Cyber Security and Hacktivism in Latin America: Past and Future
By: Benjamin Mattern, Research Associate at the Council on Hemispheric Affairs
Along with the opportunities brought by the proliferation of the personal computer and societal penetration of the Internet across the world, came the enormous increase of cyber crime – a global evil that impacted an estimated 556 million victims in 2012. [1] Cyber crime has most commonly manifested itself in Latin America and the Caribbean through computer hacking techniques such as malware, phishing, and denial of service (DoS) attacks. [2] According to a study on cybercrime by the Latin American and Caribbean Internet Addresses Registry, phishing alone affects about 2,500 regional banks and accounts for $93 billion USD in annual losses. [3] But not all cyber crimes are economically motivated. Hacktivism, a term combining hacking and political activism, has become extremely popular in recent years, largely because of the global organization Anonymous. Their establishment as a hacktivist group came in 2008 when they launched “Project Chanology,” a protest movement that digitally attacked the Church of Scientology for “us[ing] Internet censorship to spread misinformation about their practices.” [4] Known worldwide for their symbolic use of the Guy Fawkes mask, Anonymous strives to promote public awareness of social issues, and takes action towards the realization of societal justice and equality. Since 2008, Anonymous has taken responsibility for hundreds of minor hacks worldwide, and dozens of high profile social-protest cyber operations. [5] Yet, despite the possible positive implications of hacktivism, it is still a large part of the growing cybercrime problem in Latin America.
Malicious economic cybercrime has become a serious issue for many Latin American governments. Because Internet and smart phone usage is growing faster in Latin America than anywhere else, with increasing connectivity rates of 1,111 percent and 1,480 percent in South and Central America respectively, risks to citizens are now that much greater. [6] This is because these new commodities have “enabled and extended the reach of gangs, cartels and organized criminals.” [7] These criminal organizations, among other online criminals, use computer hacking and other digital strategies to steal money in order to fund their operations.
Latin Americans are also some of the most avid users of social media, which can pose many threats. Applications such as Facebook and Twitter have become outlets that can be used to set up illegal meetings, as well as buy and transfer malware, phishing/pharming techniques, and similar malicious software. [8] To combat this increasing trend, many countries in Central and South America have passed cybercrime legislation and created cyber defense systems. Foremost among them are Argentina, Brazil, Chile, Colombia, Mexico, Panama, Peru, and Venezuela. [9] However, while these national initiatives do deserve praise, they lack a unified regional strategy to battle cybercrime. Due to the transnational nature of the Internet and the inherent mobility afforded to cyber criminals, the current incongruences in regulatory pressure between states allow skilled hackers to side-step laws and stump law enforcement. Surely, multilateral efforts to stop illegal online activity are having an impact, but just like technology today, the evolution of cybercrime is consistently one step ahead of every government’s ability to fight it.
Multilateral Cooperation and the Need for Further Action
A recent report on regional cybersecurity published by the Organization of American States (OAS) stated that, “overall OAS Member States have shown unity on cybersecurity issues,” and, in 2004, they “unanimously adopted the Comprehensive Inter-American Cybersecurity Strategy,” which greatly enhanced the multilateral atmosphere and possibilities of cooperation. [10] To date, however, only two multilateral initiatives centered in Latin America have had tangible results. [11] “Operation Unmask,” active in February 2012, was launched through the collaboration of Colombian law enforcement agencies with their peers in Argentina, Chile, and Spain, in an attempt to bring down an online hacking community. [12] Their efforts led to raids in 15 cities, and the eventual arrest of 31 individuals. [13] A year and a half later, “Operation Historia” created a platform for Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Spain, Uruguay, and Venezuela to work together to stamp out online child pornography distributors. [14] Around 100 arrests in 63 cities were made, with nearly half of the arrests in Argentina. [15] When compared to the successful incident response rates in individual countries, this reveals that multilateral initiatives are ultimately more effective with regard to law enforcement and repair of critical infrastructure. [16] This fact is encouraging, as globalization continues and Latin American states seek increased economic and technological interconnectivity; multilateral cyber defense systems are a point of mutually beneficial collaboration that has, and will continue, to succeed.
However, despite examples of how multilateral initiatives have been carried out with positive results, Latin American governments appear to lack enthusiasm for their continuation, even though further cooperation and strategic integration is badly needed. Officials “are confronting rapid technological advances with bureaucracies that are slow to adapt” and these institutions have a shortage of comprehensive legislation and firm security policies. [17] They have “only beg[un] to adopt laws, institutions and countermeasures to combat online criminality,” and while this is movement in the right direction, the pace of reform compared to the effects of existing cybercrime is unacceptably slow. [18] In addition, the relative novelty and inexperience displayed in the industry of cyber security in Latin America means that “many countries are facing difficulties deterring and prosecuting hackers and other cybercriminals” once they have been identified and arrested. [19] This disconnect, combined with the rapid increase in Internet use, allows hackers to successfully funnel billions of dollars each year out of banks and institutions, slowing development and innovation. One such illegal operation was discovered in Brazil in 2012. Hackers used malware to prey on a vulnerable online payment method called Boletos, which is used for anything from telephone bills to school tuition. According to The New York Times, the criminals targeted nearly four billion USD in public funds. [20] Researchers digitally traced the hacks back to a group in Brazil and determined that 192,227 people and 495,793 transactions had been affected. [21]
Moving forward, Latin America needs to synchronize their informational networks, security strategies, criminal penalties, and prosecution protocols to effectively minimize loopholes in the system that are now being easily exploited by many regional cybercriminals. While there is no doubt regarding the criminality of stealing money or personal information from institutions and private citizens, in contrast, hacktivism poses an interesting problem.
Hacktivism: Does a Righteous Underpinning Justify an Illegal Act?
Hacktivism combines computer hacking and politically motivated social protest into one contentious phenomenon. The important difference between those who engage in hacktivism and other computer hackers is one of ideological motivation. While techniques such as phishing/pharming and the use of malware are most often used to invade computers with the intention of stealing personal information related to the victim’s bank or credit card, hacktivism provides a skilled hacker with the opportunity to draw public attention to an important social issue. Hacks attributed to the group Anonymous have included government websites all over the world being defaced or shut down, attacks on Visa, Mastercard, and Paypal, and roles in the Arab Spring and Occupy movements. [22] More specifically, LulzSec, an offshoot organization of Anonymous, successfully took down two Brazilian government websites in 2011, citing concerns over the manipulation of information and general issues of transparency. [23] In addition, Anonymous gained further recognition in the same year by regularly attacking the official CIA and U.S. Senate websites, and in June 2011 displayed a dedication to civil rights through the attack of the Arizona Department of Public Safety in response to a controversial immigration law. [24] Although all forms of hacking are illegal, the ideological differences between malicious hacking and hacktivism raises questions about the future of politically motivated cybercrime.
Unfortunately, it appears that despite the great potential for hack-driven social change, the decentralized structure of Anonymous negatively affects members’ ability to coordinate large-scale operations with meaningful consequences. [25] LulzSec, for example, has moved further away from hacking in reaction to political or social injustice. This inclination led to “bad press for causes in general,” said a former member of LulzSec. [26] These groups tend to hack seemingly random targets that are not tied to the original motive, or in many cases they hack just for amusement. [27] Moreover, this trend displays the fundamental flaw that exists when considering the possibility of a legitimate role for hacktivism in society. The aforementioned former member of LulzSec, who was named in the 2012 U.S. indictment, said that leadership decentralization caused by governmental crackdowns “means a lot of people can get away with blatantly criminal and unethical activity under the guise of ‘hacktivism’ where previously they would have been called on their behavior” by other members of the organization. [29] Thus, it seems as if cybercrime of a truly revolutionary nature will either succumb to international prevention and regulation, or an organization will somehow be formed that can simultaneously thwart authorities, maintain an effective structure, and realize social and political change.
Conclusion
As the Internet continues to spread throughout Latin America and the rest of the world, cybercrime will spread alongside it. This diffusion will most certainly result in growing financial losses in both the public and private sectors, unless governments adopt effective and consistent legislation and further security measures. Soon the importance of a serious multilateral anti-hacking strategy will be fully realized. Despite recent advances in international cybersecurity such as Operations “Unmask” and “Historia,” further cooperation is the only way to combat the evolutionary amorphous cyber threat posed by online criminals. A coordinated defense system will decrease the frequency and extent of cybercrime, helping to catch and convict hackers successfully, thus avoiding financial peril and embarrassing and potentially dangerous governmental hacks. As for hacktivism, the intentions of politically minded groups may have truly moral underpinnings, but this does not alter the illegality of their actions. In combination with a decentralized structure and corresponding inability to internally monitor their members, already loose cyber alignments like those that make up Anonymous may falter and result in the specific targeting of online activists by cybersecurity bodies. The future looks bleak for this type of social-issue promotion, but it is a necessary step in the minimization of all cybercrime.
Please accept this article as a free contribution from COHA, but if re-posting, please afford authorial and institutional attribution. Exclusive rights can be negotiated. For additional news and analysis on Latin America, please go to: LatinNews.com and Rights Action.
References
[1] “2012 Norton Cybercrime Report” (2012). http://now-static.norton.com/now/en/pu/images/Promotions/2012/cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf (July 6, 2014).
[2] “Latin America Reaches a Crossroads for Guarding against Cybercrime” (Wharton, University of Pennsylvania, July 24, 2013). https://knowledge.wharton.upenn.edu/article/latin-america-reaches-a-crossroads-for-guarding-against-cybercrime/ (July 7, 2014).
[3] Antonio Larronda and Carlos Barahona, “Cyber attacks on the rise in Latin America, Caribbean” (Infosurhoy, June 8, 2012). http://infosurhoy.com/en_GB/articles/saii/features/main/2012/06/08/feature-01 (July 6, 2014).
[4] Natalie Wolchover, “Best hacks by the Hacktivist Group ‘Anonymous’” (Livescience, November 11, 2011). http://www.livescience.com/33599-best-hacks-anonymous-hacktivism.html (July 8, 2014).
[5] Quinn Norton, “How Anonymous Picks Targets, Launches Attacks, and Takes Powerful Organizations Down” (Wired, July 3, 2012). http://www.wired.com/2012/07/ff_anonymous/all/ (July 7, 2014).
[6] “A Fine Balance: Mapping cyber (in)security in Latin America” (Igarape Institute and The SecDev Foundation, June 2012). http://igarape.org.br/wp-content/themes/igarape_v2/pdf/Strategic%20Paper%202%20%28June%202012%29.pdf (July 6, 2014).
[7] Ibid
[8] Ibid
[9] Rachel Glickhouse, “Explainer: Fighting Cybercrime in Latin America” (America Society; Council of the Americas, November 14, 2013). http://www.as-coa.org/articles/explainer-fighting-cybercrime-latin-america (July 8, 2014).
[10] “Latin American and Caribbean Cybersecurity Trends and Government Responses” (Organization of American States, Trend Micro, 2012). http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf (July 7, 2014).
[11] Rachel Glickhouse, “Explainer: Fighting Cybercrime in Latin America” (America Society; Council of the Americas, November 14, 2013). http://www.as-coa.org/articles/explainer-fighting-cybercrime-latin-america (July 8, 2014).
[12] Ibid
[13] Ibid
[14] Ibid
[15] Ibid
[16] “Latin American and Caribbean Cybersecurity Trends and Government Responses” (Organization of American States, Trend Micro, 2012). http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf (July 7, 2014).
[17] Ibid
[18] “A Fine Balance: Mapping cyber (in)security in Latin America” (Igarape Institute and The SecDev Foundation, June 2012). http://igarape.org.br/wp-content/themes/igarape_v2/pdf/Strategic%20Paper%202%20%28June%202012%29.pdf (July 6, 2014).
[19] “Latin American and Caribbean Cybersecurity Trends and Government Responses” (Organization of American States, Trend Micro, 2012). http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf (July 7, 2014).
[20] Nicole Perlroth, “Cybercrime Scheme Uncovered in Brazil” (The New York Times, July 2, 2014) http://www.nytimes.com/2014/07/03/technology/cybercrime-scheme-aims-at-payments-in-brazil.html?ref=americas&_r=1 (July 9, 2014).
[21] Ibid
[22] Brian B. Kelly, “Investing in a Centralized Cybersecurity Infrastructure: Why ‘Hacktivism’ Can and Should Influence Cybersecurity Reform” (2013). http://www.bu.edu/law/central/jd/organizations/journals/bulr/volume92n4/documents/KELLY.pdf (July 7, 2014).
[23] Matthew Lynley, “LulzSec recruits Brazilian hackers, takes down two government websites” (Venture Beat, June 22, 2011). http://venturebeat.com/2011/06/22/lulzsec-brazil-hack-government/ (July 8, 2014).
[24] Brian B. Kelly, “Investing in a Centralized Cybersecurity Infrastructure: Why ‘Hacktivism’ Can and Should Influence Cybersecurity Reform” (2013). http://www.bu.edu/law/central/jd/organizations/journals/bulr/volume92n4/documents/KELLY.pdf (July 7, 2014).
[25] Asher Wolf, “The Future of Hacktivism” (New Matilda, November 13, 2012). https://newmatilda.com/2012/11/13/future-hacktivism (July 8, 2014).
[26] Ibid
[27] Ibid
[28] Ibid