“Socalj” for Borderland Beat

Last year, a cyber breach at Colombia’s prosecutor’s office exposed the identities of more than 100 agents of the US Drug Enforcement Administration and other federal law enforcement entities, along with scores of their Colombian and global counterparts. The names of at least 90 DEA agents and at least 15 Homeland Security Investigations agents were revealed in the leak, which was shared with journalists and included a huge trove of emails and other data. Although the DEA itself was not breached and journalists are not publishing the names or any identifying information about the agents, the leak demonstrates a lack of safeguards on the part of Colombia, a strategic US ally in its efforts to counter drug cartels. 

NarcoFiles Project

The leak from the Colombian prosecutor’s office provided the basis for the NarcoFiles, a multinational investigative reporting project by the Organized Crime and Corruption Reporting Project along with more than 40 other news outlets, including the Miami Herald. The project — led by OCCRP in partnership with Centro Latinoamericano de Investigación Periodística — began with a leak of emails from the Colombian Prosecutor’s Office, which were shared with media outlets around the world. Reporters examined and corroborated the materials with hundreds of other documents, databases, and interviews. Explore the full project here. 

In October 2022, the Colombian prosecutor’s office acknowledged in a statement that there had been a breach, but it did not say what was exposed in the hack. The leak poses a potentially greater threat to Colombian law enforcement and other authorities since it includes names of Colombian undercover agents, witnesses, and key details about informants. 

A “hacktivist” organization calling itself Guacamaya, a common word in parts of Latin America for the macaw parrot, had claimed responsibility. Guacamaya also said it had hacked the Mexican Defense Ministry, as well as the defense departments of Chile, Colombia, and others — apparently by exploiting a vulnerability in an email server used by companies and governments around the world. In its manifesto, Guacamaya called the Colombian prosecutor’s office “one of the most corrupt organizations in the country,” and accused it of being servile to US interests. Once it had hacked the prosecutor’s office, Guacamaya shared 5 TB of information, including about seven million emails, with two intermediary groups. Those groups then shared the data with journalists. Spokespersons for the DEA and Justice Department did not respond to multiple emails requesting comment. 

The NarcoFiles documents include dozens of requests from the US Justice Department for assistance in providing wiretaps, surveillance, arrests, and extradition of suspects wanted for drug trafficking and money laundering. Because the documents are tied to investigations that will be or were used in court cases, they contain the names of agents who worked particular prosecutions — and, in the case of witnesses or informants, often phone numbers as well as other details that could expose them to danger. Some documents also contained the cell phone numbers and aliases of suspects the DEA sought help in tracking. The Colombian documents include extensive personal details about undercover Colombian agents and family members, often documenting personal history drawn from background checks. By contrast, DEA policy requires details about informants to be kept on special forms that are safeguarded and accessible only under well-documented circumstances.

OCCRP identified at least 90 members of the DEA, most of whom work in or with Colombia, in the NarcoFiles. Some appeared in court cases or public documents, but many had no online footprint. Tom Devine, legal director of the Government Accountability Project, a group that brings whistleblower cases against the US government, said the identification of DEA personnel “poses a life-threatening risk to those agents.” “There’s a big difference between rumors and US government confirmation of a working relationship,” he said. Colombia has received more than $13 billion in U.S. foreign aid since 2000, much of it for Colombia’s military and in support of counter-narcotics efforts. It’s unclear to what degree the DEA has funded and advised its partner on information security, or what demands it has placed about protection of sensitive information. 

Colombia ranked 81st out of 182 nations and territories on the 2020 Global Cybersecurity Index, published by the International Telecommunication Union with input from the United Nations. The index weighs a country’s laws, tech capacity, organizational structures, and global cooperation. “The region’s continuing trend of major governmental cyber crises is strong evidence that coordinated effort at the national and regional levels must be intensified,” the Council of Foreign Relations said in a blog post by experts this March, which cited the Guacamaya hacks.

Source Miami Herald, OCCRP