1. Business
  2. Politics and policy
March 3, 2020updated 05 Mar 2020 10:32am

Cartels and cybercrime: A new threat to Latin America

By Allie Nawrat

Every time I visit Latin America someone always cracks a joke about not letting myself be kidnapped by drug cartels. However, cartels and paramilitary groups in the region are certainly not something to be laughed at.

Due to the power of these extremely deadly and powerful organisations, Latin America is the most violent region in the world; the continent has the highest homicide rate in the world, and, worryingly, unlike the rest of the world, the number of homicides is rising towards epidemic levels, according to the United National Development Programme.

How do cartels operate?

In some parts of Latin America – for instance Guatemala City – drug cartels now have more authority than local and national governments. This has led to corrupt situations where government officials cooperate with cartels for their own benefit. This creates a culture of impunity where it is clear nothing is above the law, as well as making it impossible for national governments to crack down on these illegal groups.

Cartels and paramilitary organisations are known to employ patronage to local, impoverished populations that resent being overlooked and left behind by the state. Pablo Escobar, the infamous Medellín cartel boss, is widely known to have used this tactic extensively, and although he was assassinated by the US Drug Enforcement Agency in 1993, this practice is ongoing across the region.

Patronage is used as the carrot, while extortion and murder, rape and kidnapping are the stick that keep local populations fearful and reliant on that particular cartel or gang, rather than a rival.

However, cartels are expanding on these traditional methods, and are beginning to embrace cybercrime as another route for financial gain, as ‘The Dark Side of Latin America’ report by IntSights found. Phishing campaigns, hacking and financial scamming ultimately allow cartels and paramilitary groups to supply their military arsenals and keep up the bribes that keep politicians and local populations loyal. Latin America is now home to both the globe’s murder capitals and the world’s worst money laundering nations.

When organised crime goes online

“Rapid digitisation and widespread adoption of digital technology” has an important role in enabling cybercrime in Latin America, according to the IntSights report. While roughly 69% of the region’s population is online and e-commerce dominates the retail marketplace, this expansion in internet usage has not been matched by strong data privacy legislation. Even where data-focused regulations exist, IntSights’ finds they are not being adequately enforced.

IntSights’ explains this is because authorities in the region have been focusing elsewhere, such as fighting organised crime, therefore creating space for cybercrime to become rife.

Organised crime groups and drug cartels have been particularly interested in working with highly experienced hackers to successful launder money and defraud others through manipulating cryptocurrencies and digital banking.

Although most legitimate cryptocurrencies are required to follow anti-money laundering policies, IntSights found that criminals in Latin America have utilised various methods to achieve their criminal ends.

They have been found to take advantage of cryptocurrency tumblers to mix tainted cryptocurrency funds from the dark web with legitimate ones from clear crypto wallets, to obscure the transaction source. They sometimes use unregulated peer-to-peer exchanges to launder and mix their money without needing to reveal their identity.

One noteworthy example from IntSights’s report is the recruitment of skilled hackers by the leader of Mexican criminal gang Bandidos Revolution Team Héctor Ortiz Solares, or the ‘Bandido Boss’. He hired hackers to write malware code to extract money from banks using interbanking elecronic payment system (SPEI), and then deposits money in third party accounts. After uncovering this, Mexican law enforcement reported the Bandidos were bringing in between 50 and 100m pesos ($2.6m to $5.2m) per month thanks to the operation.

Latin American criminal organisations also have a propensity for phishing campaigns, according to IntSights. One high-profile phishing campaign involved mimicking bank websites, utilising fake Google and Bing adwords to encourage individuals to enter their person information, including address and contact information. When this were discovered by IntSights, the threat actors simply moved to target new registrars with a different infrastructure.

The ‘Dark Side of Latin America’ report also found a five-year scam where Catasis malware distributed emails impersonating different Mexican government organisations. The malware could access the target’s camera, microphone and voice recorder.

Other malware threats identified were banking Trojans and ransomware – which are particularly common and widespread in Latin America. On example is Trickbot, a banking Trojan used to access the online bank accounts of small and medium-sized businesses to carry out identity fraud and theft. It targeted various industries ranging from retail, technology and energy sectors. A Ryuk ransomware attack caused the complete shutdown of Mexico’s state oil firm PEMEX corporation in 2019.

Importantly, these attacks were not all carried out from within Latin America. IntSights’s report found that the Ryuk Ransomeware and Trickbot attacks were from an organised crime group operating in Russia. This shows that the region is being seen as a particularly easy target for cybercrime, likely due to its immature digital security landscape and the inability of the authorities to deal with existing criminal networks.

Role of economic failure in spurring cybercrime

Another reason why Latin American might be particularly ripe for both domestic and external cybercrime is because the region is currently experiencing significant economic issues.

2019 was a particularly difficult year for the region with the International Monetary Fund (IMF) having to downgrade the economic status of the entire continent. The IMF’s October 2019 World Economic Outlook (WEO) Report predicted growth would be 0.2% that year, which was 1.2% lower than the April 2019 WEO report.

A significant proportion of blame for the region’s economic decline can be placed at the door of Nicolas Maduro’s stranglehold over failed oil state Venezuela. However, 2019 also saw some of the continent’s strongest economies suffering, particularly Chile, Argentina and Brazil.

IntSights has published a report with a spotlight on Venezuela, which explores how citizens are turning to cybercrime in a country where inflation has reached 10,000,000% – the highest in the world – and consequently, legitimate income sources have completely dried it for the majority of the population. Cybercrime therefore presents an alternative for individuals who do not want to leave their home and seek work abroad, as many others have been forced to do.

Read more: Silicon Valley style tech start ups hold promise for Latin America.