HomeNewsAnalysisCan Latin American Governments Keep Up With Cyber Criminals?
ANALYSIS

Can Latin American Governments Keep Up With Cyber Criminals?

CYBERCRIME / 26 SEP 2016 BY TRISTAN CLAVEL EN

Extensive reports have repeatedly underlined Latin America’s vulnerability to cybercrime, an Achilles' heel which organized crime is already capitalizing on and that could develop into a serious security threat in the absence of robust countermeasures.

According to the Inter-American Development Bank (IDB), cybercrime cost Latin America $90 billion last year, out of a worldwide $575 billion. The cyber security company Norton previously evaluated the cost of cybercrime in 2012 at $8 billion for Brazil, $3 billion for Mexico and $464 million for Colombia.

Among the tools at criminals’ disposal are malware computer programs whose uses have expanded throughout the region. Citing a study by an online security company, the American Society’s Council of the Americas (AS/COA) reported that 50 percent of Latin American companies suffered malware attacks in 2013.

16-09-23-CyberCrimeGraphic1 590

Graphics c/o American Society’s Council of the Americas (AS/COA). See original here.

Not only has malware use been on the rise, the region’s first corporate espionage virus was detected in Peru in 2012, a program whose main purpose was to steal data such as industrial plans and designs. A 2013 report by Trend Micro Inc. that was sponsored by the Organization of American States revealed a growing trend of malwares being designed in Latin American countries.

Illegal botnets, which enable users to take remote-control of a computer without the owner’s consent, are one of the favorite tools among criminal hackers in the region. They accounted for nearly 50 percent of the cybercrime attacks in Latin America in 2013, according to the AS/COA, with 120,000 computers infected by just two of these botnets. The United Nations Office on Drugs and Crime has also reported a high proportion of command and control servers, which are used to manage illegal botnets, compared to the overall number of internet users in the Caribbean and Central America.

SEE ALSO: Coverage of Cyber Crime

In addition, several techniques are widely used by Latin American criminals to trick their victims into communicating confidential information. Phishing is an example, whereby the victims respond to a seemingly legitimate email and give up their personal or bank information. An estimated $26 million a year are stolen from bank clients through phishing, according to AS/COA.

Spear phishing follows the same process but specifically targets organizations to gain access to their confidential data, and represents annual economic losses of $24 million.

A third popular scam is "pharming," in which cybercriminals redirect internet users from legitimate websites to malicious pages. The financial losses from pharming amount to $93 million a year in Mexico alone.

Due to growing public awareness of these scam techniques and increased caution on the part of potential victims, criminals have adapted their methods to target social media users and smartphone owners. A 2013 study by the technology company Symantec saw an increase in fake offers on social media groups, fake "like" buttons dubbed "likejacking," false smartphone applications and malevolent plug-ins.

Through "manual sharing scams," social media users may actually be both a victim and unknowingly help the criminals by sharing the malignant video or fake message with their social media friends. The Symantec report notes that “users continue to fall prey to scams on social media sites, often lured by a fake sense of security conveyed by the presence of so many friends online.”

Criminals have also increasingly resorted to malware attacks against banks to compensate for victims' growing caution with regards to their personal information and the banks’ efforts to implement phishing countermeasures. Criminals now attempt to steal the victims’ information by compromising their computer with a virus. They also directly attack banking systems before sending someone to collect the money from a counter, according to the Mexican cybersecurity company Mattica.

16-09-23-CyberCrimeGraphic2

The 2013 Symantec study also explains that cash distributors have been targeted by “ATM Skimming,” a method which allows criminals to obtain the data of a withdrawal card used at the machine. More worryingly perhaps, the company discovered a malware in Mexico which had the potential to corrupt ATMs, forcing them to dispense cash upon activation by the criminal.

The finance and banking industry is among cybercriminals’ favored targets and has increasingly come under attack through techniques that differ from the usual aforementioned scams. The Financial Crimes Enforcement Network of the US Treasury Department observed increased occurrences in which criminals impersonate legitimate financial actors in order to conduct wire transfers after having compromised the victims’ email account. The magnitude of the fraud is significant; Treasury notes “that since 2013, there have been approximately 22,000 reported cases involving $3.1 billion.”

Beyond the vast profits these scams and malwares generate, internet and communications technology (ICT) has increasingly become an integrated tool for drugs, arms and human trafficking groups’ activities. Apart from using ICT for logistical purposes, it has become vital for criminal organizations looking to gain control of the profits earned from their illicit activities, which is becoming increasingly difficult as the financial sector increases its scrutiny of illicit cash flows.

The Association of Certified Financial Crime Specialists recently revealed that transnational organized crime (TOC) groups are increasingly exploiting corporate credit cards for business-to-business payments of “phantom shipments” between the United States and Mexico. Using the credit card of a front company in the US, criminals buy overvalued or non-existent products from Mexico. The drug money earned in the US is then laundered by entering the legal market in Mexico. 

The issue of cybercrime in Latin America is magnified by the states’ vulnerability in that domain, which led the IDB to issue “a call for action to start taking the necessary steps to protect this 21st century key infrastructure” in a March 2016 report. Citing this study, Info Week reported that 80 percent of Latin American countries are without a national cybersecurity strategy to protect key infrastructure, 50 percent lack a coordinate response mechanism and only one-third possess a command and control center to tackle cybersecurity threats.

Another vulnerability is the slow legal response on the part of many countries to cybercrime, which the IDB report assesses. While certain countries such as Colombia and the Dominican Republic have managed to develop relatively strong legal frameworks, the study points out widespread weaknesses in the indictment procedures for such crimes.

InSight Crime Analysis

Although estimates vary, the sheer amount of money lost to cybercrime in Latin America every year is so high that there is considerable urgency for countries to step up their efforts, both legal and technical. 

As AS/COA notes, most of the countries in the region have undertaken significant steps to strengthen their legislation and cybersecurity agencies, but the speed with which technology is developed or exploited in new, malicious ways requires constant vigilance and adaptation on behalf of both the authorities and private entities.

Beyond the struggle against financial cyber theft, developing stronger cybersecurity measures could also deal a serious blow to TOC involved in various kinds of illicit trafficking. There is a general trend of increased scrutiny of the financial sector aimed at detecting illicit or suspicious transactions in Latin America and the United States. The Panama Papers is an emblematic example of how this scrutiny can tell us more about aspects of TOC’s money laundering operations, and how cybersecurity could eventually allow for better policies and strategies to target a key component of criminal structures, namely their finances.

SEE ALSO: Coverage of Money Laundering

But perhaps the most urgent action that needs to be taken is the protection of vital infrastructure, as called for by the 2016 IDB report. Just as certain criminal groups have gained military capacity over the years, both in terms of training and equipment, it is not far-fetched to imagine TOC groups gaining the ICT that they need to rival government security institutions. Last year, Mexican cartels were able to interfere with the GPS of US border patrol drones, successfully sending the unmanned machines away from their designated monitoring area. Given the speed with which these technologies evolve, that will unlikely be the last -- or the most damaging -- example of how TOC uses cybercrime to facilitate its assorted criminal activities. 

share icon icon icon

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.

DONATE

What are your thoughts? Click here to send InSight Crime your comments.

We encourage readers to copy and distribute our work for non-commercial purposes, with attribution to InSight Crime in the byline and links to the original at both the top and bottom of the article. Check the Creative Commons website for more details of how to share our work, and please send us an email if you use an article.

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.

DONATE

Related Content

BRAZIL / 8 NOV 2022

As gold prices have skyrocketed, a boom in mining across the Amazon Basin has flourished, leaving a deep environmental footprint.

ECUADOR / 13 OCT 2022

US dollars have been flooding into Venezuela and Ecuador, with authorities unaware of how widespread their use has become…

MONEY LAUNDERING / 4 SEP 2023

Money laundering cases tied to drug trafficking in Uruguay have almost doubled in the past five years, according to a…

About InSight Crime

THE ORGANIZATION

InSight Crime Cited in New Colombia Drug Policy Plan

15 SEP 2023

InSight Crime’s work on emerging coca cultivation in Honduras, Guatemala, and Venezuela was cited in the Colombian government’s…

THE ORGANIZATION

InSight Crime Discusses Honduran Women's Prison Investigation

8 SEP 2023

Investigators Victoria Dittmar and María Fernanda Ramírez discussed InSight Crime’s recent investigation of a massacre in Honduras’ only women’s prison in a Twitter Spaces event on…

THE ORGANIZATION

Human Trafficking Investigation Published in Leading Mexican Newspaper

1 SEP 2023

Leading Mexican media outlet El Universal featured our most recent investigation, “The Geography of Human Trafficking on the US-Mexico Border,” on the front page of its August 30…

THE ORGANIZATION

InSight Crime's Coverage of Ecuador Leads International Debate

25 AUG 2023

This week, Jeremy McDermott, co-director of InSight Crime, was interviewed by La Sexta, a Spanish television channel, about the situation of extreme violence and insecurity in Ecuador…

THE ORGANIZATION

Human Rights Watch Draws on InSight Crime's Haiti Coverage

18 AUG 2023

Non-governmental organization Human Rights Watch relied on InSight Crime's coverage this week, citing six articles and one of our criminal profiles in its latest report on the humanitarian…