HomeNewsAnalysisCan Latin American Governments Keep Up With Cyber Criminals?
ANALYSIS

Can Latin American Governments Keep Up With Cyber Criminals?

CYBERCRIME / 26 SEP 2016 BY TRISTAN CLAVEL EN

Extensive reports have repeatedly underlined Latin America’s vulnerability to cybercrime, an Achilles' heel which organized crime is already capitalizing on and that could develop into a serious security threat in the absence of robust countermeasures.

According to the Inter-American Development Bank (IDB), cybercrime cost Latin America $90 billion last year, out of a worldwide $575 billion. The cyber security company Norton previously evaluated the cost of cybercrime in 2012 at $8 billion for Brazil, $3 billion for Mexico and $464 million for Colombia.

Among the tools at criminals’ disposal are malware computer programs whose uses have expanded throughout the region. Citing a study by an online security company, the American Society’s Council of the Americas (AS/COA) reported that 50 percent of Latin American companies suffered malware attacks in 2013.

16-09-23-CyberCrimeGraphic1 590

Graphics c/o American Society’s Council of the Americas (AS/COA). See original here.

Not only has malware use been on the rise, the region’s first corporate espionage virus was detected in Peru in 2012, a program whose main purpose was to steal data such as industrial plans and designs. A 2013 report by Trend Micro Inc. that was sponsored by the Organization of American States revealed a growing trend of malwares being designed in Latin American countries.

Illegal botnets, which enable users to take remote-control of a computer without the owner’s consent, are one of the favorite tools among criminal hackers in the region. They accounted for nearly 50 percent of the cybercrime attacks in Latin America in 2013, according to the AS/COA, with 120,000 computers infected by just two of these botnets. The United Nations Office on Drugs and Crime has also reported a high proportion of command and control servers, which are used to manage illegal botnets, compared to the overall number of internet users in the Caribbean and Central America.

SEE ALSO: Coverage of Cyber Crime

In addition, several techniques are widely used by Latin American criminals to trick their victims into communicating confidential information. Phishing is an example, whereby the victims respond to a seemingly legitimate email and give up their personal or bank information. An estimated $26 million a year are stolen from bank clients through phishing, according to AS/COA.

Spear phishing follows the same process but specifically targets organizations to gain access to their confidential data, and represents annual economic losses of $24 million.

A third popular scam is "pharming," in which cybercriminals redirect internet users from legitimate websites to malicious pages. The financial losses from pharming amount to $93 million a year in Mexico alone.

Due to growing public awareness of these scam techniques and increased caution on the part of potential victims, criminals have adapted their methods to target social media users and smartphone owners. A 2013 study by the technology company Symantec saw an increase in fake offers on social media groups, fake "like" buttons dubbed "likejacking," false smartphone applications and malevolent plug-ins.

Through "manual sharing scams," social media users may actually be both a victim and unknowingly help the criminals by sharing the malignant video or fake message with their social media friends. The Symantec report notes that “users continue to fall prey to scams on social media sites, often lured by a fake sense of security conveyed by the presence of so many friends online.”

Criminals have also increasingly resorted to malware attacks against banks to compensate for victims' growing caution with regards to their personal information and the banks’ efforts to implement phishing countermeasures. Criminals now attempt to steal the victims’ information by compromising their computer with a virus. They also directly attack banking systems before sending someone to collect the money from a counter, according to the Mexican cybersecurity company Mattica.

16-09-23-CyberCrimeGraphic2

The 2013 Symantec study also explains that cash distributors have been targeted by “ATM Skimming,” a method which allows criminals to obtain the data of a withdrawal card used at the machine. More worryingly perhaps, the company discovered a malware in Mexico which had the potential to corrupt ATMs, forcing them to dispense cash upon activation by the criminal.

The finance and banking industry is among cybercriminals’ favored targets and has increasingly come under attack through techniques that differ from the usual aforementioned scams. The Financial Crimes Enforcement Network of the US Treasury Department observed increased occurrences in which criminals impersonate legitimate financial actors in order to conduct wire transfers after having compromised the victims’ email account. The magnitude of the fraud is significant; Treasury notes “that since 2013, there have been approximately 22,000 reported cases involving $3.1 billion.”

Beyond the vast profits these scams and malwares generate, internet and communications technology (ICT) has increasingly become an integrated tool for drugs, arms and human trafficking groups’ activities. Apart from using ICT for logistical purposes, it has become vital for criminal organizations looking to gain control of the profits earned from their illicit activities, which is becoming increasingly difficult as the financial sector increases its scrutiny of illicit cash flows.

The Association of Certified Financial Crime Specialists recently revealed that transnational organized crime (TOC) groups are increasingly exploiting corporate credit cards for business-to-business payments of “phantom shipments” between the United States and Mexico. Using the credit card of a front company in the US, criminals buy overvalued or non-existent products from Mexico. The drug money earned in the US is then laundered by entering the legal market in Mexico. 

The issue of cybercrime in Latin America is magnified by the states’ vulnerability in that domain, which led the IDB to issue “a call for action to start taking the necessary steps to protect this 21st century key infrastructure” in a March 2016 report. Citing this study, Info Week reported that 80 percent of Latin American countries are without a national cybersecurity strategy to protect key infrastructure, 50 percent lack a coordinate response mechanism and only one-third possess a command and control center to tackle cybersecurity threats.

Another vulnerability is the slow legal response on the part of many countries to cybercrime, which the IDB report assesses. While certain countries such as Colombia and the Dominican Republic have managed to develop relatively strong legal frameworks, the study points out widespread weaknesses in the indictment procedures for such crimes.

InSight Crime Analysis

Although estimates vary, the sheer amount of money lost to cybercrime in Latin America every year is so high that there is considerable urgency for countries to step up their efforts, both legal and technical. 

As AS/COA notes, most of the countries in the region have undertaken significant steps to strengthen their legislation and cybersecurity agencies, but the speed with which technology is developed or exploited in new, malicious ways requires constant vigilance and adaptation on behalf of both the authorities and private entities.

Beyond the struggle against financial cyber theft, developing stronger cybersecurity measures could also deal a serious blow to TOC involved in various kinds of illicit trafficking. There is a general trend of increased scrutiny of the financial sector aimed at detecting illicit or suspicious transactions in Latin America and the United States. The Panama Papers is an emblematic example of how this scrutiny can tell us more about aspects of TOC’s money laundering operations, and how cybersecurity could eventually allow for better policies and strategies to target a key component of criminal structures, namely their finances.

SEE ALSO: Coverage of Money Laundering

But perhaps the most urgent action that needs to be taken is the protection of vital infrastructure, as called for by the 2016 IDB report. Just as certain criminal groups have gained military capacity over the years, both in terms of training and equipment, it is not far-fetched to imagine TOC groups gaining the ICT that they need to rival government security institutions. Last year, Mexican cartels were able to interfere with the GPS of US border patrol drones, successfully sending the unmanned machines away from their designated monitoring area. Given the speed with which these technologies evolve, that will unlikely be the last -- or the most damaging -- example of how TOC uses cybercrime to facilitate its assorted criminal activities. 

share icon icon icon

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.

DONATE

What are your thoughts? Click here to send InSight Crime your comments.

We encourage readers to copy and distribute our work for non-commercial purposes, with attribution to InSight Crime in the byline and links to the original at both the top and bottom of the article. Check the Creative Commons website for more details of how to share our work, and please send us an email if you use an article.

Was this content helpful?

We want to sustain Latin America’s largest organized crime database, but in order to do so, we need resources.

DONATE

Related Content

ELITES AND CRIME / 11 NOV 2021

The disgraced former governor of Chihuahua, César Duarte, may soon be on a flight home. A US judge approved his…

ARMS TRAFFICKING / 12 OCT 2021

Arms trafficking in Mexico has turned to digital mediums that offer both broad visibility and anonymity to an ever-increasing flow…

COLOMBIA / 30 APR 2021

An investigation into an expansive money laundering scheme in Colombia has revealed how black-market brokers cultivate networks of front-companies and…

About InSight Crime

THE ORGANIZATION

Europe Coverage Makes a Splash

20 JAN 2023

Last week, InSight Crime published an analysis of the role of Amsterdam’s Schiphol Airport as an arrival hub for cocaine and methamphetamine from Mexico.  The article was picked up by…

THE ORGANIZATION

World Looks to InSight Crime for Mexico Expertise

13 JAN 2023

Our coverage of the arrest of Chapitos’ co-founder Ovidio Guzmán López in Mexico has received worldwide attention.In the UK, outlets including The Independent and BBC…

THE ORGANIZATION

InSight Crime Shares Expertise with US State Department

16 DEC 2022

Last week, InSight Crime Co-founder Steven Dudley took part in the International Anti-Corruption Conference organized by the US State Department’s Bureau of Democracy, Human Rights, & Labor and…

THE ORGANIZATION

Immediate Response to US-Mexico Marijuana Investigation

9 DEC 2022

InSight Crime’s investigation into how the legalization of marijuana in many US states has changed Mexico’s criminal dynamics made a splash this week appearing on the front page of…

THE ORGANIZATION

‘Ndrangheta Investigation, Exclusive Interview With Suriname President Make Waves

2 DEC 2022

Two weeks ago, InSight Crime published an investigation into how Italian mafia clan the ‘Ndrangheta built a cocaine trafficking network from South America to ‘Ndrangheta-controlled Italian ports. The investigation generated…