WikiLeaks logo
The Global Intelligence Files,
files released so far...

The Global Intelligence Files

The Global Intelligence Files

On Monday February 27th, 2012, WikiLeaks began publishing The Global Intelligence Files, over five million e-mails from the Texas headquartered "global intelligence" company Stratfor. The e-mails date between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal's Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defence Intelligence Agency. The emails show Stratfor's web of informers, pay-off structure, payment laundering techniques and psychological methods.

Re: [CT] DISCUSSION - Anonymous vs Cartels

Released on 2012-03-02 01:00 GMT

Email-ID 160928
Date 2011-10-25 00:07:40
On 10/24/11 3:12 PM, Sean Noonan wrote:

1. Look at the anonymous hackers tacked down already The USG arrested 10
Russian spies last year, are you willing to say foreign intel is not
capable of conducting espionage undetected?

2. NSA will tell you otherwise. SIGINT is not the NSA's only
responsibility. SIGINT assets do not carry over to investigating cyber
intrusion, unless you are trying to corroborate, in this case HUMINT is
just as significant as SIGINT. A country's SIGINT capabilities does not
indicate its capabilities in tracking hackers. NSA may have there own
department for tracking hackers but it does not make it SIGINT. The
question is if the attack is high priority enough. Many people assume
there is no attribution because there is no response, but I don't think
that is accurate. Many people say this, because no attribution is one
reason for no response.

3. Your example is short-sighted. You don't just open a new laptop and
start hacking e-mail addresses. A cyber attack involves much more than
a recently bought laptop. In the same way there is an attack cycle for
a terrorist attack or crime, there is one for a cyber attack. A very
simple attack may be as hard to trace as a nearly-random mugging in the
dark in a neighborhood with much more serious crime and no CCTV
cameras. A more complicated attack, however, involves pre-operational
surveillance, developing exploits, developing programs and code, gaining
access, exploiting that, and carrying out an attack. Discovering
exploits and writing code can be done entirely offline, out of sight of
law enforcement or intel agencies. Pre-operational surveillance and
gaining access (the point of the exploit you write offline) would fit in
my example. The point is, if you don't link your computer to
identifiable information, you remain anonymous. And that takes time,
giving more time for your exposure Exposure comes from network activity
with the target, a lot of the pre-operational phase of an attack can
occur without network activity. Look at everything that went into
Stuxnet as a great example, that couldn't be done with one person with a
new laptop. Writing the code and hacking was just a small part of
necessary labor for the Stuxnet operation. I also don't think we are
discussing operations on the scale of causing physical damage to
extremely sensitive equipment . All of this activity provides activity
and evidence which helps for attribution. Of course it is always
possible to develop an attack, just like any other operation, that even
the best law enforcement and national intelligence agencies have trouble
or cannot attribute. That's fine. My point is that it's very difficult
for someone to successfully use Anonymous as a cover and have NSA, GHQ,
MID, Aman, etc, be unable to attribute it. How do you know if NSA or
GHQ is effective in identifying hackers? They may not choose to cover it
if it is small scale crime, however.
On 10/24/11 1:38 PM, Tristan Reed wrote:

I wouldn't doubt using Anonymous as a cover for state sponsored cyber
warfare. Not sure the number of benefits in actually doing that, since
you can conduct a cyber attack without associating with a hacker group
and still deny / cover actions on behalf of the State. An individual
attacking US computer assets from China, may be working by himself or
on behalf of the Chinese government, but unless the US has other intel
on the Chinese government's cyber warfare activities in order to
corroborate there is little capability to distinguish.

It is very difficult to track down hackers. Computer network
operations do not fall under the discipline of SIGINT. Assets from
SIGINT would not directly help you track an individual responsible for
hacking State run servers. In the past, I have turned to SIGINT
organizations for collections on computer related material, but this
was due to the US being behind in cyber warfare, and not knowing where
to assign responsibility. However, this has changed dramatically in
the last couple of years.

Online activities, with adequate OPSEC, truly are anonymous. As an
extreme scenario of OPSEC: If I purchase a laptop in cash, go to a
Starbucks with free public wifi, and never attribute the online
activity to something revealing (accessing personal email accounts,
tweeting, entering personal information to the laptop, etc..), and
begin hacking government email accounts then never use the laptop
again. Unless LEA could get an accurate description of my appearance
from Starbuck's patrons or possible security cameras, I can not think
of way to identify me.

Governments, attempting to track cyber enemies, do not refer to these
enemies as individuals. Instead as generic entities tied to specific
computer-related activities because of the difficulty in identifying

I think the most likely way for a "Anonymous cover" to be blown, would
be the chatter in all the IRC channels. But what if a common
participant in "Anonymous" activities, was working for a State?
Anonymous has denounced state governments before, if that State agent
organizes an attack amongst his IRC / Twitter buddies, what signs
could a LEA look for to distinguish?

On 10/24/11 12:38 PM, Sean Noonan wrote:

In reply to Kerley (my comments on the discussion coming in a bit)

1. Anonymous has not shown the capability to do anything actually
harmful or devastating. I'm not saying they can't, but i'm very
doubtfoul. Tristan's discussion shows the first real case where
they could do some minor damage--to individual people, not not to an
organization or anything that would come as a serious or strategic

2. Attribution by the world' leading SIGINT agencies is actually
pretty good. I see the fear of using 'anonymous' as a cover, but
that would be pretty easy to bungle, and could probably still be
attributed if important enough to those agencies. The recent attack
on Sony actually brings this issue up- Whoever is calling themselves
anonymous denies they did it. And keep in mind how much they have
claimed an publicized attacks in the past, even before they were
carried out. The attack on the Playstation Network was more
sophisticated than anonymous' usual work (though potentially
coordinated with Anonymous' DDOS attacks that distracted Sony's IT
security). But whoever did it, again, no real damage came of it.
Congress is holding hearings over data security, but this is no
different than the OC groups stealing your credit card information.
LE will go after them, have some success, but the threat is not that
On 10/24/11 11:04 AM, Kerley Tolpolar wrote:

Link: themeData

I see the Zetas/Anonymous affairs as a good opportunity to have a
broader piece on Anonymous. I believe our readers no nothing, or
almost nothing about what this group is and the threat it poses.
Reviewing their list of attacks
(, in most of
the cases, they are the "good" guys, sort of a Robin Hood of the
internet . The interesting thing when it comes to their
interactions with the cartels is the dubious role they play: at
the same time they can be fighting crime by revealing cartel
members/supporters, but they can also put lives in risk.

However, I believe this is only one of the threats posed by
Anonymous. The idea that states, and anyone else on Earth, can
conduct a cyber attack under "Anonymous" is worrisome.

If I run an organization, if I am responsible for government
websites, or if I am just a internet user, I would like to know
more about these guys. Who they are? What are they interested in?
How they operate? Who they have targeted so far? How can I defend
myself from them? In what countries are they active? Should I
worry about them at all? Can I use them to achieve any particular

On 10/24/11 10:22 AM, Colby Martin wrote:

nice. i still think the central focus, and what everything else
can build off of, is that Anonymous doesn't know the threat they
pose to innocent people caught up in the terror that is Mexico.
By focusing on journalists or taxi drivers they show little
understanding of the situation. This has long term implications
in not just Mexico. They don't consider the consequences of
their actions and they act without understanding the
environment. It was the same when they released information on
the Sony Playstation network to protest Sony. They hurt
innocent people to prove a point.

On 10/24/11 9:32 AM, Tristan Reed wrote:

Reposting this with a new shorter focus. Instead of discussing
possible cartel responses, the focus is on what type of threat
Anonymous can pose to cartels. The video released by
Anonymous, threatens revealing personal information on cartels
as well as states a member had been kidnapped. I could not
find any sources outside of Anonymous' claims of the
individual being kidnapped. According to their facebook sites
(Anonymous Mexico and Anonymous Veracruz) it sounds like it
may be an individual posting flyers in Veracruz as part of the
Operation Paperstorm protest, although that is speculation.

Link: themeData
Anonymous, a well-publicized hacker group famous for
distributed denial-of-service (DDOS) attacks on government
websites, lashed out at drug cartels via the Internet with a
statements denouncing Mexico's criminal cartels, including a
video depicting a masked individual addressing Mexican drug
cartels on October 10? With the most recent video release,
Anonymous makes bold threats towards the criminal cartels in
Mexico. Threats such as releasing identities of taxi drivers,
police, politicians, and journalists who collude with criminal
cartels. The hacker group demanded Los Zetas release a fellow
kidnapped member otherwise face consequences. In the
Anonymous' video, this coming November 5th was mentioned as a
day cartels could expect Anonymous' reaction if their demands
of releasing a kidnapped member are not met. The potential of
conflict between Mexico's criminal cartels and hackers,
presents a unique threat towards TCOs. We know of cartels
lashing out at online bloggers, but I haven't seen any
reporting on cartels dealing with any headaches from hackers

What Anonymous brings to the table in a conflict
o Anonymous would not pose a direct physical security
threat to Mexican cartels.
o Anonymous' power base is the ability to exploit
online media
o Anonymous hackers do not have to be in Mexico to
lash out at cartels

While not certain, there is a potential for Anonymous to pose
a threat
o It is unknown if Anonymous's claims to possess
identifiable information on cartel members
o It is unknown what information Anonymous could
acquire on cartels
o Bank accounts, any online transactions or
communications, identifiable information on cartels members
have to be considered in the realm of possibilities for
o Anonymous has demonstrated it's ability to
reveal illicit online activity (child pornography rings)

Anonymous hackers likely have not been involved in the
ultra-violent world of drug trafficking in Mexico. As a
result, their understanding of cartel activities may be
limited. Anonymous may act with confidence when sitting in
front of a computer, but this may blind them to any possible
retribution. They may not even know the impact of any online
assault of cartels.
o Revealing information on taxi drivers and
journalists will cost lives. Anonymous may not understand some
of these individuals are forced to collude with cartels.
Taxi drivers are often victims of extortion or
coerced to act as halcones. Revealing the identity of these
individuals will not have a significant impact on cartel
operations. Politicans have been accused of
working with cartels (Guerrero & Veracruz' governor) before,
however there has yet to be any consequences from this.
o Anonymous hackers may not understand the extent
cartels are willing to go protect their operations.
o Any hackers in Mexico are at risk.
o Cartels have reached out to the computer science
community before, coercing computer science majors into
working for them.
o This provides the cartels with the possibility of
discovering hackers within Mexico.

On 10/17/11 10:19 AM, Marc Lanthemann wrote:

Oh man we are threading new ground here - I like the idea
but there are several issues to address and fix here.

These are the bullets of my main analytical concern with the

o we don't know who got kidnapped or why. that's
fine but we can't gloss over that fact
o "hackers" is a blanket term - there's a
difference between stealing bank records from government
computers and overloading main page.
o There's no thought out process of what sort of
information could anon have on the cartels. What kind of
info is kept online and accessible to potential attacks? You
seem to be talking about identities, whose? If anything it's
dirty cops, politicians and businessmen who need to worry
about what anon is going to be saying. Think about why the
bloggers and media were killed in previous instances. Was it
because they revealed operational details, because they
acted as informants, because they exposed links with
officials or because they somehow sullied the cartel's
reputation? In short, what kind of information is damaging
to the cartels themselves?
o Once you identify this info - think about if anon
can realistically access it and disseminate it so it causes
a measure of damage. Anon doesn't have any intelligence
capacity except for the technical ability by a very small
number of its members to infiltrate certain networks and
databases and steal information. Now what kind of
information would a cartel keep on a network that is
connected to the internet (aka no intranet)? Where else
could information be found? Government databases? Once we
know what kind of information is accessible, we can also
know more about the consequences of dissemination.
o What's the IT capacity of a cartel? Sufficient to
trace back attacks? If it's not, there risks to be a lot of
killings done by people who may not understand the
difference between an anon hacker and a blogger.

On 10/17/11 9:47 AM, Colby Martin wrote:

wanted to forward Karen's thoughts to analyst

-------- Original Message --------

Subject: Re: [CT] DISCUSSION - Anonymous vs Cartels
Date: Mon, 17 Oct 2011 09:28:18 -0500
From: Karen Hooper
Reply-To: CT AOR

you've got some of the issues here, but this is going to
need a lot more work

You need to lay out:

a) What exactly is going on with Anonymous, your trigger
section is unclear
b) what our assessment of the online cartel presence is,
and therefore their vulnerabilities and capabilities
c) How capable is Anonymous of breaching high security
d) how far the cartels would be willing to travel to kill
anyone who breaches their systems or exposes their

I also just want to point out that we have reasonable
reliable insight that Sinaloa at the very least has some
significant levels of sophistication in their online
presence, to include the use of cyber currencies and
significant IT capacity. There is no reason to assume that
Los Zetas don't also conduct business online, in a
protected fashion.

Karen Hooper
Latin America Analyst
o: 512.744.4300 ext. 4103
c: 512.750.7234
On 10/17/11 8:46 AM, Renato Whitaker wrote:

On 10/17/11 8:25 AM, Tristan Reed wrote:

Link: themeData


Recently, Mexican cartels have faced a new enemy, hackers.
Anonymous, a well-publicized hacker group famous for...?,
lashed out at drug cartels via the Internet with a
statements denouncing Mexico's criminal cartels, including
a video released depicting...? a person talking? a voice?
words on a screen? exactly when?. With the most recent
video release, Anonymous makes bold threats towards the
criminal cartels. Threats such as releasing identities of
Mexican? American? taxi drivers, police, politicians, and
journalists who collude with criminal cartels. The hacker
group demanded Los Zetas release a fellow kidnapped member
otherwise face consequences. The potential of conflict
between Mexico's criminal cartels and hackers, presents an
unprecedented war front for the cartels. The vastly
different operations of Anonymous and Los Zetas leave a
conflict both Anonymous and the cartels have little
experience in handling. i believe that Anonymous has no
experience with the cartels. I do not believe for a second
that the cartels have no experience with hackers.

In the Anonymous' video, this coming November 5th was
mentioned as a day cartels could expect Anonymous'
reaction if their demands of releasing a kidnapped member
this should be mentioned right up front. Cartels have a
member, Anonymous is threatening to hit back. Provide
enough details so we understand who this guy is and
why/how he was abducted. are not met. If Anonymous' claims
of possessing revealing information on cartel members and
operations are true, cartels will likely respond with
violence against individuals revealed as opposing cartel
members huh? you mean Anonymous members?. It also is
likely that public disclosure of GOM officials who collude
with DTOs will force the GOM to take action, giving the
Anonymous threat complexity i don't understand what this
means. You mean the GOM will threaten Anonymous?. How
effectively any cartel will be able to retaliate against
Anonymous remains unanswered . However, cartels will
continue their threats against any individual using online
media WC.... you mean tools? or weapons? We're not talking
about bloggers here. against the cartels.

The Battle Space

Anonymous's and the cartels activities exist in two
separate realities from each other. Anonymous operates
solely in sphere of the computer networks. Anonymous does
not experience geographical boundaries. All personalities
within Anonymous, exist solely in cyber space. (That is
not entirely true. They are physical people tho live in
the real world. They have names and addresses - although
most of them are likely outside of MX.) Anonymous' power
base consists of their technical capabilities in hacking.
Any information connected to the Internet is vulnerable to
exploits by hackers. (Identifying the pc's of individual
cartel members in the midst of Mexico's population could
be quite difficult. Remember that most of what Anonymous
has done are DDOS attacks. Sucks if you are Mastercard or
a big company with a website that brings in revenue, but
it does not really matter if you don't run operations on
the web. Los Z don't make much money via e-commerce. They
are also far less dependent on the web than the

Anonymous is known for its hacking endevours, but it's
power base consists of the perceived anonymity that its
members believe themselves to have, real or otherwise, by
operating through the internet. This gives an opening for
people disgruntled by anything and everything to practice
general dickery. As the popular meme goes, anonymity +
audience = troll. Only a fraction of the large web of
people who identify themselves as "anonymous" have any
sort of serious IT capability.

The largest threat towards a hacker's existence so far has
been from targeted arrests by Law Enforcement Agencies.

The criminal cartels in Mexico operate on the streets in
US and Mexican cities. They are run as a business, always
looking to maximize profits and expand. But they are
bricks and mortar commerce. Yes..... but they use the
internet to launder money and issue commands. We know that
Sinaloa does that from insight. There is no reason to
assume that Los Zetas don't have a similar capacity.
Their power base is built by large amounts of revenue and
escalating brutal violence. Cartels like Los Zetas, are
experienced in facing different types of threats. Cartels
are always suffering at the hands of cartel on cartel
violence. While battling each other, cartels still face
arrests by Law Enforcement Agencies. As cartels wish to
avoid any hindrance in the flow of drugs and money,
cartels have targeted media outlets. Murdering journalists
and online bloggers in order to cover details of their
operations. ok... but that's kind of a red herrng for this
discussion. You need to focus on the possible
vulnerabilities of the cartels. Don't just assume they
have no cyber presence.

Anonymous' Weapons

Whatever impact will be felt due to Anonymous' actions
against criminal cartels has yet to be seen. Anonymous'
only ability to combat cartels lay in information
operations, mainly disseminating sensitive information on
cartels and propagating anti-cartel statements via social
media and defaced websites in Mexico you mean so far and
that we know of?. As Anonymous admitted in their video to
cartels, they cannot fight with guns. The significance of
a targeted information operations campaign by technically
elite individuals can not be overlooked should not be
underestimated. Cartels view main stream media outlets and
social media blogs as such a threat to their operations,
that they have continued to target journalists and
bloggers. Last month, a message signed by Los Zetas was
placed with a dead female body more relevantly, on the
body of a blogger. The message threatened any users who
denounce cartels on blogging websites. getting repetitive
here, and it's not really addressing the subheading

As stated earlier, any information connected to the
internet risks disclosure by Anonymous. There is ample
reason to suggest Anonymous is capable of possessing
information they threaten to release. By releasing
identities of individuals cooperating with Mexican
cartels, Anonymous threatens the life of those
individuals. Anonymous's ability to disseminate sensitive
information is limited by what is available via the
Internet. Government computers connected to the Internet
should always be considered a possibility of an attack.
However, as with the compartmentalized nature of the US
governments computer networks, information available to
Mexico's intelligence collection may not be easy to
acquire. what are you trying to say here? This isn't
clear at all

Cartel's Defense

A counter response to the video? by the
cartels has yet to see fruition. However, Anonymous'
claims of a kidnapped member by Los Zetas suggest Los
Zetas have begun addressing the threat posed by hackers
so... how has there not been a counter response? also this
undermines your statements above about how Anonymous is
soley internet based, and underlines the vulnerabilities
of associated members. How did they find teh Anonymous
member? The answer to that could very well give you some
indication to the technical ability of the cartels . As
Anonymous exists in abstract reality of the world wide web
, the cartels will face a number of challenges which
rarely are posed for them Again, how do you know? The USG
has whole agencies dedicated to fucking shit up in
cyberspace. You can assume (and we have good intel
indicating that) they are working on disrupting the
cartels.. Hackers threatening cartels, can operate in any
region of the world. Personal information including
locations is only available if a hacker chooses to divulge
it or if the subject of the attack is savvy enough to
figure it out. Hackers don't only work for Anonymous.
Cartels are only capable of dealing with their online
enemy, if they can physically reach out to them. Or start
employing hackers of their own under their payroll?
Stranger things have happened, Why not a Zetas 2.0?

Cartels have been known to coerce the services
of Mexican citizens with a technical background.
Recruiting the help of computer science majors through
personal threats has been reported in the past where? What
cartels? reported where?. Since cartels operate in the
world of urban violence and drug trafficking, they will
likely need the assistance of technical experts to help
combat any threat by computer hackers. While identifying
bloggers inside of Mexico has been demonstrated, it is
unlikely cartels are capable of identifying any hackers
operating outside of Mexico. Even law enforcement agencies
such as the FBi, with far more technical experience and
resources than cartels, struggle to find hackers through
investigations. A) How do you know they are not in Mexico?
(Who was the guy they kidnapped???) B) I'm goign to assume
that not all hackers are equally difficult to track down

In order to compete with an online foe,
cartels will likely continue counter tactics they are most
familiar with, brute force. Cartels are still capable of
their HUMINT operations within Mexico "still"? why would
we assume they wouldn't be?. Individuals with alleged
connections to hacker communities will likely be targeted
and interrogated by cartel members. Narco banners and
public display of violence will likely continue to be used
to scare online media into submission i'm not really
seeing the online media-international hacking group
connection here. The cruel manners in which cartels
inflict harm, is something computer hackers have unlikely
encountered before in their life. Whether the fear of
cartel violence softens the confidence of Anonymous will
remain to be seen until cartels are able to seek out and
capture members of the hacker group.. Or the Narcos could
call the collective bluff and simply go on and shrug off
any inconvenience that Anon can inflict.

Marc Lanthemann
Watch Officer
+1 609-865-5782

Colby Martin
Tactical Analyst


Sean Noonan

Tactical Analyst

Office: +1 512-279-9479

Mobile: +1 512-758-5967

Strategic Forecasting, Inc.


Sean Noonan

Tactical Analyst

Office: +1 512-279-9479

Mobile: +1 512-758-5967

Strategic Forecasting, Inc.