Small Wars Journal

Mexican Cartel Operational Note No. 1

  1. Blog
Sat, 12/17/2011 - 1:56pm

Mexican Cartel Operational Note No. 1:

Mexican Military Operations Against Los Zetas Communications Networks

Via CNN Mexico, “La Marina desarticula la comunicación de ‘Los Zetas’ en Veracruz.” Jueves, 08 de septiembre de 2011 a las 10:32, http://mexico.cnn.com/nacional/2011/09/08/la-marina-desmantela-la-red-de-comunicaciones-de-los-zetas-en-veracruz, view the 2:31 video of the initial seizure of Zetas communications equipment.

Via the Institute for the Study of Violent Groups, Naval Post Graduate School, “Zetas’ Communications Systems.” n.d.:

The Los Zetas operate a vast telecommunications network involving two-way radios, encrypted, secure radio networks, computers and burner cell phones. The original Zetas experience in the military lead to a number of innovative techniques in the Zetas operations including successfully using existing networks securely and building their own radio systems.

During a 26 day operation the Mexican Navy seized various communications devices from throughout the state of Veracruz. The seizure included mobile radio transmitters and high frequency repeaters, computers, cables and wiring, two-way radios, batteries and power supplies / amplifiers, solar power cells, 13 large antennae, 7 radio amplifiers, encryption devices and 7 trailer trucks carrying other supplies such as clothing and groceries.[1][2][3][4] There were also 80 persons arrested during the operation, including six police officers. The system was reportedly capable of handling the communications in Veracruz and partially into neighboring Tabasco state.[1] Images of the items can be seen in the gallery below.

One report indicated the network was highly sophisticated and stated: "The communications network was composed of several communication repeaters of high frequency band, known by its acronym UHF, which had independent power sources, frequency amplifiers, antennas known as "pool cues”, which are slender and go up to 20 feet above the ground, and antennas that were concealed in trees."[5]

There were a total of twelve reported municipalities in which the seizures took place. The map below outlines the locations and demonstrates how the network traveled through the state north to south.[1][2][3][4][5]

The municipalities are:

    * Tepetzintla

    * Panuco

    * Veracruz

    * Xalapa

    * Orizaba

    * Cordoba

    * Naranjos Amatlan  

    * Tantoyuca

    * Poza Rica de Hidalgo

    * Perote

    * Coatzacoalcos

    * Tuxpan

See the map and photo gallery at this site, http://vkb.isvg.org/Wiki/Other/Zetas'_Communications_Systems.

Via Hispanically Speaking News, “Zetas’s High Tech Narco-Communications Central Seized (VIDEO).” 21 November 2011:

Communication equipment valued at $350,000 was seized by Mexican army elements in Torreón who raided a home known by Zeta narcos as “The Central.”

The $350,000 worth of equipment, was used by the Zetas for the control and coordination of their criminal cells as well as to monitor security forces to evade capture.

Army elements seized a central processing unit as well as 2 high capacity hard drives, long-range broadband digital radio equipment, networked laptops, 63 digital radios, 59 analog radio units with multiple accessories and a digital ICOM radio to communicate with aircrafts from the ground and 24 cell phones.  Mexican authorities also found several doses of cocaine [1].

Via Associated Press, “Mexican Army Dismantles Gang’s Antennas, Radios.” Thursday 1 December 2011:

MEXICO CITY (AP) — Mexican army troops dismantled a telecommunications system set up by organized crime in four northern states, authorities said Thursday.

The Defense Department said soldiers confiscated 167 antennas and 166 power supplies that gang members used to communicate among themselves and to monitor military movements.

The operation also netted more than 1,400 radios and 2,600 cellphones in the border states of Tamaulipas, Nuevo Leon and Coahuila and in the state of San Luis Potosi, a statement said.

The army hasn’t said which cartel was affected.

During the summer, Mexico's navy dismantled a communication system used by the Zetas cartel in the Gulf state of Veracruz. The Zetas have a strong presence in all four of the states involved in the army's operation….[2].

Via Ronan Graham, “Mexico Seizes 'Zetas' Communications System.” In Sight. Friday 2 December 2011:

Mexican army troops have dismantled a sophisticated communications network, believed to have been operated by the Zetas drug gang to conduct internal communications and monitor the movements of the security forces.

A statement from the Defense Department (SEDENA) said that military personnel dismantled the network in the northern border states of Nuevo Leon, Coahuila, San Luis Potosi and Tamaulipas following a 12-month operation.

Although the statement did not give the name of the drug cartel operating the network, the Zetas have extensive operations in these areas.

The military confiscated more than 1,400 radios, 2,600 cell phones and computer equipment during the operation, as well as power supplies including solar panels, according the Defense Department.

The equipment was found in rural, sparsely populated areas of the four states. According a military source, the antennas were painted green to blend in with the surroundings…[3].

An extensive collection of photos of this equipment can be found at “Desmantelan red de comunicación de Los Zetas.” El Universal.com.mx. Miércoles 14 de diciembre de 2011, http://fotos.eluniversal.com.mx/coleccion/muestra_fotogaleria.html?idgal=11883.

External Analysis:

Concerning the initial operations against Los Zetas communication system, per the STRATFOR analysis “Zetas Communications Network Disrupted in Veracruz,” Mexico Security Memo: Zetas Communications Network Dismantled. 13 September 2011:

The Mexican navy on Sept. 8 dismantled a communications network used by Los Zetas throughout Veracruz state. Among the equipment seized were mobile radio transmitters, computers, radio scanners, encryption devices, solar power cells and as many as seven trailers that served as base stations, according to media reports. A spokesman for the Mexican navy said some 80 individuals have been arrested over the past month in connection with the operation, itself the result of months of work by naval intelligence officers.

Los Zetas have been known to utilize more sophisticated communications networks than other cartels, due in large part to the organization’s origins in military special operations. The Zetas needed to augment sparse communications in some areas they control, and the Veracruz network likely was for the purpose of “off the grid” communications. Since cellphones are relatively easy for authorities to monitor, Los Zetas have sought to diversify their telecommunications capabilities, a fact of which Mexican authorities are aware.

It is possible that the seizure of this communications equipment means the navy is preparing to launch operations to push the Zetas out of the Veracruz port region. Indeed, a navy spokesman said the immediate result of the operation was the disruption of the Zetas’ “chain of command and tactical coordination.” If the navy is about to engage the Zetas in Veracruz, dismantling the Zetas’ communications network would be one of the first moves it would make….[4].

Concerning the Nextel phones, the networks themselves, and issues of OPSEC (operational security) and encryption, the initial outside analysis conducted by Tim Wilson, “The Zetas Take to the Air,” In Sight. Friday 9 December 2011, states:

…Notable in the most recent seizure were [1]354 Nextel radio phones— a higher radio take than in previous busts. The seized Nextel radios work on Nextel’s Conexion Directa network, a digital two-way radio “push-to-talk” cellular service that allows for free private calling with selected users. This service is difficult to hack, yet functions much like a police or taxi dispatcher. Up to 100 users can be connected free of charge, with capabilities extending even to cross-border calling. Anything less secure would put the group in an odd situation, i.e., worried about getting hacked itself.

However, it’s also clear from the seizures that the Zetas may not have the firmest grasp of the technology just yet.

Given the transmitter equipment being seized by the Mexican military, for example, it is obvious that the Zetas cartel has also been buying commercial-grade telecommunications gear and establishing their own open-band transmission system with basic encryption— completely independent of Nextel’s licensed spectrum.

Even with software-based security protocols bolted on to the system, it is likely that the Zetas are exposing themselves to “man-in-the-middle” eavesdropping by Mexican authorities. From a purely technological perspective, this would be difficult to do on the Nextel system, as cellular networks—and certainly Motorola’s iDEN technology, which Nextel uses— have rigorous security features, but it would be considerably easier in the unlicensed “white space” used for basic radio.

That said, the way around wireless encryption isn’t to hack it— that’s just too hard— but to know it, usually through what is called “social engineering,” which is essentially having access to human information. In the case of wireless technology, this means knowing the standard practices of technicians and thus creating the necessary safeguards to thwart break-ins.

Think of it like the encrypted Wi-Fi networks, which have solid technology but can still be hacked— if you have the right information. According to security experts contacted by InSight Crime, this is a common problem for all countries in Latin America, because usually it is the Internet Service Providers (ISPs) who are responsible for configuring the routers and access points of their users, and they often repeat practices. In other words: they manage from predefined configurations, including passwords, allowing criminals to hack routers of a given type, potentially compromising others using the same ISP.

Now apply this to cellular networks. Given that Mexican authorities might have access to Nextel’s system, or simply know how to hack it based on an understanding of industry protocol, we should expect that the Zetas’ next move will be to set up a self-encrypted, autonomous communications network, even though the technology itself might be less robust. With that, they will most likely reach their target of a fully-functioning, independent comms network, if they haven’t already [5].

Analysis:

Veracruz State, September 2011

The communications hardware and supporting materiel seized by the Mexican navy (as identified in the news reports) is as follows:

  • Mobile Radio Transmitters
  • High Frequency Repeaters/UHF
  • Computers
  • Cables/Wiring
  • Two-Way Radios
  • Cell Phones (Burner)
  • Batteries/Power Supplies/Solar Cells
  • Encryption Devices
  • Radio Scanners
  • 13 Large Antennae (some Pool Cue to 20ft/Tree Concealment)
  • 7 Radio Amplifiers
  • 7 Trailer Trucks (Base Stations with Food/Clothing)
  • 80 Personnel (Including 6 Police Officers)

The operation against Los Zetas communications network targeted their C2 (command and control) and counter-intelligence (military communications scanning) capabilities for mostly northern and central municipalities in the state of Veracruz and for a section of the state of Tabasco (See the Institute for the Study of Violent Groups map). As mentioned in the STATFOR analysis this could signal a prelude to Mexican military operations against Los Zetas in the Veracruz port region. This was supported by the Mexican navy spokesman concerning the intended disruption of Los Zetas ‘chain of command and tactical coordination.’ Though geographically the seizures appear to be meant to isolate Los Zetas territories in northeastern Mexico in the states below the US border.

Of note is that this is a mobile communications system based on Semi-Trailer Trucks (like Peterbilts) mated with very large antennas to create a network grid in underdeveloped/rural areas. No evidence of sizeable weapons seizures were evident in the Mexican news video or photographs reviewed. This suggests that the base stations were relatively ‘soft assets’ and relied upon their mobility and remoteness as a form of defense. Still, weapons and body armor for some of the Los Zetas personnel serving as a small security force would be expected.

Torreón (in Coahuila State), November 2011

The communications hardware and supporting materiel seized by the Mexican army (as identified in the news reports) is as follows:

  • 1 Computer (Central Processing Unit)
  • 2 High Capacity Hard Drives
  • Laptops (Networked)
  • Long Range Broad Band Digital Radio Equipment
  • 1 Digital ICOM Radio (for Ground to Air Communication)
  • Scanners [Not Identified/Required for Monitoring Ability]
  • Antenna(s) [Not Identified/Required]
  • Cables/Wiring [Not Identified/Required]
  • Batteries/Power Supplies [Not Identified/Required]
  • 63 Digital Radios
  • 59 Analog Radio Units (with Accessories)
  • 24 Cell Phones

It was estimated in the reports that the value of this equipment is $350,000. The equipment was found at a fixed site— a residence known as ‘The Central’— which provided C2 (command and control) and counter-intelligence (military communications scanning) capabilities for Los Zetas in the urban area of Torreón. Whether this site was raided prior to the December seizures/or was simply an early phase in the seizures in Coahuila state is unknown. No evidence of sizeable weapons seizures were reported in English language reports—though, as a fixed C2 asset, hardening of the residence and a weapons caches inside of it should be considered a standard operating procedure. Four Los Zetas personnel arrests were mentioned at this fixed site [6].

Coahuila, Nuevo Leon, San Luis Potosi, and Tamaulipas States, December 2011

Per the SEDENA (Mexican Ministry of Defense) statement, the following hardware was seized in this operation:

Habiendo detectado, desmantelado y asegurado un total de:

    * 167 ANTENAS. [Antennas]

    * 155 REPETIDORAS. [Repeaters; Receivers/Transmitters]

    * 166 FUENTES DE PODER. [Power Supplies; Including Solar Panels]

    * 1,446 RADIOS. [Radios]

    * 1,306 CELULARES. [Cell Phones]

    * 1,354 NEXTELES. [Nextel Phones]

    * 71 EQUIPOS DE CÓMPUTO. [Computer Equipment] [7].

The sheer volume of equipment seized suggests a huge multi-state grid of fixed antennas and repeaters had been established by Los Zetas for their regional C2 (command and control) requirements. This was a rural based system meant to be hard to detect (camouflaged) and self-contained, relying upon solar panel cells to cut down on battery/power maintenance requirements. Military communications monitoring capabilities were also mentioned in the news reports but are not evident in the equipment seizure manifest. Possibly a forensics review of the seizure pictures (not conducted in this note) would allow for the identification of scanner systems among the generic computer equipment listed. Since the equipment seizure in the state of Veracruz identified such scanners, the capability will undoubtedly exist—though it would be found in fixed and mobile C2 Los Zetas facilities.

Operational Conclusions

Very little has been published on Los Zetas operations and intelligence ‘line and block’ organizational charts. The best work on this subject, now dated, has been conducted by Lisa Campbell and is based on the earlier Gulf and Los Zetas cartel alliance. Still, that work contains an intelligence organizational chart that identifies ‘Dirreccion’— approximately 20 communication experts providing C2 support and counter-intelligence capabilities via police / military communications monitoring (assumed COMINT; electronic intelligence (ELINT) not known). See Fig. 2 from Campbell’s work [8]:

Reprinted from Lisa J. Campbell, “Los Zetas: operational assessment.” Robert J. Bunker, ed., Narcos Over the Border. London: Routledge 2011: 59.

The Los Zetas / Gulf cartel communications equipment identified as of early 2010 was as follows:

  • Radio Transmitters
  • Walkie-Talkies
  • Voice Over Internet Protocol (VOIP)
  • Broadband Satellite Instant Messaging
  • Text Messaging
  • Encrypted Messaging
  • Two-Way Radios
  • Scanner Devices
  • Modern Wiretapping Equipment
  • High-Frequency Radios with Encryption and Rolling Codes [9]

How the recently seized Los Zetas communications equipment is ultimately related to their current operational and intelligence structures is unknown— such information represents classified SEDENA intelligence being utilized in an active counter-criminal insurgency setting. This is evident because, without question, the equipment seizures taking place over the last 4 months signify a component of a coordinated multi-state offensive against Los Zetas by the Mexican Federal government. This offensive is likely benefiting from US intelligence capabilities providing targeting support against the OPFOR (opposing force)— via general SIGINT (signals intelligence) and remote sensing assets (drone/satellite). This offensive is evident in at least five Mexican states (Coahuila, Nuevo Leon, San Luis Potosi, Tamaulipas, Veracruz and possibly Tabasco).

A report had been filed by Chris Covert in October 2011 concerning the Laguna Segura counternarcotics operation which may represent a component of the Mexican government operations against the Los Zetas communications networks. Additionally, he noted “Last spring the national legislature, the Chamber of Deputies funded the addition of 18 new rifle battalions, most of which would be deployed in northern Mexican states” [10]. Covert linked it back to “A comprehensive security operation based on a framework used successfully in two Mexican southern states” [11]. Of note is how the counter-communications networks offensive against Los Zetas appears integrated into the broader counter-criminal insurgency strategy being conducted. That overarching strategy focuses on northeastern Mexico, and since early-2010, has been known as Operation Northeast Coordinated (Operación Coordinada Noreste). It represents a full scale Mexican federal governmental effort to take back territories controlled by both Los Zetas and the Gulf cartels [12]. One component of that strategy, which will eventually see the deployment of three of the new infantry (rifle) battalions, was recently highlighted in Mexican Cartel Strategic Note No. 10: Fortified Town (Burgward) Strategy Implemented in Tamaulipas [13].

Note(s):

1. See http://www.hispanicallyspeakingnews.com/notitas-de-noticias/details/zetass-high-tech-narco-communications-central-seized-video/11910/. The video link in the article may not function properly on some computer operating systems.

2. Posted at numerous news websites. See http://www.npr.org/templates/story/story.php?storyId=143034026.

3. See http://www.insightcrime.org/insight-latest-news/item/1925-mexico-seizes-zetas-communications-system. One photo of antennas seized at this link. Hotlinks to primary Mexican SEDENA and other documents in this article. The Borderland Beat site mirrors the In Sight article with the addition of additional pictures from the seizure. See http://www.borderlandbeat.com/2011/12/mexico-seizes-zetas-communications.html.

4. See http://www.insightcrime.org/insight-latest-news/item/1958-the-zetas-take-to-the-air. This analysis contains a hardware picture labeled “Antena Orizaba 1”.

5. Via Google’s cache of http://www.stratfor.com/analysis/20110913-mexico-security-memo-zetas-communications-network-dismantled.

6. From Mexican governmental report. “Los Zetas are slowly being dismantled: in Luguna Seura!” 19 November 2011, http://pikapvs.wordpress.com/2011/11/19/los-zetas-are-slowly-being-dismantled-in-luguna-seura/.

7. SEDENA, “Personal militar desarticula redes de radiocomunicación clandestinas.” Monterrey, N.L., a 1 de diciembre de 2011, http://www.sedena.gob.mx/index.php/sala-de-prensa/comunicados-de-prensa-de-los-mandos-territoriales/8104-1-de-diciembre-de-2011-monterrey-nl. The hardware seized is broken down by military zones.

8. Lisa J. Campbell, “Los Zetas: operational assessment.” Robert J. Bunker, ed., Narcos Over the Border. London: Routledge 2011: 59.

9. Ibid, 65. The sophisticated military style radios with the rolling encryption do not appear evident in the recent seizures of Los Zetas communications equipment.

10. Chris Covert, “Segura Laguna security operation begins.” Rantburg.com. 24 October 2011, http://www.rantburg.com/warticle.php?D=2011-10-24&ID=332129&HC=2. Derived from the following Spanish article “Llegan militares para plan Laguna Segura.” El Universal. Sábado 22 de octubre de 2011, http://www.eluniversal.com.mx/estados/82661.html.

11. Ibid.

12. Gary J. Hale, Mexico’s Government Begins to Retake Northeastern Mexico. Rice University: James A. Baker III Institute for Public Policy. 9 December 2011: 3. Concerning these communications networks this note is of interest: “The dismantled [Veracruz] network is thought to be part of a larger communications infrastructure erected by the Gulf cartel (when the Zetas were subordinate to the Gulf cartel) and that enabled realtime, handheld DTO communications from roughly Cuidad Acuña, Coahuila (across from Del Rio, Texas) in the northwest, to the Yucatan Peninsula to the east. This communications network, which is now largely disabled, previously allowed for continuous DTO command-and-control management of cross-border cartel operations.” p. 10.  Originally referenced to United States vs. Jose Luis del Toro Estrada aka “Tecnico,” United States District Clerk, Southern District of Texas, Case No. H-08CR616, plea agreement March 18, 2009.

13. http://smallwarsjournal.com/blog/mexican-cartel-strategic-note-no-10.