The Dark Alliance Between Cybercriminals & Mexican Drug Cartels
Introduction: The Current Situation in Mexico with Drug Cartels
The drug cartels in Mexico (called "drug trafficking organizations" or DTO's) have been gaining significant strength over the past decade. Recently, there has been a rift between law enforcement and military organizations in Mexico and the United States, which has caused a breakdown in cooperation between the two countries. DEA's Chief of Operations, Matthew Donahue told NPR this year, "We're willing to share [intelligence] with our counterparts in Mexico, but they themselves are too afraid to even engage with us because of repercussions from their own government if they get caught working with DEA."
With the breakdown of joint interdiction efforts, these DTO's have ramped up their manufacturing of fentanyl and methamphetamine. Seizures by police and border agents are at an all-time high. In the same interview with NPR, Donahue described the current situation as a national security crisis. "It's a national health threat, it's a national safety threat," he said, adding that drug gangs and criminal organizations now operate inside Mexico with impunity. "They do not fear any kind of law enforcement ... or military inside of Mexico right now."
Because these DTO's work with impunity, they have begun working with entities that would like to destroy the United States. China is funneling precursors to manufacture fentanyl to Mexican DTO's while simultaneously working with cybercriminals to further their agenda and to launder money.
How the Rise of Cybercrime is Connected to the Mexican Drug Trade
Cybercriminals are now partnering with drug cartels across Latin America to attack financial institutions and governments, leveraging a wide variety of scams and malware to make millions, according to a new report from cybersecurity firm IntSights. The company did a deep dive into attack campaigns throughout 2019 after multiple customers in Colombia and Brazil were hit with financially devastating breaches, and people reported widespread scams aimed at siphoning funds from their bank accounts.
The IntSights report highlights dozens of extensive schemes aimed primarily at banks, hospitality services, and retail businesses seeking credentials and a variety of financial assets. "The marriage of violent drug gangs and the underground hacking community is a significant emerging threat as we move into 2020. These two worlds are combining their influence, skills, and experience to achieve common goals, primarily of the financial variety," the report said.
According to an article in Mexico News Daily, Mexican law enforcement arrested Héctor Ortiz Solares--known as "El H-1" or "Bandido Boss"--in 2019 after he spent years recruiting top-tier hackers who built malware for his gang, named "Bandidos Revolution Team." The malware was designed to infect ATM machines and attack Latin America banks. According to Mexican authorities, Solares managed to make more than $5 million each month and in 2018, the gang stole $15.2 million through fraudulent transfers at five Mexican financial institutions.
The IntSights study said that in April 2019, Brazil's Department of Narcotics Investigation broke up a crypto-mining operation based in Porto Alegre that was leveraging 25 cryptocurrency mining machines. These machines were working 24/7 and were worth about $65,000. Another cybersecurity company, CipherTrace, contributed to the IntSights report and said cartels were now using cryptocurrency "tumblers" to mix unregulated cryptocurrencies with other well-known ones.
Eventually, cartels can trade the coins for other verified cryptocurrencies, and the people behind it take a 3% cut of profits. These organized crime groups use unregulated cryptocurrency exchanges to move vast sums of money without being tracked, allowing money to be moved to countries throughout Latin America that have relatively lax regulations.
Riff Between Los Zetas and Anonymous
According to Infosec, in October 2011, Anonymous, a hacker alliance known for breaching the security of banks, financial institutions, and government entities, threatened Los Zetas, a Mexican drug cartel and former paramilitary wing of the Gulf Cartel, after one of its members was kidnapped during a street protest in the Mexican state of Veracruz. Los Zetas were handed an ultimatum on November 5th, which was communicated via an online video.
If they did not release the member, Anonymous stated that it would begin hacking into secure websites/protected accounts and releasing important information on Los Zetas members and people who cooperate with them, including journalists and police officials. They stated that they were prepared to hack into cartel members’ bank accounts and wreak financial havoc on the drug dealers.
The Anonymous Operation (called OpCartel) was called off when the abducted activist was released on November 4th, with a message from her kidnappers threatening to kill ten people for every identity that was made public. OpCartel members claimed they were not giving up the battle, merely shifting their focus. Anonymous appears to have given up on taking on the Los Zetas Cartel.
Analysis
Federal investigators long suspected a relationship between Cartels, cyber criminals, and state-sanctioned hybrid warfare operations. The majority of crypto assets, used to finance ransomware operations, are held in South America. The United States will need to target Cartels using counter-terror or other war powers if we are going to combat the problems we foresee coming.