Albuquerque PD Works with Company Investigated by Attorney General & Targeted by NSA, Documents Show
By David Correia and Justin Bendell
The Albuquerque Police Department (APD) works closely with a data management company whose CEO was investigated by the New Mexico Office of Attorney General (NMOAG) in 2018 for allowing users on its network to store and distribute child pornography. This same CEO, whose company hosts APD’s connectabq.org website, was at the center of a massive National Security Agency (NSA) intelligence gathering operation in violation of the Foreign Intelligence Surveillance Act, according to BlueLeaks documents leaked by the hacking group Anonymous in June 2020 and documents leaked by Edward Snowden in 2013.
As we reported previously, since 2006 APD has operated a retail and property crime intelligence gathering operation called ARAPA, in which private sector retailers upload information to a secure police website. APD has said publicly that this operation is small in scope and that access to the data is limited to a small number of local law enforcement agencies. But documents released as part of the BlueLeaks hack show that ARAPA is much larger than APD claims, collecting information unrelated to retail and property crime, and giving intelligence access to hundreds of law enforcement officers, including federal agents from various Department of Homeland Security directorates—including ICE—in an apparent violation of the City’s sanctuary policy. The documents show that APD used the database for political lobbying on at least three instances and used its private sector partners to avoid judicial review and community oversight in the acquisition of intelligence.
Based on a comparison of documents released as part of BlueLeaks with those leaked seven years earlier by Edward Snowden, the Albuquerque police upload data it collects as part of ARAPA on a website, connectabq.org, made by Netsential and hosted by a data center owned by Giganews, the company that the Attorney General investigated in 2018 for hosting child pornography.
On May 17, 2018, Sharon L Pino, former Deputy New Mexico Attorney General for Criminal Affairs, wrote Ronald B. Yokubaitis, CEO of Giganews, that internet “users are known to use your services and software for illegal purposes, including sharing…child pornography and other material that contribute to the exploitation of children and adults in New Mexico.” According to the Pino, Giganews did not appear “to be independently monitoring and reporting illegal searches, contraband, or misuse” but rather warning users about legal restrictions to accessing this material while continuing to allow its distribution and circulation.
The Albuquerque Police Department’s relationship to Yokubaitis goes back more than a decade when APD hired Netsential to build connectabq.org, the web-based application used by APD and ARAPA members to upload, share, and search intelligence related to retail and property crimes investigations. Connectabq.org is hosted by a company called YHC, which is owned by Yokubaitis, and APD stores its data on the servers of a company called Data Foundry, which Yokubaitis started in 1994.
Yokubaitis stores Giganews data on servers around the world, including Data Foundry. The New Mexico Attorney General may have become interested in Giganews because usenet groups are among the most common ways child pornography is stored, accessed, and distributed. Giganews is the largest of these providers, with millions of subscribers with access to more than 100,000 different newsgroups.
It was through a Netsential-built web-based portal that BlueLeaks hackers wormed into Data Foundry’s servers and extracted police data, including those of APD. The leak revealed that all of Netsential clients are local or regional police agencies, including the national network of state-run Department of Homeland Security fusion centers, and much if not all of Netsential’s data are hosted by companies owned by Yokubaitis.
It was in the secret National Security Agency documents that Edward Snowden leaked in 2013 that Giganews, Data Foundry, and Netsential can be linked to the YHC Corporation. Snowden’s leak revealed that the National Security Agency engaged in various bulk data gathering operations in violation of the Foreign Intelligence Surveillance Act. One of these was a data capture and analysis tool known as BOUNDLESS INFORMANT, which allowed the NSA to capture and analyze metadata, and possibly more, from electronic communications. And the operation was indeed boundless. During a 30-day period ending in March 2013, for example, the NSA collected almost 3 billion pieces of intelligence from US computer networks.
Among those computer networks NSA targeted was an IP address, 18.104.22.168, that the agency codenamed WAXTITAN, an address that traces back to Yokubaitis and the YHC Corporation. According to the records of the Texas Secretary of State, Yokubaitis filed incorporation papers for YHC in Texas less than six months after filing papers to incorporate Giganews. According to an analysis of internet DNS and hosting records, Netsential stored police data on the servers of a cloud computing company called iland until around 2008 when it moved police data to Yokubaitis and Data Foundry.
This corresponds closely to the beginning of APD’s connectabq.org launch. One of the founders of ARAPA and former APD employee, Karen Fischer, told a police consulting firm in 2013 that the Target Corporation introduced her to “Stephen Gartrell of Netsential, a website developer in Houston.” According to Fischer, she “worked with Steve to develop the fantastic website system [connectabq.org] that sends members alerts about crime and offenders who are active in Albuquerque—and archives the information.” She added that “the website simply makes it very easy for all of the retailers and the police to post information about suspicious people or events. The other members of ARAPA check the website every day and see the information within minutes.” She made no mention of Data Foundry or the YHC corporation, despite the fact YHC hosted the connectabq.org website and Data Foundry stored its data.
Gartrell and two others filed incorporation papers in Texas for Netsential in 2000, around the same time that Yokubaitis formed YHC. Netsential is a web-based service provider located in Houston, Texas that currently lists only three employees, and yet somehow provides web services and cloud computing for hundreds of clients, nearly all of which are police agencies. Gartrell has a long-time relationship with the police and intelligence community, one that appears to have begun with his work nearly twenty years ago building secure websites for the FBI’s Joint Terrorism Task Force and Counterterrorism Intelligence Group.
It’s not clear how Target came to recommend Gartrell to APD. According to Fischer, Target gave APD $100,000 to create a Safe City ABQ program and recommended Gartrell. It’s possible Target knew of Gartrell through connections related to its intelligence unit, which is staffed largely by former FBI, military intelligence, and local police officers. Target also maintains and staffs two certified criminal forensics labs. A 2006 profile of Target’s intelligence unit in the Washington Post noted that it has worked with the FBI to “coordinate national undercover investigations,” and has provided “local police with remote-controlled video surveillance systems” throughout the U.S. When Target introduced Gartrell to APD its intelligence division was led by a former FBI agent and staffed entirely with former police officers.
APD has worked closely with Gartrell ever since Target recommended him to build connectabq.org. His name is found across scores of APD documents released as part of the BlueLeaks hack. Since 2010, Albuquerque police have made eight different payments to Gartrell and Netsential totaling $26,844 for web services and cloud computing related to its connectabq.org website. We filed a records request with APD for all records, including contracts and communications, related to Gartrell and Netsential, but have yet to receive them. APD last paid Netsential for web services in March of 2018, and while a search of current city vendors revealed no current city contract with Netsential, YHC, a target of NSA data extraction, continued to serve as the host for connectabq.org data as recently as September 2020.
On June 30, a week after the BlueLeaks documents were first leaked, Netsential contacted clients from its firstname.lastname@example.org address with a subject line that read “Netsential Servers Compromised.” Fischer was among those who received the email, and she immediately notified her new employer, the University of New Mexico (UNM). According to records released as part of a freedom of information request, Fisher no longer works for APD or ARAPA, but instead, according to internal UNM emails, “is contracted by UNMPD [UNM Police Department] to assist” in a number of areas, including as its primary liaison with Netsential. It’s not clear if UNM is aware that Fischer previously worked with APD to create the ARAPA surveillance and intelligence gathering operation in apparent violation of the city’s sanctuary policy and operated it in a pattern that skirted oversight or judicial review related to information gathering.
We filed a records request with UNM for Fischer’s consulting contract and scope of work. We also contacted the Office of the Attorney General to ask if the investigation into Giganews also included YHC Corporation, Data Foundry, Netsential, or Karen Fischer and whether the investigation was ongoing. We have yet to receive a response to either of these requests.
David Correia and Justin Bendell work with AbolishAPD, a research collective working to abolish the Albuquerque Police Department. They can be reached at AbolishAPD@protonmail.com