Full Report
In early January, agents from the El Centro division of US Customs and Border Protection (CBP) descended on the central Californian city of Bakersfield and the surrounding Kern County as part of “Operation Return to Sender”. The unit said the mission was highly targeted and aimed to apprehend immigrants with criminal records. Yet exactly how […] The post US Border Patrol Called Raid 300 Miles From Border ‘Targeted’. Open Source Evidence Suggests Otherwise appeared first on bellingcat.
Analysis Summary
This article describes a large-scale immigration enforcement operation conducted by US Customs and Border Protection (CBP) in an inland region, which has prompted legal challenges regarding its scope and methodology.
# Incident Report: CBP "Operation Return to Sender" Immigration Enforcement Surge
## Executive Summary
In early January, US Customs and Border Protection (CBP) conducted "Operation Return to Sender" in Bakersfield and Kern County, California, resulting in the arrest of 78 individuals, mostly Mexican nationals. The operation's justification as highly targeted came under scrutiny when evidence suggested nearly all arrests were based on chance encounters rather than pre-identified criminal records, leading to immediate deportation for many and resulting in lawsuits alleging constitutional overreach.
## Incident Details
- **Discovery Date:** Early January (Operation execution period)
- **Incident Date:** Early January
- **Affected Organization:** US Customs and Border Protection (CBP), El Centro Division
- **Sector:** Government/Law Enforcement (Immigration Enforcement)
- **Geography:** Bakersfield and Kern County, Central California (Inland location, hundreds of miles from the southern border)
## Timeline of Events
### Initial Access
- **Date/Time:** Early January
- **Vector:** Proactive field operations (traffic stops, raids at commercial locations like gas stations and markets).
- **Details:** CBP officers from the El Centro sector conducted operations far inland (over 320 miles from their base) targeting undocumented immigrants.
### Lateral Movement
*Not Applicable to traditional cyber incident; describes physical movement of enforcement teams.* CBP units moved across Bakersfield and Kern County, operating at 24 unique geolocated spots.
### Data Exfiltration/Impact
- **Details:** 78 individuals were arrested, 40 of whom were documented as swiftly deported. The impact involved the separation of long-term residents from their families and communities.
### Detection & Response
- **How it was discovered:** Investigative journalism by Bellingcat, Evident, and CalMatters, leveraging social media footage (analyzing ~90 videos) and Freedom of Information Act (FOIA) documents.
- **Response actions taken:** The ACLU filed a lawsuit and sought a temporary injunction to halt CBP units from using these tactics, arguing they violate constitutional rights.
## Attack Methodology
- **Initial Access:** Physical presence/enforcement operations by specialized CBP units far from the border.
- **Persistence:** Arrest and detention leading to rapid deportation proceedings.
- **Privilege Escalation:** Using immigration enforcement authority to conduct broad, non-targeted stops far inland.
- **Defense Evasion:** (Not Applicable/Not Reported)
- **Credential Access:** (Not Applicable)
- **Discovery:** Targeting the general area rather than specific individuals based on known criminal records. (FOIA documents suggested 77 of 78 lacked prior criminal/immigration history flags).
- **Lateral Movement:** Physical movement of operational units across the designated geographic area.
- **Collection:** Apprehension of individuals encountered during operations.
- **Exfiltration:** Physical removal (deportation) of arrested individuals.
- **Impact:** Family separation, arrests of long-term residents, community displacement.
## Impact Assessment
- **Financial:** Not explicitly detailed, but legal costs associated with the lawsuit and operational costs were incurred.
- **Data Breach:** Not a cyber event, but **Personal Data Impacted:** 78 individuals arrested; records associated with their apprehension and subsequent deportation.
- **Operational:** Significant disruption to the targeted community; CBP asserted authority to operate deeper inland across California.
- **Reputational:** Tension and criticism from rights groups (ACLU) regarding the "targeted" nature of the operation versus the reality of arrests.
## Indicators of Compromise
- **Network indicators:** N/A
- **File indicators:** N/A
- **Behavioral indicators:** CBP units conducting enforcement actions in locations far inland (e.g., Bakersfield) without specific warrants for individuals based on prior criminal flags.
## Response Actions
- **Containment measures:** Legal containment sought via the ACLU lawsuit requesting a temporary injunction against further use of these tactics.
- **Eradication steps:** N/A (Law enforcement action, not a traditional breach).
- **Recovery actions:** N/A, though impacted individuals and families suffered immediate, non-recoverable separation.
## Lessons Learned
- **Key takeaways:** CBP claimed operations were highly targeted, but internal documents suggested the vast majority of arrests (77/78) were based on chance encounters, contradicting stated intent.
- **What could have been done better:** CBP could have adhered more closely to established protocol regarding individualized suspicion or warrants when conducting enforcement operations far from the border, according to legal critiques.
## Recommendations
- **Prevention measures for similar incidents:** Review and clarify legal authority limits for CBP deployment in inland sectors, especially regarding warrant requirements and demonstrating prior cause for stops versus general area enforcement sweep tactics.