Stopping Victims From Becoming Unwitting Drug Mules

Toltec investigators were brought in to understand how Mexican cartels were able to circumvent the security measures put in place to stop unauthorized access to the database of programmable key codes.

As technology continues to improve our daily lives and offer more and more conveniences, it also robs us of our privacy and personal data about how we live our lives. Such is the case in the automotive industry as manufacturers continue to turn our vehicles into what amounts to a rolling mainframe computer. When new cars began to become equipped with remote keys and transponders, drivers were able to more easily access their vehicles, control certain functions, and even find your lost vehicle. Who among us hasn’t used that panic button to find our car in a crowded amusement park, mall, or airport parking lot?

Through the efforts of Toltec, the NASTF confirmed their suspicions and made numerous changes to the application process and database security, now known in the industry as the Secure Data Release Model.

quotes

The Challenge

As this technology continued to evolve, locksmiths ended up in a peculiar situation when trying to service vehicles after hours. They were unable to get the programmable key codes needed to safely and securely help a stranded motorist when the dealerships were closed. The problem was such a concern for the "consumer" that a piece of legislation known as the Automotive Right to Repair Act was drafted. The National Automotive Service Task Force (NASTF) Vehicle Security Committee (VSC) was born which consisted of a collection of locksmiths, organizations and automotive manufacturer representatives. A database was created that was supposed to serve manufacturers, dealerships, and locksmiths only; however, criminals quickly discovered how to exploit the security flaws within this system.

Challenge

Drug traffickers working with Mexican cartels began to realize that they could make their own programmed keys for vehicles that they knew routinely crossed over the Southern U.S. border. The criminals would exploit the security flaws in the key code database, make their own duplicate keys, and then turn unwitting victims into drug smugglers. The gang members would look for potential victims that crossed the border each day to work in Mexico. As confirmed by the FBI and other law enforcement authorities, the operation went like this. Duplicate keys in hand, the gang would put drugs in a car in Mexico, wait for the victim to drive their vehicle back over the border, and then pick up their shipment from the parked vehicle the next night in Texas. All of this was happening unbeknownst to the vehicle owner, until several ended up getting stopped, and law enforcement unraveled the scam.

The Solution

Toltec investigators were brought in to understand how these criminals were able to circumvent the security measures put in place to stop unauthorized access to the database of programmable key codes. Toltec began by making undercover purchases of new, programmed keys, and demonstrating just how easy it was to obtain these from both online and physical retail operations. Toltec was then tasked with conducting deeper investigations, confirming the unauthorized activity, and identifying the individuals and entities involved. Toltec personnel were even summoned to Washington, D.C. on several occasions to present findings and be part of the discussion on potential solutions.

Challenge

The Result

Through the efforts of Toltec, the NASTF confirmed their suspicions and made numerous changes to the application process and database security, now known in the industry as the Secure Data Release Model (SDRM). Rigorous certification and registration processes now ensure that only those professionals that are authorized members of the Vehicle Security Professional (VSP) program can gain access to this information. The VSP account allows locksmiths and other vetted professionals to securely access key, immobilizer, and PIN codes through the SDRM.