The Next El Chapo Is Coming for Your Smartphone
WHY YOU SHOULD CARE
The next El Chapo will target your bank account.
By Wesley Tomaselli
- Latin American hackers are using sophisticated homemade code to target the region’s banks — and ones in the United States.
- Experts fear that organized crime cartels could get into the act next.
Over decades, organized crime in Latin America has perfected its illicit businesses. Extortion, kidnapping and trafficking narcotics have reeled in billions of dollars. In response, governments are building walls to stop criminal efforts.
But a new lucrative recipe for making money might render those walls irrelevant. Latin America’s criminals are dropping into underground online markets to purchase a different type of dangerous weapon: code.
Hackers around the world have traditionally copied and pasted codes devised by the Russian and Eastern European masterminds behind global cyberattacks. Now, an ambitious group of Latin American hackers — especially in Brazil and Mexico — is cooking up code and selling it abroad. Banks across the region make nice targets, but the United States is also on the hit list.
Amavaldo, a particularly malicious Brazilian Trojan specifically written to target Spanish and Portuguese banks, started attacking financial institutions in Latin America’s largest economy in 2019, according to Czech internet security company ESET. It has since expanded its reach, with attacks also reported in Mexico. Separately, in 2017, a Brazilian fraud attack hijacked a bank’s online domain and drained users’ accounts.
Ploutus, a Mexican family of malware, lets users exploit ATMs. ATM manufacturer Diebold Nixdorf said in 2018 that it had been warned by American authorities of potential attacks in the U.S., using the malware. The Organization of American States (OAS) claims that Ploutus malware has been sold to criminal groups in the U.S. Meanwhile, in Colombia and Venezuela, criminals are using ransomware to source information on high-level executives and then blackmail them.
The No. 1 worry is that some big criminal group … decides to make cybercrime a bigger part of their portfolio.
James Bosworth, founder, Hxagon
The impact is dizzying. OAS research suggests 92 percent of banks in Latin America reported digital security breaches in 2018, and that the region’s banks collectively lost $809 million in 2017. Last year, in response to a flurry of incidents, Brazil’s authorities ordered all banks to have a cybersecurity policy. And there’s concern that some of the region’s criminal syndicates might be getting in on the action.
“The No. 1 worry is that some big criminal group, Sinaloa in Mexico or PCC in Brazil, decides to make cybercrime a bigger part of their portfolio,” says James Bosworth, author of the weekly Latin America Risk Report newsletter and founder of political-risk analysis firm Hxagon, referring to the Sinaloa cartel once led by El Chapo, and the Primeiro Comando da Capital group in Brazil. “They bring a lot of resources and capabilities to the table … and it would be a hybrid threat because those groups already have violent armed wings and money laundering operations.”
Such a shift would fit with global trends, says Fred Kneip, CEO of CyberGRX — the world’s largest third-party cyber-risk exchange — who warns that criminal groups around the world are adding cybersecurity hacks to their arsenal of revenue-generating businesses. “The organized crime syndicates that get glamorized in Hollywood … account for a sizable amount of that activity,” he says.
Guadalupe Correa-Cabrera, author of Los Zetas Inc., a book about the Mexican criminal syndicate, cautions against thinking of cartels as “homogenous structures.” Often, she says, “they’re much more fragmented. Specialization is the trend.” So far, it’s unlikely that cartels are driving top-down efforts to expand into cybercrime. It’s much more likely, Correa-Cabrera says, that a few members of the Zetas or the Sinaloa have split off to specialize in cybercrime.
But the clampdown by the U.S. and other regional governments on drug trafficking, human trafficking and other illicit businesses incentivizes organized crime syndicates in Latin America to seek hacking and extortion opportunities.
The increasing reliance by the region’s middle class on digital banking also makes its a ripe market to tap. In Brazil, 68 percent of the population is now online. “That’s meant banks digitalized their financial services and therefore their exposure to cyberattacks,” explains Mauricio Botero Wolff, vice president of security at Colombian bank Bancolombia.
Latin America’s hierarchical class culture also makes phishing attacks much easier compared with American or European banks. Hackers are betting that a fishy email from the boss demanding a download gets clicked on with more likelihood than in places where greater skepticism and an egalitarian mood prevail.
“There are a set of actors in Brazil who are particularly sophisticated and have shown an ability to write new code targeting Latin American banking systems that is original,” says Bosworth.
Yet the hackers’ horizons aren’t limited by geography. “There’s clear evidence that Latin American–developed specialist malware is being adapted for the export market,” writes Troels Oerting in an OAS research paper.
Because of the perennial worries about organized crime in Latin America, the threat of murder and truck hijackings top the list of concerns that usually occupy citizens and business interests. Cybersecurity threats don’t get prioritized as highly as other security threats, says Bosworth.
That perception could change if organized crime cartels become more deeply involved with cybercrime. Meanwhile, banks and other companies can do more to prepare. Only 52 percent of companies polled by ESET had firewall protection, anti-virus software or backups.
And in the U.S., President Donald Trump’s proposed border wall won’t help stop Mexican cartels once they realize that instead of worrying about running drugs into America, they can hack for cash. The banking system — not the U.S.-Mexico border — could be the next battleground for Latin American organized crime.