top of page
Search

MEXICAN POLICE OFFICERS ALLEGEDLY COLLABORATED WITH CJNG USING ENCRYPTED MESSAGING, AND THE MEXICAN SSC WARNED OF CRIMINAL GROUPS USING FAKE JOB OFFERS ON SOCIAL MEDIA TO TARGET VULNERABLE PEOPLE

  • 11 hours ago
  • 4 min read

April 14-20, 2026 | Issue 16 - NORTHCOM Team

Christian Jackson, Dominic Perfetti, Julia Ruiz Redel, Michela Sereno, Noah Clarke, Matthew George, Sharon Preci, Aristide Devevey, Jacob Robison  

Ben Joshua Gentemann, Editor; Clémence Van Damme, Senior Editor

 

Encrypted Communication[1]


Date: April 16, 2026

Location: Manzanillo, Colima State, Mexico

Parties involved: Mexico; government; institutions; authorities; law enforcement; police officers; uncompromised officers; subversive officers; officials; cartels; transnational drug trafficking group Jalisco New Generation Cartel (CJNG); encrypted messaging application Threema; civilians; public

The event: Eight Mexican police officers, allegedly collaborating with the CJNG, used an encrypted messaging application, Threema, to exchange sensitive security-related operational information.[2]

Analysis & Implications: 

  • Police-cartel collaboration through encrypted applications will very likely encourage the government to deny responsibility for law enforcement corruption, likely impeding the ability of uncompromised officers to constrain cartel activities. Encrypted channels will very likely allow the government plausible deniability over leaks through compromised mediums, likely minimizing punitive action against subversive officers. The lack of accountability within law enforcement bodies concerning corrupt personnel will likely normalize institutional leniency toward cartels, likely deteriorating their reputation from complacent to complicit regarding organized crime. A distrustful public perception of police officers will likely disincentivize civilians from reporting cartel activities to the authorities, likely inhibiting the ability of uncompromised personnel to subdue cartel operations.

  • CJNG’s use of secure, encrypted communications will likely exploit gaps in Mexico’s fragmented digital policy architecture, likely leaving federal prosecutors without a lawful interception framework capable of producing court-admissible evidence against cartel communications. The  National Cybersecurity Strategy (ENCS) will likely remain unamended due to sustained political deprioritization and limited executive focus, likely reflecting its inability to keep pace with encrypted communications and creating a regulatory blind spot for criminal exploitation. CJNG’s exploitation of this legal blind spot will likely serve as a stabilizing force in collaborative operations between officers and cartels, as state inaction allows them to reliably depend on these channels for future cooperation. The absence of amendments to the ENCS compelling companies to retain metadata or establish interception protocols will likely weaken legal bodies’ ability to build admissible cases against corrupt officers using these mediums, likely facilitating corrupt collaboration with cartels in the long-run.

  • The alleged collaboration between police officers and the CJNG will likely set a technological precedent, likely normalizing encrypted platforms as the default infrastructure for cartel-state interaction. This will likely signal a shift from isolated corruption toward a structurally embedded intelligence-sharing model, characterized by intelligence pipelines that persist independently of any single compromised official. The CJNG will likely leverage this access to transition from reactive to anticipatory operational planning, likely enabling the cartel to preempt law enforcement actions and align operations with emerging vulnerabilities. This dynamic will very likely invert the intelligence asymmetry, with the state increasingly operating at an informational disadvantage within its own institutions, likely making institutional reform more difficult to achieve than the persistence of corruption itself.


Date: April 19, 2026

Location: Mexico

Parties involved: Mexico; Secretariat of Citizen Security (SSC); social media; AI; cartels; organized crime groups; criminal actors; criminal groups; population; lower socioeconomic groups; vulnerable people; victims

The event: The SSC issued a cyber alert regarding criminal groups advertising fake job offers on social media to exploit vulnerable people.[3]

Analysis & Implications:

  • Mexican cartels will likely continue exploiting social media platforms through cyber fraud, likely leveraging gaps in moderation guidelines to expand and sustain forced recruitment operations. Organized crime groups will likely increase their operational capabilities for platform manipulation by using AI to mass-produce fake job adverts and exploiting algorithms to increase their social media presence, likely overwhelming moderation efforts facing a high volume of fraudulent postings. The increased presence of fake job adverts on social media platforms will very likely complicate monitoring, as they will blend in with authentic job adverts, likely boosting their legitimacy and effect among lower socioeconomic groups with limited digital literacy. The increased scale of this tactic will likely transform recruitment into a more efficient digitalized process, likely enabling criminal actors to sustain the flow of recruits across larger populations with lower operational efforts.  

  • The use of fake job advertisements on social media will likely reflect a shift toward data-driven victim selection, likely increasing the capacity to conduct exploitative operations with minimal traceability. Criminal actors will likely extract and leverage personal data such as location, socioeconomic indicators, and online behavior from social media interactions, likely improving the precision and effectiveness of victim targeting. Greater targeting precision will likely increase the perceived credibility and relevance of fraudulent offers by aligning with the victim’s expectations and needs, likely raising initial compliance and reducing early-stage detection opportunities. Reduced visibility at the initial contact stage will likely fragment the digital footprint of criminal activity, likely increasing the difficulty of attributing operations to specific actors and reconstructing targeting patterns.

[1] Symbolic image of encryption and cybersecurity, generated by a third-party database 

[2] This is how Threema works, the encrypted messaging app used by the CJNG to communicate, Infobae, April 2026,  


[3] Fake job offers on social networks: a trap that can end in rape or kidnapping, Infobae, April 2026, https://www.infobae.com/mexico/2026/04/19/ofertas-de-trabajo-falsas-en-redes-sociales-una-trampa-que-puede-terminar-en-violacion-o-secuestro/ (translated by Google)

 
 

Reports

Careers

Privacy Policy 

Services

Terms & Conditions 

  • Linkedin
  • Instagram
  • Twitter
  • Facebook

Interested in joining us? Learn more

 

© The Counterterrorism Group (CTG) - 2026 - This website and all of its contents are copyrighted by The Counterterrorism Group, Inc. 2026. Any use, reproduction or duplication of the contents of this website without the express written permission of The Counterterrorism Group (CTG) is strictly prohibited.

bottom of page