How the Dark Web Empowered Latin American Organized Crime
Mafias and drug cartels in the region take advantage of connectivity
This article originally appeared at InSight Crime.
The global proliferation of internet access has transformed societies, enabling online and financial inclusion in the developing world. But it has also empowered organized crime in Latin America and the Caribbean, international officials warn.
With 43 percent of the world’s online community, Latin America and the Caribbean — home to some of the world’s most dominant criminal networks — has become even more vital to transnational crime, said Amado Philip de Andrés, the representative of the United Nations Office on Drugs and Crime in Central America and the Caribbean.
De Andrés cited the emergence of the “internet of things” — a term used to describe the web-enablement of mobile devices, consumer appliances, vehicles and infrastructure — as one trend reshaping how criminal networks operate. Research firm Gartner projects that the global number of connected devices will grow from 8.4 billion this year to 20 billion by 2020.
Criminal syndicates in Latin American and the Caribbean are exploiting the democratization of web access, de Andrés said. User connectivity has surged by 1,300 percent over the last 10 years. And with falling smartphone prices, the U.N. expects mobile supply in the region to reach two billion by 2018.
Crime as a service
Smartphone proliferation has jumpstarted the regional “crime as a service” economy, an amorphous online marketplace where criminals can purchase ready-made digital tools or services that help them carry out sophisticated criminal activities.
De Andrés said crime as a service in Latin America and the Caribbean has expanded fivefold in the last three and a half years, fomenting a symbiotic cyber crime ecosystem where diverse criminal markets come together, with each sector supporting the others.
In addition to making the digital underworld more accessible to criminals, the growing ubiquity of mobile devices creates more potential targets from which to steal sensitive data like bank and credit card information.
Brazil is the regional leader for banking malware infections, where malicious email campaigns dupe people into clicking corrupt website links that steal their login and financial data, according to cybersecurity firm Palo Alto Networks.
Fueled by the growing crime as a service economy, the annual cost of cyber crime in all Latin American and Caribbean nations has grown to $90 billion a year, according to a 2016 Inter-American Development Bank cybersecurity report.
De Andrés told InSight Crime that existing crime groups have begun to take advantage of the crime as a service industry.
“Based on current investigations linking drug trafficking cartels and transnational organized crime networks, one could reckon that traditional organized crime groups are beginning to use the service-based cyber crime market and are therefore buying access to technical skills,” he said.
In some cases, drug cartels have even physically abducted or recruited cyber crime talent. For example, Mexico‘s Zetas and Gulf Cartel crime groups have both been accused of the 2013 kidnapping of telecommunications engineer Felipe Peréz. Rumors persist that Peréz was forced into a “shadow hacker brigade” to build one of the cartels’ hidden radio networks.
And in 2016, now-captured Sinaloa Cartel capo Dámaso López Núñez reportedly enlisted a hacker to wage a social media propaganda campaign against the “Chapitos” — the sons of extradited kingpin Joaquín “El Chapo” Guzmán — as he battled the kingpin’s children for control of the organization.
The expansion of the internet of things in Latin America adds to concerns about the crime as a service industry not only because these devices often contain weakly-protected personal information, but also due to the fact that all connected devices can be coerced into botnets, vast networks of infected computers that hackers use to conduct distributed denial of service attacks, which can shut down websites and online industrial control systems by overloading them with traffic. In fact, a 2015 report by communications firm Level 3 Communications found that Latin America accounted for 12 percent of the world’s DDoS events.
Furthermore, DDoS attacks and other breaches can have a direct impact on drug interdiction efforts. U.S. law enforcement agencies have reported Mexican drug trafficking organizations hacking their border surveillance drones, and “spoofing” them with misleading GPS coordinates.
But overwhelmingly, it is the dark web, a collection of thousands of websites that can only be accessed with special browser software, which has become the nexus for the global crime as a service market.
Using Amazon-like sites on the dark web like the now-shuttered Silk Road, AlphaBay and Playpen, criminals, hackers, rogue nation-state actors, terrorists and child pornographers are forming increasingly interconnected networks and furthering what some have called “deviant globalization.”
In Latin America and the Caribbean, de Andrés said, cartels are exploring the dark web to locate buyers for large-scale cocaine shipments, while Central American gangs have used these sites to advertise their willingness to help with cross-border trafficking. Other regional drug traffickers reportedly use underground web forums to source synthetic opioids from Asia.
But dark web commodities reach far beyond narcotics. For instance, the international child pornography investigation that led to the closure of Playpen netted arrests in Chile and Peru. And Mexico has become a world “leader” in this illegal industry, with some major international investigations exposing the dark web’s role in the furtherance of these crimes.
Telecom towers. Capellacci photo via Flickr
De Andrés said the dark web enables criminals to exploit three legitimate features of the modern internet: anonymization, encryption and virtual currencies. The latter has revolutionized money laundering and made cyber-enabled financial crime a top enforcement priority for investigators.
Latin America and the Caribbean was home to the first major international virtual currency laundering scandal: the U.S. government’s takedown of underworld cyber banking system Liberty Reserve in 2013. Before its closure, authorities said the service laundered $6 billion worth of illicit transactions tied to drug trafficking, investment fraud, credit card fraud, data theft and child pornography.
To further confound law enforcement, Latin American criminal organizations are employing “money-mule” networks, which structure virtual and conventional transactions into smaller and more innocuous-looking sums. De Andrés said each mule receives a commission of between three and five percent per transaction.
Crime syndicates are also using legitimate online shopping sites, where legal goods and services are sold, as well as mobile internet payment systems like Remitly, Transferwise and Xoom to structure payments.
In Latin America, where market research firm Forrester projects e-commerce sales to reach $42 billion by 2021, de Andrés said that crime groups are often laundering dirty money through fictitious airline and hotel websites in so-called transaction laundering schemes. De Andrés also said he expects the dark web retail economy to grow parallel to legitimate e-commerce over the next seven to 10 years.
Dovetailing with increased e-commerce transactions in the region is the inevitable rise of payment fraud, through “card not present” transactions, where criminals use stolen payment card information to obtain goods online, as well as chargeback schemes, which entail fraudulent disputes over purchases. These schemes are generating billions in losses for online merchants and card issuers, according to a 2016 study by credit card trade publication The Nilson Report.
De Andrés said that 60 percent of all payment fraud in Central America and the Caribbean is due to card not present transactions. And according to market analytics firm Juniper Research, Brazil and Mexico, two of Latin America’s most significant economies, had the highest 2016 chargeback fraud rates in the world at 3.5 percent and 2.75 percent, respectively.
In addition to the above-mentioned issues, de Andrés put particular emphasis on links between South American criminal networks and Islamic terrorist organizations.
Although concerns about Islamic terrorism in Latin America have often been overinflated for political reasons, the dark web offers an easy path for terror groups to launch attacks in a part of the world where they have traditionally had little physical presence. Citing online recruitment of would-be fighters in Trinidad and Tobago by the Islamic State, de Andrés envisions potential threats involving terrorists urging followers in Latin America and the Caribbean to launch attacks against critical infrastructure with military grade cyber exploits sold on the dark web.
De Andrés also pointed to the use of the dark web to coordinate transatlantic drug exports, which he said are shipped through the Central American and Caribbean corridors to reach West Africa. From West Africa, terrorist groups like Boko Haram transport South American drugs through the Sahara and into Europe, using the proceeds to fund terrorist activities.
Additionally, transnational money laundering has at times brought crime groups into contact with terrorist organizations. For example, U.S. prosecutors alleged that a suspected operative for the Lebanese militant group Hezbollah used encrypted communications to coordinate money laundering activities for Colombia‘s Oficina de Envigado crime group.
Addressing the threats
To address the rising cyber threat environment, the UNODC recommends a four-point approach rooted in “prevention, partnerships, protection and investigation.”
The first step in this strategy is for regional governments to raise awareness and invest in resources to properly train cyber crime investigators. De Andrés cited the UNODC’s initiative to train police in El Salvador on investigating cyber crime as one good model for a preventative strategy.
Secondly, de Andrés highlighted the need for greater coordination between Latin American governments and other nations, in order to promote better intelligence sharing and the “harmonization of legislation.”
The latter specifically entails the drafting of multilateral mutual assistance agreements and extradition treaties that enable more effective enforcement regimes for prosecuting cyber crime. He also advises partner governments in Latin America and the Caribbean to create regional cyber crime centers that act as continental hubs for intelligence sharing.
Thirdly, de Andrés said regional governments need to draft domestic laws that more accurately reflect evolving cyber crime typologies and their intersection with transnational organized crime.
A sound protective strategy also requires investing in better network security resources and exploring new avenues to protect internet of things devices and critical infrastructure like oil pipelines, power plants and water treatment facilities. The latter is imperative as a 2015 report authored by German information security firm Trend Micro and the Organization for American States, a regional non-government entity, found that only 21 percent of organizations participate in dialogue with governments about the cyber resilience of their critical infrastructures.
Finally, de Andrés called for an intelligence-based approach, highlighting the work of the Central American and Caribbean Council of Public Prosecutors, which brings together skilled organized crime prosecutors with those experienced in cyber crime investigations to collaborate across jurisdictions.
This article originally appeared at InSight Crime.