Who cracked El Chapo's encrypted chats and brought down the Mexican drug kingpin? Er, his IT manager
Feds flipped techie and recorded hundreds of calls
In an extraordinary twist, it was revealed on Tuesday that the man most likely responsible for bringing drug kingpin "El Chapo" Joaquin Guzman to justice was none other than his sysadmin.
Two months into the trial in New York, the FBI admitted that it had been able to access hundreds of phone calls made by Guzman and his associates via a custom encryption system because they had flipped the IT guy that set it up, systems engineer Cristian Rodriguez.
The trial had heard several recordings previously but, starting this week, the prosecutors started playing more in which Guzman discussed cocaine deals, warned his bodyguard not to kill policeman and even had a brief conversation with a corrupt police commander who he had just put on the payroll.
The recordings were made possible because nearly a year earlier a federal agent posing as a Russian gangster sat down with Rodriguez at a New York hotel and said he needed a system to make calls without law enforcement being able to listen in.
Rodriguez had just set up such a system for Guzman after he was recommended to the Mexican by Colombian drug lord Jorge Cifuentes. Rodriguez could set up a totally secure comms network, Cifuentes told El Chapo, using a closed, encrypted VoIP network.
And so Rodriguez traveled to Guzman's headquarters in the Mexican county Sinaloa and did exactly that. Guzman logged into the network with his home Wi-Fi and made encrypted business calls that the authorities were unable to listen into.
But the Feds were onto the IT guy and approached him pretending to be in need of a similar network. At some point, they managed to flip Rodriguez and he then undermined Guzman's network by shifting servers from Canada to the Netherlands – claiming it was an upgrade – and giving the FBI the network's new encryption keys.
From that point, the authorities were able to grab recordings of El Chapo's calls and their contents seem likely to put the drug lord away for life.
Tap tap tap
The details were outlined in court by FBI special agent Steven Marston, who said that with Rodriguez' help they had managed to tap more than 1,500 calls on the encrypted system between April 2011 and January 2012.
Amazingly, it seems the lot of a sysadmin is the same regardless of who you are working for. A transcript of one call made between Rodriguez and Cifuentes' brother, who was with Guzman in the Mexican mountains at the time, sees Rodriguez being castigated for the encrypted network being down.
The call was intercepted because it was carried out over an unencrypted cell phone. Rodriguez tries to reason with Cifuentes, saying all he has to do is buy a computer and he will head over and configure it.
But the drug trafficker isn't happy, complaining about having to get the computer himself, and about the long password needed to get into a different machine: A situation that every sysadmin on the globe will recognize. Except with one big difference - your boss is unlikely to track you down and kill you if you upset him.
"You didn’t send me the engineer to install my machine. So, then, it’s all your fault," Jorge Cifuentes complained. "No!" responded to Rodriguez.
"It’s all your fault."
"No, Don Jorge, don’t stress me out more, man, because…"
"Don’t complain that I… what can I do? I haven’t been able to do it."
"Hadn’t we agreed that you were going to buy a mini computer and you were going to call us to configure it?"
"I’m so busy. I didn’t even have time to breathe… I have a computer but, you know that I haven’t been able to open it? A Vaio… Do you remember the small Vaio?"
"Good, but that has a very long password."
"The long one, that password that you place…is this the password?
"What a drag! It has symbols and things."
It's safe to assume that as soon as the Feds heard this exchange, they figured that Rodriguez could be their way in. And he was, although it wasn't easy on him.
Notorious Mexican drug kingpin nabbed thanks to drones and spywareREAD MORE
Prosecutors told the court earlier in the trial that a key witness – which turns out to be Rodriguez – had suffered a "nervous breakdown" in 2013 because of "stress" of working for El Chapo – although the stress was more likely due to the fact that he was working undercover for the Feds while in charge of the comms network of an extremely violent criminal enterprise.
Eventually, Rodriguez left the cartel – it's not clear under what circumstances or if the Feds helped. But by then Guzman and Cifuentes had grown suspicious that their IT guy may have flipped and various enforcers turned up looking for Rodriguez – something that didn't exact improve his sense of personal safety.
Rodriguez is still expected to appear as a witness at some point in the trial: The sysadmin who took down a drug lord. ®
Sponsored: Becoming a Pragmatic Security Leader