Mexican Drug Cartels and Cyberspace: Opportunity and Threat
1) Mexican Drug Gangs Kidnap Computer Hackers and Programmers
Mexican drug trafficking organizations are increasingly demonstrating a desire to make money from cyber-crime, attracted by the high profits and minimal risks, offered by such activities as fraud, theft, and piracy.
Hands-on threat intel training
Hands-on threat intel training
These gangs lack the needed technical know-how within their ranks, which means they would be desperate to recruit programmers with the expertise to break into the world of cyber-crime.
Recent claims that computer programmers are being forcibly recruited by Mexican drug gangs, if true, suggest that these groups are acquiring the ability to reap the potential profits of cyber-crime.
It has emerged that this computer and IT experts have been hacking into bank systems and program credit card fraud scams, among other activities, in order to acquire additional funds for the cartels, on top of what they already get from selling drugs.
According to specialists, the potential profits generated for this kind of criminal activity is already comparable to that coming from the drugs.
Dmitry Bestuzhev, a specialist with Kaspersky Lab, stated that attacks on the world's largest banks in the US, Europe or Russia are taking place on a daily basis.
It is expected that we'll be seeing these hacker kidnappings much more often.
2) Anonymous versus Los Zetas
In October 2011 the hacker group Anonymous, responsible for breaching the security of banks, financial institutions and government agencies, threatened Los Zetas, a Mexican drug cartel and a former paramilitary-wing of the Gulf Cartel, for kidnapping one of its members from a street protest in the Mexican state of Veracruz.
The threat was issued via an online video and a 5 November ultimatum was given to Los Zetas.
If the member was not released, Anonymous said it would start hacking into secure websites/protected accounts and release sensitive information concerning the members of Los Zetas and those working with them such as journalists and police officers.
They stated that they were prepared to hack into cartel members' bank accounts and wreak financial havoc on the drug dealers.
Picture from the above mentioned
Anonymous video (YouTube):
Link:
According to the Long War Journal is possible that Anonymous came into this conflict due to the cartel policy of torturing and killing Mexican bloggers (point 3.2 of this article).
A member of the Anonymous said that they went after the Zetas only because of the kidnapping of its member and that the group's real target was the Mexican government.
According to security experts, releasing information on Los Zetas collaborators', hacked from police data banks, would likely put the suspects on a "kill list" of rival cartels.
When the kidnapped activist was freed on the 4th of November, with a note from her captors threatening to kill 10 people for every name that came public, the all Anonymous Operation – OpCartel – was called off.
Anonymous members involved in OpCartel say they're not giving up the fight, only changing targets. Anonymous apparently abandoned their plans to take on the Zetas cartel.
3) Social Media: A Battleground In The Drug Wars
3.1) Mexican Citizens Turn To Social Networks
After a long campaign of intimidation and murder that produced 74 Mexican journalists killed since 2000, many traditional media outlets have stopped reporting on drug-related crime. Mexican newspapers and other media have been self-censoring themselves after drug cartels begun targeting them for reporting on the gangs.
As a result, the use of social media exploded across Mexico, online activists are filling the vacuum. As mainstream media go quiet, scared citizens turned to online sources for clues about how to stay safe.
Concerned Mexican citizens established social media networks — derived from courageous news websites, such as Blog del Narco and Frontera al Rojo Vivo, texting and tweeting, trying to bypass the cartel assault on press freedoms in Mexico.
They have taken to Facebook, Twitter, and forums just to communicate basic information they need to survive day-to-day, since visible and known television, radio, and newspaper reporters won't cover these stories for fear of their own lives.
These citizens share information like where the cartels have struck, what has it done to traffic or is it safe to walk my children down the street without seeing another cartel´s victim hanging off the overpass.
Picture from Blog del Narco, a site that only posts news in relation to Mexican drug violence:
Link:
Picture from Frontera al Rojo Vivo, a forum where bloggers can make anonymous tips about crime:
Link:
Picture from Blog del Narco:
In its 2nd of June 2011 edition it reads: Information about members of los Zetas captured in Hidalgo.
Link:
This escalation of social media came months after Los Zetas launched a series of YouTube videos, in the summer of 2011, threatening people in Veracruz warning them against using social media to provide information to the authorities and law enforcement.
Those threats, enraged Mexican youth, who took up the threat as a challenge -- and soon, Facebook and Twitter were full with leads about the narcos.
In Mexican cities, Twitter and Facebook started serving as platforms for crowd-sourced intelligence on the drug gangs. Blogs replaced newspapers as sources.
Online offerings include official anonymous tip sites, specialist blogs which carry explicit photos of cartel murder victims and neighborhood watch-style sites.
Hashtags — which tie Twitter posts together — have become an important sorting mechanism, turning connected reports by individual Twitter accounts into ad hoc news services. For instance, in Tamaulipas state, Twitter users developed codes to indicate the level of confidence about information posted.
Twitter is indispensable for obtaining real-time information from within Mexico and along the border as events unfold. Twitter is extremely useful especially when authorities and media don't want to report the events.
Over time, users have grown more daring. The editors at Nuevo Laredo en Vivo compiled reports to create a map of drug sale locations and suspected lookouts.
In fact, it's not unusual for online activists to battle the drug cartels. El Blog Del Narco was one of the first, documenting the comings and goings of members and supporters of the Sinaloa drug cartel.
However, reports of violence which are based solely on social media also open the door for unconfirmed rumors to spread quickly.
In Veracruz, a man and a woman were charged with terrorism and sabotage after passing along rumors of an impending drug cartel attack on a school, using Twitter.
According to Amnesty International the drug war creates a climate of distrust, with rumors circulating on social media as people try to protect themselves, because there is no reliable information available.
3.2) The Cartels Response To Social Networks
The Mexican Cartels have people who are experts in communications. They monitor Internet sites, blogs, phone calls and the social networks on a daily basis.
Also, with so many government officials on the take, the cartels should have access to military level tracking technology.
According to the Long War Journal, given the economic resources of Los Zetas and the other cartels, a future counter-move may be that of hiring additional cyber-mercenaries to reinforce their defensive and offensive information operations capabilities.
The Drug Enforcement Agency - DEA - labels the Zetas as the most violent drug cartel operating in Mexico. In the past the Zetas have kidnapped, tortured and killed several journalists and online activists who were trying to expose the cartel's activities.
Los Zetas are deploying their own teams of computer experts to track those individuals involved in the online anti-cartel campaign, which indicates that the criminal group is taking the social media campaign against them very seriously.
After silencing local news media in many areas, they started going after their critics in social media.
While some experts believe the cartels have increased their cyber-crime capabilities, it's still unclear whether they have the expertise to track down a user on the Twitter or on the Facebook.
However, a Mexican cartel with hundreds of millions of dollars, certainly has the capacity to hire security experts in Mexico or former hackers.
The bottom line is: As Mexican drug war bloggers grow more sophisticated, the drug cartels are working to keep pace.
In Mexico bloggers were tortured and beheaded. Its message was simple: Stop talking about the drug cartels on the internet — or anywhere else.
In September 2011, two incidents occurred that represented the initial cartel counter-offensive against the civilian social networks in Mexico. The first incident happened on the 13th, linked to Los Zetas:
The mutilated bodies of two young bloggers were found hanging from a bridge, beheaded and disemboweled, with notes placed near them threatening social media users, in the Mexican border town of Nuevo Laredo.
A sign was found nearby that read in Spanish, "This will happen to all the internet snitches". It then listed several websites set up to help fight drug crimes in Mexico. Police investigators claim the victims were not journalists but people from the local community, who used social media to denounce crimes.
The gruesome display appeared to mark a move by drug cartels, which have murdered journalists for their reporting, to apply the same pressure to any Mexicans who share information online.
According to CNN, the two were killed for messages they had posted on well-known Internet sites that collect reports of drug violence in areas of the country where professional journalists are no longer able to safely do their jobs.
On the 24th of September, Maria Elizabeth Macias, a 39-year-old reporter in the North Mexican border town of Nuevo Laredo, who used a community chat room to post information about crime in her city and urged fellow citizens to do the same, was found murdered on the street, next to a computer keyboard and a sign saying "OK Nuevo Laredo en Vivo and social networks, I am Laredo Girl and I am here because of my reports and yours". Her death is also attributed to Los Zetas.
Picture from the Borderland Beat, edition of September 26, 2011:
Link:
Macias did not make any effort to hide her identity because of her job in the news business, but the majority of Mexico-based drug war bloggers and tweeters hide their identities.
There were suspicions that Los Zetas were able to piece together information that led from Macias' online handle to her real identity.
On November 10 another blogger who posted under the name "Rascatripas" was found beheaded in Nuevo Laredo. Next to him there was a note that read: "This happened to me for not understanding that I shouldn't report on the social networks".
It was the fourth blogger since September reportedly killed by the Zetas. The victim helped moderate on the site Nuevo Laredo En Vivo.
Picture from the Nuevo Laredo En Vivo site - 14th of March 2012 -:
It has a denunciatory system that, according to the site, enables the informer to communicate any relevant data, without compromising his/her identity.
Link:
Although cartels have successfully pressured traditional media into being quiet, they clearly feel threatened by the decentralized morphology of the Web in the sense that it may be harder for them to control it.
However, the messages left with the beheaded bodies are having an impact; many bloggers have shut down their sites and many Twitter users in Mexico have been silenced.
Politicians, law enforcement, journalists and now social media users, all are under attack for covering incidents involving Mexico's drug cartels.
After the incidents, the site Frontera al Rojo Vivo removed all of its contributors information and archives, which makes us all think about how effective the intimidation tactics of the cartels can be.
As stated by that site: "From now on, we will only publish specific facts and information about border communities and not personal attacks".
The editors of the blog Borderland Beat, which has a reputation as one of the most reliable sources of information on Mexico's drug violence, say that they don't know the identity of some of the site's major contributors. Posts are often passed through intermediaries to protect secrecy.
Editors of Blog Del Narco say they've survived by not taking sides in the drug wars.
The deaths have sent a wave of fear across social networks in Mexico. In fact, many news organizations no longer cover the violence related to the drug cartels.
Also, there is no point in denouncing something on the Internet if the authorities aren't going to do anything about it; people only expose themselves to more danger.
Hands-on threat intel training
Hands-on threat intel training
The last voice calling out for law and order in Mexico is in great risk of being silenced as well. Fear and lawlessness has spread from society to cyberspace.
In this Series
- Mexican Drug Cartels and Cyberspace: Opportunity and Threat
- Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
- Dependency confusion: Compromising the supply chain
- BendyBear: A shellcode attack used for cyberespionage
- ATP group MontysThree uses MT3 toolset in industrial cyberespionage
- BlackBerry exposes threat actor group BAHAMUT: Cyberespionage, phishing and other APTs
- Top 9 cybercrime tactics, techniques and trends in 2020: A recap
- KashmirBlack botnet targets WordPress, Joomla and other popular CMS platforms
- BAHAMUT: Uncovering a massive hack-for-hire cyberespionage group
- Linux security and APTs: Identifying threats and reducing risk
- Top 6 ransomware strains to watch out for in 2020
- 2020 Verizon data breach investigations report: Summary and key findings for security professionals
- How hackers use CAPTCHA to evade automated detection
- The State of Ransomware 2020: Key findings from Sophos & Malwarebytes
- Dark web fraud: How-to guides make cybercrime too easy
- Top 6 malware strains to watch out for in 2020
- Top Cybersecurity Predictions for 2020
- Malware spotlight: What is click fraud?
- What does dark web monitoring really do?
- ThreatMetrix Cybercrime Report: An interview
- Are dark web monitoring services worth it?
- Cybercrime and the underground market [Updated 2019]
- Verizon DBIR 2019 analysis
- Common causes of large breaches (Q1 2019)
- The Magecart Cybercrime Group Is Threatening E-Commerce Websites Worldwide
- Russian Cyberspies Target 2018 U.S. Midterm Elections
- The Increasing Threat of Banking Trojans and Cryptojacking
- Leaders’ Meetings: A Privileged Target for Hackers
- Fraud as a Service (FaaS): Everything You Need to Know
- All about SamSam Ransomware
- The Decline of Ransomware and the Rise of Cryptocurrency Mining Malware
- Mechanics Behind Ransomware-as-a-Service
- The Art of Fileless Malware
- ZLAB MALWARE ANALYSIS REPORT: RANSOMWARE-AS-A-SERVICE PLATFORMS
- Which Are the Most Exploited Flaws by Cybercriminal Organizations?
- 5 New Threats Every Organization Should be Prepared for in 2018
- Memcrashed: The Dangerous Trend Behind the Biggest DDoS Attack Ever
- Open source threat intelligence tools & techniques
- Global Cost of Cybercrime on the Rise
- An Enterprise Guide to Using Threat Intelligence for Cyber Defense
- The Five Largest Ransomware Attacks of 2017
- Intellectual Property Crimes in the Dark Web
- Top 5 Smartest Malware Programs
- Is Russian Intelligence Using Tainted Software to Access Corporate and Government Networks?
- Vault 7 Leaks: Inside the CIA's Secret Kingdom (July-August 07)
- DragonFly 2.0: The Alleged Nation-State Actor Hits the Energy Sector Again
- Russian APT Groups Continue Their Stealthy Operations
- Massive Petya Attack: Cybercrime or Information Warfare?
- SAP SECURITY FOR CISO: SAP Attacks and Incidents
- Role of Threat Intelligence in Business World
- WikiLeaks Vault 7 Data Leak: Another Earthquake in the Intelligence Community
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
Threat Intelligence
Dark Web hacking tools: Phishing kits, exploits, DDoS for hire and more
Threat Intelligence
Threat Intelligence
Threat Intelligence
ATP group MontysThree uses MT3 toolset in industrial cyberespionage