HomeNewsAnalysisCan Latin American Governments Keep Up With Cyber Criminals?
ANALYSIS

Can Latin American Governments Keep Up With Cyber Criminals?

CYBERCRIME / 26 SEP 2016 BY TRISTAN CLAVEL EN

Extensive reports have repeatedly underlined Latin America’s vulnerability to cybercrime, an Achilles' heel which organized crime is already capitalizing on and that could develop into a serious security threat in the absence of robust countermeasures.

According to the Inter-American Development Bank (IDB), cybercrime cost Latin America $90 billion last year, out of a worldwide $575 billion. The cyber security company Norton previously evaluated the cost of cybercrime in 2012 at $8 billion for Brazil, $3 billion for Mexico and $464 million for Colombia.

Among the tools at criminals’ disposal are malware computer programs whose uses have expanded throughout the region. Citing a study by an online security company, the American Society’s Council of the Americas (AS/COA) reported that 50 percent of Latin American companies suffered malware attacks in 2013.

16-09-23-CyberCrimeGraphic1 590

Graphics c/o American Society’s Council of the Americas (AS/COA). See original here.

Not only has malware use been on the rise, the region’s first corporate espionage virus was detected in Peru in 2012, a program whose main purpose was to steal data such as industrial plans and designs. A 2013 report by Trend Micro Inc. that was sponsored by the Organization of American States revealed a growing trend of malwares being designed in Latin American countries.

Illegal botnets, which enable users to take remote-control of a computer without the owner’s consent, are one of the favorite tools among criminal hackers in the region. They accounted for nearly 50 percent of the cybercrime attacks in Latin America in 2013, according to the AS/COA, with 120,000 computers infected by just two of these botnets. The United Nations Office on Drugs and Crime has also reported a high proportion of command and control servers, which are used to manage illegal botnets, compared to the overall number of internet users in the Caribbean and Central America.

SEE ALSO: Coverage of Cyber Crime

In addition, several techniques are widely used by Latin American criminals to trick their victims into communicating confidential information. Phishing is an example, whereby the victims respond to a seemingly legitimate email and give up their personal or bank information. An estimated $26 million a year are stolen from bank clients through phishing, according to AS/COA.

Spear phishing follows the same process but specifically targets organizations to gain access to their confidential data, and represents annual economic losses of $24 million.

A third popular scam is "pharming," in which cybercriminals redirect internet users from legitimate websites to malicious pages. The financial losses from pharming amount to $93 million a year in Mexico alone.

Due to growing public awareness of these scam techniques and increased caution on the part of potential victims, criminals have adapted their methods to target social media users and smartphone owners. A 2013 study by the technology company Symantec saw an increase in fake offers on social media groups, fake "like" buttons dubbed "likejacking," false smartphone applications and malevolent plug-ins.

Through "manual sharing scams," social media users may actually be both a victim and unknowingly help the criminals by sharing the malignant video or fake message with their social media friends. The Symantec report notes that “users continue to fall prey to scams on social media sites, often lured by a fake sense of security conveyed by the presence of so many friends online.”

Criminals have also increasingly resorted to malware attacks against banks to compensate for victims' growing caution with regards to their personal information and the banks’ efforts to implement phishing countermeasures. Criminals now attempt to steal the victims’ information by compromising their computer with a virus. They also directly attack banking systems before sending someone to collect the money from a counter, according to the Mexican cybersecurity company Mattica.

16-09-23-CyberCrimeGraphic2

The 2013 Symantec study also explains that cash distributors have been targeted by “ATM Skimming,” a method which allows criminals to obtain the data of a withdrawal card used at the machine. More worryingly perhaps, the company discovered a malware in Mexico which had the potential to corrupt ATMs, forcing them to dispense cash upon activation by the criminal.

The finance and banking industry is among cybercriminals’ favored targets and has increasingly come under attack through techniques that differ from the usual aforementioned scams. The Financial Crimes Enforcement Network of the US Treasury Department observed increased occurrences in which criminals impersonate legitimate financial actors in order to conduct wire transfers after having compromised the victims’ email account. The magnitude of the fraud is significant; Treasury notes “that since 2013, there have been approximately 22,000 reported cases involving $3.1 billion.”

Beyond the vast profits these scams and malwares generate, internet and communications technology (ICT) has increasingly become an integrated tool for drugs, arms and human trafficking groups’ activities. Apart from using ICT for logistical purposes, it has become vital for criminal organizations looking to gain control of the profits earned from their illicit activities, which is becoming increasingly difficult as the financial sector increases its scrutiny of illicit cash flows.

The Association of Certified Financial Crime Specialists recently revealed that transnational organized crime (TOC) groups are increasingly exploiting corporate credit cards for business-to-business payments of “phantom shipments” between the United States and Mexico. Using the credit card of a front company in the US, criminals buy overvalued or non-existent products from Mexico. The drug money earned in the US is then laundered by entering the legal market in Mexico. 

The issue of cybercrime in Latin America is magnified by the states’ vulnerability in that domain, which led the IDB to issue “a call for action to start taking the necessary steps to protect this 21st century key infrastructure” in a March 2016 report. Citing this study, Info Week reported that 80 percent of Latin American countries are without a national cybersecurity strategy to protect key infrastructure, 50 percent lack a coordinate response mechanism and only one-third possess a command and control center to tackle cybersecurity threats.

Another vulnerability is the slow legal response on the part of many countries to cybercrime, which the IDB report assesses. While certain countries such as Colombia and the Dominican Republic have managed to develop relatively strong legal frameworks, the study points out widespread weaknesses in the indictment procedures for such crimes.

InSight Crime Analysis

Although estimates vary, the sheer amount of money lost to cybercrime in Latin America every year is so high that there is considerable urgency for countries to step up their efforts, both legal and technical. 

As AS/COA notes, most of the countries in the region have undertaken significant steps to strengthen their legislation and cybersecurity agencies, but the speed with which technology is developed or exploited in new, malicious ways requires constant vigilance and adaptation on behalf of both the authorities and private entities.

Beyond the struggle against financial cyber theft, developing stronger cybersecurity measures could also deal a serious blow to TOC involved in various kinds of illicit trafficking. There is a general trend of increased scrutiny of the financial sector aimed at detecting illicit or suspicious transactions in Latin America and the United States. The Panama Papers is an emblematic example of how this scrutiny can tell us more about aspects of TOC’s money laundering operations, and how cybersecurity could eventually allow for better policies and strategies to target a key component of criminal structures, namely their finances.

SEE ALSO: Coverage of Money Laundering

But perhaps the most urgent action that needs to be taken is the protection of vital infrastructure, as called for by the 2016 IDB report. Just as certain criminal groups have gained military capacity over the years, both in terms of training and equipment, it is not far-fetched to imagine TOC groups gaining the ICT that they need to rival government security institutions. Last year, Mexican cartels were able to interfere with the GPS of US border patrol drones, successfully sending the unmanned machines away from their designated monitoring area. Given the speed with which these technologies evolve, that will unlikely be the last -- or the most damaging -- example of how TOC uses cybercrime to facilitate its assorted criminal activities. 

share icon icon icon

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.

DONATE

What are your thoughts? Click here to send InSight Crime your comments.

We encourage readers to copy and distribute our work for non-commercial purposes, with attribution to InSight Crime in the byline and links to the original at both the top and bottom of the article. Check the Creative Commons website for more details of how to share our work, and please send us an email if you use an article.

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.

DONATE

Related Content

ARMS TRAFFICKING / 25 FEB 2021

Alto Paraná is home to some of Paraguay’s most dynamic criminal economies. Contraband goods continue to flood Brazil and Argentina…

ELITES AND CRIME / 12 MAY 2021

Time appears to be running out for the governor of the US-Mexico border state of Tamaulipas – after lawmakers stripped…

CARIBBEAN / 29 JUN 2021

The owner of an armored transport company has been charged for his part in a transnational dirty gold network that…

About InSight Crime

LA ORGANIZACIÓN

Extensive Coverage of our Chronicles of a Cartel Bodyguard

23 SEP 2022

Our recent investigation, A Cartel Bodyguard in Mexico’s 'Hot Land', has received extensive media coverage.

THE ORGANIZATION

InSight Crime, American University Host Illegal Fishing Panel

19 SEP 2022

InSight Crime and the Center for Latin American & Latino Studies (CLALS) at American University discussed the findings of a joint investigation on IUU fishing at a September 9 conference.

THE ORGANIZATION

Impact on the Media Landscape

9 SEP 2022

InSight Crime’s first investigation on the Dominican Republic made an immediate impact on the Dominican media landscape, with major news outlets republishing and reprinting our findings, including in …

THE ORGANIZATION

InSight Crime Sharpens Its Skills

2 SEP 2022

Last week, the InSight Crime team gathered for our annual retreat in Colombia, where we discussed our vision and strategy for the next 12 months.  During the week, we also learned how to…

THE ORGANIZATION

Colombia’s Fragile Path to Peace Begins to Take Shape

26 AUG 2022

InSight Crime is charting the progress of President Gustavo Petro’s agenda as he looks to revolutionize Colombia’s security policy, opening dialogue with guerrillas, reforming the military and police, and…