—MEXICO CITY —
When convoys of soldiers or federal police move through the scrubland of northern Mexico, the Zetas drug cartel knows they are coming.

The alert goes out from a taxi driver or a street vendor, equipped with a high-end handheld radio and paid to work as a lookout known as a “halcon,” or hawk.

The radio signal travels deep into the arid countryside, hours by foot from the nearest road. There, the 8-foot-tall (2-meter-tall) dark-green branches of the rockrose bush conceal a radio tower painted to match. A cable buried in the dirt draws power from a solar panel. A signal-boosting repeater relays the message along a network of powerful antennas and other repeaters that stretch hundreds of miles (kilometers) across Mexico, a shadow communications system allowing the cartel to coordinate drug deliveries, kidnapping, extortion and other crimes with the immediacy and precision of a modern military or law-enforcement agency.

The Mexican army and marines have begun attacking the system, seizing hundreds of pieces of communications equipment in at least three operations since September that offer a firsthand look at a surprisingly far-ranging and sophisticated infrastructure.

Current and former U.S. law-enforcement officials say the equipment, ranging from professional-grade towers to handheld radios, was part of a single network that until recently extended from the U.S. border down eastern Mexico’s Gulf coast and into Guatemala.

The network allowed Zetas operatives to conduct encrypted conversations without depending on the official cellphone network, which is relatively easy for authorities to tap into, and in many cases does not reach deep into the Mexican countryside.

“They’re doing what any sensible military unit would do,” said Robert Killebrew, a retired U.S. Army colonel who has studied the Mexican drug cartels for the Center for a New American Security, a Washington think tank. “They’re branching out into as many forms of communications as possible.”

The Mexican army said on Dec. 4 that it had seized a total of at least 167 antennas, 155 repeaters, 166 power sources, 71 pieces of computer equipment and 1,446 radios. The equipment has been taken down in several cities in the Gulf coast state of Veracruz and the northern states of Nuevo Leon, Coahuila, San Luis Potosi and Tamaulipas.

The network was built around 2006 by the Gulf cartel, a narcotics-trafficking gang that employed a group of enforcers known as the Zetas, who had defected from Mexican army special forces. The Zetas split from the Gulf cartel in 2010 and have since become one of the nation’s most dominant drug cartels, with profitable sidelines in kidnapping, extortion and human trafficking.

The network’s mastermind was Jose Luis Del Toro Estrada, a communications expert known as Tecnico who pleaded guilty to conspiracy to distribute cocaine in federal court in Houston, Texas, two years ago.

Using millions of dollars worth of legally available equipment, Del Toro established the system in most of Mexico’s 31 states and parts of northern Guatemala under the orders of the top leaders in the Gulf cartel and the Zetas. The Gulf cartel boss in each drug-smuggling territory, or plaza, was responsible for buying towers and repeaters as well as equipping his underlings with radios, according to Del Toro’s plea agreement.

Del Toro employed communications specialists to maintain and run the system and research new technology, according to the agreement.

Mexican authorities, however, presented a different picture of the cartel radio infrastructure, saying it was less monolithic than the one described by U.S. authorities. A Mexican military official denied that the army and navy have been targeting one network that covered the entire Gulf coast. The operations had been focused on a series of smaller, local systems that were not connected to each other due to technical limitations, he said.


“It’s not a single network,” the official told The Associated Press on condition of anonymity due to the sensitivity of the topic. “They use it to act locally.”

In recent years, reporters traveling with the Mexican military have heard cartels using radio equipment to broadcast threats on soldiers’ frequencies. The military official told the AP that the signals are now encrypted, but cartels are still trying to break in.

At least until recently, the cartel’s system was controlled by computers that enabled complex control of the radio signals, allowing the cartel to direct its communications to specific radios while bypassing others, according to Grupo Savant, an intelligence and security consulting firm in Washington that has firsthand knowledge of Mexico’s cartel operations.

The radio system appears to be a “low-cost, highly extendable and maintainable network” that shows the Zetas’ sophistication, said Gordon Housworth, managing director of Intellectual Capital Group, LLC, a risk- and technology-consulting firm that has studied the structure and operations of Mexican cartels and criminal groups.

Other Mexican criminal organizations maintain similar radio networks, including the Sinaloa cartel, based in the Pacific coast state of the same name, and the Barrios Azteca street gang, which operates in Ciudad Juarez, across from El Paso, Texas, a U.S. law-enforcement official said. The Zetas’ system is the largest, however, the official said, speaking on condition of anonymity because of the sensitivity of the topic.

The Mexican raids are “a deliberate attempt to disrupt the business cycle of the cartels,” said one former law-enforcement official with direct knowledge of the network. “By going after command and communications you disrupt control.”

Law-enforcement officials and independent analysts described the operations against the Zetas’ communications system as significant short-term victories in the fight against the cartel.

“The seizures show that the organization is scrambling,” said Steven Dudley, co-director of InSight, a group that analyzes and investigates organized crime in Latin America.

The longer-term impact is unclear. The cartel has had little difficulty in replacing radio gear and other equipment seized in smaller operations in recent years. And contacts among the highest-ranking Zetas operatives tend to take place in highly encrypted communications over the Internet, according to Grupo Savant.

Certainly, cartel radio equipment is a near-ubiquitous presence for Mexicans living along the front lines of the drug war.

In the state of Tamaulipas, across the border from eastern Texas, many antennas are concealed in the foliage of the rockrose, an invasive shrub that has spread across much of the state’s open land.

Even from a few feet (meters) away it’s nearly impossible to see the towers or their power cables.

In Nuevo Laredo, the Zetas’ first stronghold, antennas sprout from rooftops and empty lots. One soldier told the AP that even when authorities took down an antenna there, it was swiftly replaced.
Prior to recent interdictions, the Zetas operated a transnational private communications network stretching from the US through Guatemala to Honduras. (Interestingly the Mexican government has described it as a series of discrete networks intended for regional/local efforts.)

From an operational standpoint, as well as the known Zeta footprint and intent, we support the single network theory as the Zetas have many reasons to want to gain regional control while denying access to competing Drug Trafficking Organization (DTOs).

From a technical standpoint, the greater network could have "airgaps" that break the network into zones so that if the US/Mexican assets roll up one segment, they do not roll up all segments. The 'gap' could also be as simple as 'sneaker net' (manual transfer) or as sophisticated as fiber optics links. If the Zetas could do it, they would likely go all fiber as that makes interception far more difficult.
Improving Cartel Communications

The Mexican DTOs are designing increasingly sophisticated communications systems using VHF and UHF COTS (commercial off the shelf) components for encryption and transmission. Unlike earlier captures, which show mixed equipment likely a result of many small lot purchases as well as theft, the newer captures display far more uniformity indicating mass purchase against a system architecture design.

Most if not all networks employ solar powered, high capacity battery banks that support rural placement taking advantage of terrain line of sight where power may not be present.

Earlier stacked arrays and folded dipoles are now being augmented by parabolic UHF antennas for greater gain and heightened beam pattern, i.e., greater range requiring fewer intermediate tower repeater arrays.

All are indicators of heightened professionalism and a commitment to fielding a stable, maintainable communications capability.

The use of best of breed COTS components as opposed to MILSPEC [military grade] hardware allows the DTOs to quickly roll out a low cost, highly extendable and maintainable network. The problem is that such a COTS system is vulnerable to adversary efforts to locate and map its nodes and infer information about its operational behavior.
Transnational Command & Control Net

The Zetas have equipped their lookouts and street-level operatives ('halcones') with commercially available short range handheld radios similar to those used by construction and emergency response sectors.


Erecting a network of line of sight towers with repeaters that retransmit the signals of these handhelds, the Zetas were able to build a trans-regional command and control (C&C) independent of commercially available channels. (Line of sight means the signal path is unopposed by buildings, structures or terrain.)

It is equally possible that the Zetas were also attempting to intercept (monitor) police/military traffic in order to position their forces to either evade interdiction or gain the element of surprise in an attack of state and federal assets.
Post Dismantlement Options

Post dismantlement the Zetas, with other DTOs watching, have been performing damage assessment in an attempt to understand the level of compromise of its network traffic, its operational capacity and its sources and means.

Aware that their initial network was vulnerable to location and rollup, and now having a minimum knowledge of Mexico/US intercept capabilities, the Zetas must design a system less vulnerable, at a minimum, to traffic analysis and geolocation. (Traffic analysis looks for 'to-from' patterns of even encrypted message traffic which can build traffic sequence, infer operational patterns, then associate external events to those sequences.)

Sufficiently sensitive monitoring equipment can detect individual characteristics and variances in system clocks and crystals, permitting the tracking of a particular radio on the net. Operational patterns will ultimately emerge that enable interdiction.

The Zetas will want to reestablish regional command and control (C&C) but in an implementation that does not instantly expose them to renewed interception and rollup. Mere physical camouflage by vegetation and paint will no longer suffice.

A successor network will demand improved Electronic Protection (EP), that is, actions that protect friendlies from the effects of both friendly and adversary electronic warfare that would degrade the network.

Electronic Protection (EP) is both active and passive:

Passive measures include siting, shielding, emission control (reducing the number of transmissions), alternative means (not delivering the entire message stream on a single channel), directional antennas, frequency management/agility and identical equipment.
Active measures include encryption, anti-jam and techniques known as low probability of intercept (LPI) and low probability of detection (LPD).

DTOs will have to upgrade their skills to counteract allied efforts. Tools such as burst transmissions, mobile equipment, frequency agility and fiber optic links could make their appearance. One should also expect to see the appearance of military grade equipment, even countermeasures equipment, as well as the hiring of skilled EP staff.

The better a next generation Zeta net excels at Electronic Protection, the more difficult it will be to monitor, penetrate or spoof (pass oneself off as a net member) its network.

SOURCEhttp://www.stuff.co.nz/technology/digital-living/6195525/Mexicos-drug-cartels-build-radio-network