Thursday, October 27, 2022

LatAm in Focus: What the Guacamaya Hacks Reveal about Latin American Militaries

By Carin Zissis and Chase Harrison

UC San Diego’s Dr. Cecilia Farfán Méndez and Trend Micro’s Juan Pablo Castro cover the 10-terabyte hack on militaries of five Latin American countries.

New to the podcast? Check out past episodes and learn more about <a data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="https://www.as-coa.org/latin-america-focus-podcast" delay="150" href="https://www.as-coa.org/latin-america-focus-podcast" rel="noopener noreferrer" tabindex="-1" target="_blank">Latin America in Focus</a>, and subscribe on <a data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="https://music.amazon.com/podcasts/c8c77d3b-e026-4803-9012-a98a41c21009/latin-america-in-focus" delay="150" href="https://music.amazon.com/podcasts/c8c77d3b-e026-4803-9012-a98a41c21009/latin-america-in-focus" rel="noopener noreferrer" tabindex="-1" target="_blank">Amazon</a>, <a data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="https://podcasts.apple.com/us/podcast/latin-america-in-focus/id1089353175" delay="150" href="https://podcasts.apple.com/us/podcast/latin-america-in-focus/id1089353175" rel="noopener noreferrer" tabindex="-1" target="_blank">Apple</a>, <a data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="https://open.spotify.com/show/7wTMMhLMCkYP46gKuvmAoj?si=KVzHKDJCRKCLui-OHBfNNA" delay="150" href="https://open.spotify.com/show/7wTMMhLMCkYP46gKuvmAoj?si=KVzHKDJCRKCLui-OHBfNNA" rel="noopener noreferrer" tabindex="-1" target="_blank">Spotify</a>, <a data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5zb3VuZGNsb3VkLmNvbS91c2Vycy9zb3VuZGNsb3VkOnVzZXJzOjEwOTc4Mjk0L3NvdW5kcy5yc3M" delay="150" href="https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5zb3VuZGNsb3VkLmNvbS91c2Vycy9zb3VuZGNsb3VkOnVzZXJzOjEwOTc4Mjk0L3NvdW5kcy5yc3M" rel="noopener noreferrer" tabindex="-1" target="_blank">Google</a>, <a data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="https://soundcloud.com/ascoa" delay="150" href="https://soundcloud.com/ascoa" rel="noopener noreferrer" tabindex="-1" target="_blank">Soundcloud</a>, or <a data-remove-tab-index="true" data-sk="tooltip_parent" data-stringify-link="https://www.stitcher.com/podcast/americas-societycouncil-of-the-americas/latin-america-in-focus" delay="150" href="https://www.stitcher.com/podcast/americas-societycouncil-of-the-americas/latin-america-in-focus" rel="noopener noreferrer" tabindex="-1" target="_blank">Stitcher</a>. <hr /> <div class="wrapper" style="width: 100%;"> In September, a group of hackers put the armed forces of several Latin American countries on notice. Known as Guacamaya, Spanish for macaw, the group had already carried out <a href="https://www.vice.com/en/article/5d39j3/meet-the-environmental-hacktivists-trying-to-sabotage-mining-companies ">at least three major hacks this year</a>, releasing information from private companies and government agencies in what it describes as an effort to sabotage mining and oil operations and to shield the environment and indigenous groups from colonialist interests.   This time around, <a href="https://apnews.com/article/technology-mexico-caribbean-chile-hacking-47c914bbe268d336c2dfba611323f729">the hacktivists turned their attention</a> to military and police agencies in Chile, Colombia, El Salvador, Mexico, and Peru, releasing <a href="https://www.cyberscoop.com/central-american-hacking-group-releases-emails/">10 terabytes of, in many cases, classified materials</a>. The data dump involved hundreds of thousands of emails and files, and the sheer volume of materials is so large that it means it could take months or even years to comb through it all.   In Chile, where leaks revealed information about military spending and strategies, the general in charge of the joint chiefs of staff <a href="https://en.mercopress.com/2022/09/23/chile-s-top-general-resigns-over-intel-leak">already stepped down</a>. In the case El Salvador, leaks show gang leaders <a href="https://elfaro.net/es/202210/el_salvador/26418/El-d%C3%ADa-en-que-inici%C3%B3-la-masacre-de-marzo-cuatro-l%C3%ADderes-de-la-MS-13-salieron-de-Zacatecoluca.htm ">transferred from a prison</a> to a private hospital during a violent weekend in that country. <table align="right" border="0" cellpadding="5" cellspacing="5" style="width: 30%;"> <tbody> <tr> <td> <a href="https://www.colombiariskanalysis.com/equipo"><img alt="Cecilia Farfan Mendez" data-entity-type="file" data-entity-uuid="b2629b19-6bb1-4861-a7d1-5a2fc8d68e24" height="177" src="/sites/default/files/inline-images/Cecilia.jpeg" width="174" /></a> Dr. Cecilia Farfán Méndez   </td> </tr> </tbody> </table> But, at least thus far, Mexico has seen <a href="https://twitter.com/isagvh/status/1577875084278112259">the largest number of revelations</a> come to light.  After all, six of the 10 terabytes released by Guacamaya involve more than four million documents from Mexico’s Defense Ministry (Sedena). The leaks have revealed a plethora of information involving everything from authorities spying on journalists and activists to officials’ ties with organized crime to the military’s plans to start its own tourism agency.   All of this is giving people a view inside the country’s armed forces like never before. “Mexico is known for its opacity and for its lack of accountability,” explains Dr. <a href="https://usmex.ucsd.edu/about/team.html">Cecilia Farfán Méndez</a>, head of security research programs at the Center for U.S.-Mexican Studies at the University of California San Diego and co-founder of the Mexico Violence Resource Project. She tells AS/COA Carin Zissis: “Whether it's five emails or 5,000, the reality is that just having access to this information is a huge change.” Farfán Méndez also explained what the hacks mean in the context of growing military power, why Mexicans trust the armed forces, and whether the leaks will have an impact on U.S.-Mexico security cooperation. </div>

“After so many years of opacity and this lack of accountability, all this information that’s come out is seen as fair game.” – Cecilia Farfán Méndez

Juan Pablo Castro

But how did it happen that the very agencies in charge of their countries’ cybersecurity ended up getting hacked in the first place? “What is strange in this case, and raises all the flags and alarms here, is that there should be another layer of security in front of those servers to stop those kinds of vulnerabilities because they are well known,” said Director of Technology & Cybersecurity Strategist for Trend Micro Juan Pablo Castro. He tells AS/COA Online’s Chase Harrison why Latin America’s militaries were so susceptible to attacks and whether the identity of Guacamaya matters at all.

Latin America in Focus Podcast

Subscribe to Latin America in Focus, AS/COA's podcast focusing on the latest trends in politics, economics, and culture throughout the Americas.

Share

LatAm in Focus: What the Guacamaya Hacks Reveal about Latin American Militaries

Related

Explore