Explainer: Cybercrime in Latin America

By Rachel Glickhouse

AS/COA Online looks at how malware, phishing, and hacktivism affect the region’s consumers, businesses, and governments.

This is the first in a two-part explainer on cybercrime. The second part explores how governments and the private sector are combatting cybercrime.

Revelations of spying by the U.S. National Security Agency in Latin America spawned a discussion on internet security, with countries like Brazil seeking greater data protection and a new legal framework for the web. While espionage triggered this new wave of concern, cybercrime is a mounting threat in the region, requiring similar steps to protect consumer and business data.

Cybercrime costs Latin American countries billions of dollars. According to a Norton report released this month, the price tag for cybercrimes stood at $8 billion for Brazil, $3 billion for Mexico, and $464 million for Colombia in 2012. An estimated 22 million Brazilians and 6 million Colombians were victims of cybercrime last year alone. 

Use of malware—a type of software used to infect computer systems—is on the rise in the region, as well as attacks involving phishing and hacktivism. AS/COA Online looks at some of Latin America’s main cybercrimes and how they are evolving in the region.

Malware and Homegrown Technology

Explore an infographic on the cost of cybercrime in Latin America.

Latin America is increasingly becoming a source of cybercrime tools, in addition to a target. Most recently, the PiceBOT—a software kit with malware costing $140—was developed in Guatemala, Mexico, or Peru to steal financial and banking information from internet users. Cybercriminals unleashed this malware in December 2012 and nine Latin American countries experienced attacks. Over the past five years, a number of crimeware programs, or malware used to commit cybercrimes, have been developed in Latin America, including in Brazil, Mexico, and Peru.

A July 2013 report from Trend Micro and the Organization of American States on 20 Latin American and Caribbean countries found an increase in cybercrimes last year, with more homegrown technology. "Latin American cybercrime is being perpetrated by traditional criminal syndicates who are no longer relying on Eastern European-developed tools, but instead are crafting their own sophisticated cybercrime tools," said Tom Kellermann, Trend Micro’s vice president of cybersecurity.

Brazil, home to the largest internet user population in Latin America, is both a major source and destination for cybercrime. A February 2013 Trustnet study in 19 countries worldwide found that Brazil is located in the top 10 countries globally for both cybercrime attackers and victims. Peru also stands out as a source of cybercrime technology. Last year, cybercriminals in Peru produced Latin America’s first ever corporate espionage virus.

An April 2013 survey by online security company ESET found that 50 percent of Latin American companies reported malware attacks last year. The survey also found that despite increasing use of antivirus technology by Latin American companies, malware continues to grow throughout the region.

Botnets and Zombie Computers

Illegal botnets, or networks of remote-controlled computers infected with malware, have been found throughout Latin America. Also known as “zombie computers,” these networks can be used for a variety of cybercrimes, ranging from stealing personal information to sending spam. Trustnet’s study found that nearly half of all global cybercrime takes place through remote access with methods like botnets.

Cybercriminals from anywhere in the world can control the botnets through command and control servers, or C&Cs. A February 2013 UN draft report identified significant clusters of C&Cs in the Caribbean basin, as well as Central America. Two types of malware spawned zombie computers in the region last year—one called Dorkbot that infected 80,000 computers in 10 Latin American countries, the other called the Flashback virus, which harmed 40,000 Latin American computers.

Phishing, Spear Phishing, and Pharming

Phishing is also on the rise in Latin America. This technique tricks internet users into providing user names, passwords, or credit card information through emails or instant messages that appear to come from a legitimate entity. The growth of phishing attacks in Latin America has been 20 percent higher than the global average, according to Argentine cybersecurity researchers. Latin American banking clients lose an estimated $26 million each year due to phishing.

Similarly, spear phishing occurs when criminals use phishing to target a specific organization or company to gain access to confidential data. Annual losses in Latin America to spear phishing stand at around $24 million a year.

Meanwhile, pharming takes place when hackers redirect traffic from a real website to a fake one in order to steal confidential information. In Mexico alone, banks lose up to $93 million a year to pharming attacks.

Hacktivism in Latin America

A trend gaining traction in Latin America, hacktivism involves the use of computer hacking to demonstrate support for a certain cause. There are a number of methods used, ranging from website defacement—when hackers change the appearance of a site—to a denial-of-service attack, which makes a website slow or inaccessible. According to the OAS-Trend Micro report, several Latin American governments experienced a rise in hacktivism last year. In 2012, Mexico saw the largest increase in hacktivist attacks—40 percent—largely during the 2012 presidential campaign.

Hacktivists throughout the region tend to target government websites. The group Anonymous defaced Chile’s Ministry of Education site in support of student protests, and also hacked the websites of Argentine President Cristina Fernández de Kirchner and Nicaraguan President Daniel Ortega. Hackers defaced the Honduran police website, and attacked numerous government sites in Guatemala—including the presidency and congressional homepages—over the past two years.

In Brazil and Peru, hacktivists from Anonymous and similar groups have a record of accessing a variety of seemingly secure targets. In the case of Brazil, they attacked numerous government sites, press, and social media profiles during the June 2013 protests, and erroneously attacked the NASA website following the NSA spying scandal. In Peru, groups attacked a web domain site in October 2012, publishing personal information associated with 200,000 domains. In addition to attacking domestic sites, like that of the president, Peruvian hackers have also taken to foreign government sites, targeting the Chilean and Venezuelan armies and Uruguay’s ministry of sport.