systems.

    At the same time, they paid me so little (by Manhattan standards) that I had to live with two roommates. So obviously I was living far below a comfortable middle class lifestyle. While holding the master keys to a system that processed billions of dollars a day...

    As it happens, I was young, and I'm an honest man from a good family. So I did nothing dishonorable. But WHAT THE FUCK WERE THEY THINKING?

    Just goes to show that most rich folks are inbred half-wits who would be flipping burgers at McDonald's if they'd been born commoners like the rest of us.

    1. Re:underpaying, to keep the commoners common by Anonymous Coward · · Score: 0

      But what could you do, if you were bent?

      Sure, you could disrupt their systems, which would cost them. But then you'd be in jail.

      Perhaps you think you could alter the transactions, and funnel billions some other way? But those things are discovered quickly, and many such transactions are reversable. And then you're in jail.

      With very careful planning, you might be able to get away with some. But it is certainly not as simple as "divert a large sum into my own account, then get on a plane to Paraguay before they notice".

    2. Re:underpaying, to keep the commoners common by Anonymous Coward · · Score: 0

      hahaha I'm doing your job now...

    3. Re: underpaying, to keep the commoners common by Anonymous Coward · · Score: 0

      My brother - always keep your hat gleaming white. It will not make you rich. But one cannot buy honor.

  14. Security 101 by Opportunist · · Score: 1

    Your biggest security problem is always the human factor.

    This is why you keep the wife and kids of your sysadmin in a safe place.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. Re:Why go to such lengths? by Anonymous Coward · · Score: 0

    The same question applies to why do the crazy always go after outsiders, unknown citizens, not anyone who actually caused them harm.

  16. So what you're saying is... by EmagGeek · · Score: 1

    They didn't crack anything at all, but rather got someone to hand over the private keys.

    That's not cracking. Just sayin'

    1. Re:So what you're saying is... by Anonymous Coward · · Score: 0

      Cracked here is being used with the meaning of solved. Like cracking a puzzle.

  17. Re:Why go to such lengths? by EmagGeek · · Score: 1

    It's because the War on Drugs is simply a facade to justify all the spending. Lots of Americans are getting extremely wealthy off of the WoD, and as with all big government programs, their goal is to self perpetuate, not solve whatever problem was used to sell it to the public.

    If they actually did what they were supposed to do and just iced all the drug kingpins and dealers, they'd win the WoD and there wouldn't be a need for any more billions of dollars funneled into all of their family businesses.

  18. Re: Why go to such lengths? by c6gunner · · Score: 1

    Because most of them actually believe in following the law, and the rest don't really want to go to jail. All it would take would be for one of these assassins to be prosecuted successfully enough to give up his superiors, and suddenly the whole system comes tumbling down.

  19. The lesson here by OneHundredAndTen · · Score: 1

    The cryptography rarely is the weak link in the security chain. The Snowden papers revealed that the NSA carries out its chores most by social engineering and eavesdropping, not by scientifically breaking cryptosystems, and I think it is a safe bet that the same is true in the FBI.

  20. So... What you are saying is... by Anonymous Coward · · Score: 0

    The police did... police work?

    How novel?

  21. Security by Agripa · · Score: 1

    So the system was so secure that it did not use public-key encryption between clients and had no provisions for perfect forward secrecy?