Skip to Content

Sean Penn, El Chapo, and a Tale of Operational Security

60 Minutes60 Minutes
The Hollywood actor and director Sean Penn sat down with Charlie Rose on January 14, 2016 in Santa Monica, Calif. for his first interview about the controversy over his clandestine meeting with Mexican drug lord Joaquin El Chapo Guzman.CBS Photo Archive--CBS via Getty Images

A version of this post titled “El Capture” originally appeared in Cyber Saturday edition of Data Sheet, Fortune’s daily tech-business newsletter. Subscribe here.

For the third time, the wily Mexican drug kingpin Joaquín Guzmán Loera has been apprehended by government authorities. The story bears all the hallmarks of any good cybersecurity thriller: evasion, deception, espionage, hamartia.

Investigators began tracking the infamous narcotics tycoon, also known as El Chapo (or “Shorty”), after his daring escape from a maximum-security federal prison last year. His accomplices had burrowed for a mile to a spot underneath his cell’s shower, allowing him to flee underground on a rail-guided motorcycle. The drug trafficker had made another legendary escape more than a decade prior, carted out of a holding facility while hiding inside a laundry basket. (Yes, a laundry basket.)

Following the latest improbable breakout, law enforcement agents appear to have monitored the cartel boss’ communications with Mexican actress and El Chapo sympathizer Kate del Castillo. The Mexican news outlet Milenio recently published the contents of intercepted Blackberry Messenger chats between the two here. (Take a gander at a translated version on CNN.) Aside from the obviously piquant thrill that accompanies peeking into the private lives of the celebrity pair, one must wonder: How did this breach bring about El Chapo’s third and most recent downfall?

Del Castillo isn’t the only star implicated in the fugitive’s arrest either. After the actor-activist Sean Penn’s riveting, if fawning, Rolling Stone feature hit newsstands, people speculated that his operational security procedures might be to blame for the cocaine chief’s re-capture. Cybersecurity experts questioned Penn’s protocols, calling some of his magazine descriptions “incomprehensible…gibberish,” as Kashmir Hill at Fusion reported. (Penn self-identified in his story’s first paragraph as “the single most technologically illiterate man left standing,” so there’s that.) In the end, Penn declared that his “article has failed”; but more importantly, did his attempts at operational security fail, too?

For more about drugs, watch:

For those with the time, I recommend sifting through theories and analyses contained in the comments section of this post by the computer security blogger Bruce Schneier. In any case, it’s unlikely that all of the hunt’s details will fully surface. If the reports are to be believed, then Penn and del Castillo’s visit to the drug lord’s mountain hideout provided necessary intel to pinpoint the suspect’s location. That incident didn’t immediately lead to his arrest; however, a few months later, after an initially unsuccessful raid, Mexican marines finally nabbed him.

All this goes to show just how utterly important it is for people in precarious situations to practice excellence in operational security. (El Chapo’s case is exceptional, of course.) After all, Mexico’s most wanted man’s own son reportedly leaked his location earlier through a careless photo upload.

The best tactics are easier spoken than obeyed: Don’t reveal information. Compartmentalize. Avoid letting the details of your personal life bleed into your professional one. Opsec, as the pros call it, too often is a losing game. It only takes one slip-up—one tragic flaw—to give oneself up.