Dozens of DEA Agents Exposed in Colombian Prosecutor’s Office Leak

NarcoFiles: The New Criminal Order
Investigation

The names of more than 100 agents for the U.S. drug agency and other federal law enforcement entities were revealed in a massive leak of emails and other data from the Colombian prosecutor’s office.

Banner: James O’Brien/OCCRP

November 6th, 2023

A cyber breach at Colombia’s prosecutor’s office has exposed the identities of more than 100 agents of the U.S. Drug Enforcement Administration and other federal law enforcement entities, along with scores of their Colombian and global counterparts.

The names of at least 90 DEA agents and at least 15 Homeland Security Investigations agents were revealed in the leak, which was shared with journalists and included a huge trove of emails and other data.

Although the DEA itself was not breached and journalists are not publishing the names or any identifying information about the agents, the leak demonstrates a lack of safeguards maintained by Colombia, a strategic U.S. ally in its efforts to counter drug cartels.

“It’s one of their nightmares because (cartels) … can identify agents and informants, especially if you are still in-country,” said Mike Vigil, a former DEA international operations chief who helped the agency expand its global intelligence footprint worldwide.

“Anytime that unauthorized people have the name of an agent or an informant, it’s not difficult to locate them.”

A cartel might not want to risk the consequences of killing a DEA agent, Vigil said, but “to them, informants are fair game because they are considered traitors and will kill them to send a message to others thinking of cooperating.”

The leak from the Colombian prosecutor’s office provided the basis for the NarcoFiles, a multinational investigative reporting project by OCCRP along with more than 40 other news outlets, including the Miami Herald.

About the Project

This article is part of NarcoFiles: The New Criminal Order, a transnational investigation into modern organized crime and how it has innovated and spread throughout the globe.

The project began with a leak of emails from the Colombian Prosecutor’s Office. OCCRP, the Centro Latinoamericano de Investigación Periodística (CLIP), Vorágine, and Cerosetenta / 070 gained early access to the data from two organizations, Distributed Denial of Secrets and Enlace Hacktivista. They then shared the leak with more than 40 other media outlets. Journalists from over 23 countries worked on the investigation, chiefly in Latin America but also in Europe and the United States.

Reporters examined and corroborated the materials with hundreds of other documents, databases, and interviews.

Explore the full project here.

In October 2022, the Colombian prosecutor’s office acknowledged in a statement that there had been a breach, but it did not say what was exposed in the hack. The leak poses a potentially greater threat to Colombian law enforcement and other authorities since it includes names of undercover agents, witnesses, and key details about informants.

A “hacktivist” organization calling itself Guacamaya, a common word in parts of Latin America for the macaw parrot, has claimed responsibility.

Guacamaya also said it had hacked the Mexican Defense Ministry, as well as the defense departments of Chile, Colombia, and others — apparently by exploiting a vulnerability in the Microsoft Exchange email server, which is used by companies and governments around the world. (Read more about the leak here.)

In its manifesto, Guacamaya called the Colombian prosecutor’s office “one of the most corrupt organizations in the country,” and accused it of being servile to U.S. interests.

Once it had hacked the prosecutor’s office, Guacamaya shared the five terabytes of information, including about seven million emails, with two groups, who then shared the data with journalists.

Spokespersons for the DEA and Justice Department did not respond to multiple emails requesting comment.

U.S. Requests for Assistance

The NarcoFiles documents include dozens of requests from the U.S. Justice Department for assistance in providing wiretaps, surveillance, arrests, and extradition of suspects wanted for drug trafficking and money laundering.

Because the documents are tied to legal investigations that will be or were used in court cases, they contain the names of agents who worked particular cases — and, in the case of witnesses or informants, often phone numbers as well as other details that could expose them to severe danger.

Some documents also contained the cell phone numbers and aliases of suspects the DEA asked for help in tracking.

The Colombian documents include extensive personal details about undercover Colombian agents and family members, often documenting personal history drawn from background checks.

By contrast, DEA policy requires details about informants kept on special forms that are safeguarded and accessible only under documented circumstances, said Vigil, the former operations chief. He said that informants were given code numbers which were used to identify them.

“If the informant was mentioned in any document, it was always that number,” said Vigil, adding that it was never shared with the host country because “there was always the chance of a compromise.”

OCCRP identified at least 90 members of the DEA, most of whom work in or with Colombia, in the NarcoFiles. Some appeared in court cases or public documents, but many had no online footprint.

Tom Devine, legal director of the Government Accountability Project, a group that brings whistleblower cases against the U.S. federal government, said that the identification of DEA personnel “poses a life-threatening risk to those agents.”

“There's a big difference between rumors and U.S. government confirmation of a working relationship,” he said.

Colombia has received more than $13 billion in U.S. foreign aid since 2000, much of it for Colombia’s military and in support of counter-narcotics efforts.

It’s unclear to what degree the DEA has funded and advised its partner on information security, or what demands it has placed on protection of sensitive information.

Colombia ranked 81 out of 182 nations and territories on the 2020 Global Cybersecurity Index, published by the International Telecommunication Union with input from the United Nations. The index weighs a country’s laws, tech capacity, organizational structures, and global cooperation.

“The region’s continuing trend of major governmental cyber crises is strong evidence that coordinated effort at the national and regional levels must be intensified,” the Council of Foreign Relations said in a blog post by experts this March, which cited the Guacamaya hacks.

Fact-checking was provided by the OCCRP Fact-Checking Desk.