Security Experts:

Connect with us

Hi, what are you looking for?



Inside the Rising Cybercrime Threat in Latin America

Latin American Map

Report Examines the Rise of Cybercrime Across Latin America

Latin American Map

Report Examines the Rise of Cybercrime Across Latin America

A cyber intelligence firm was asked by a Columbian bank customer to investigate the persistent phishing campaigns it had been experiencing. This triggered a wider examination of cybercrime across the whole Latin America region — and discovered a melting pot (described as a ‘perfect storm’) of social, geopolitical and economic conditions promoting a dramatic rise in cybercriminal activity.

There are several triggers. Firstly, economic problems locally centered on Venezuela but affecting the whole region and exacerbated by global trade conditions are causing genuine hardship throughout the region for many young people. Some of these people are turning to cybercrime as a means — if not the only means — of earning money.

Secondly, there is a high use of the internet among a huge population with a low awareness of cyber security awareness. This is compounded by little government security regulation forcing companies to improve their own security. This is changing only slowly, although Brazil is leading the way (it has a GDPR-like regulation expected to come into force during 2020).

Thirdly, bribery and corruption within law enforcement and government agencies is relatively high.

The one positive sign is that Latin America is not home to sophisticated APT groups. In general, these are most focused in countries that have advanced military cyber capabilities, where the distinction between APT and government groups becomes blurred or non-existent — such as China, Russia, North Korea and Iran. This is not the case in Latin America.

Instead, cybercriminality seems to divide into two groups: less experienced ‘hackers’ seeking to improve their own income, and more experienced hackers being recruited by the existing drug cartels.

The investigation was undertaken (PDF) by IntSights, with additional assistance from CipherTrace (to examine the role of cryptocurrency) and Scitum (a large Mexican MSP that could provide local knowledge). The initial investigation into the phishing campaigns led IntSights to ‘Carlo’. Carlo is not a hardened sophisticated criminal hacker. He has developed his own phishing methodology, and employs others to set up his phishing websites. When they get taken down, they just spin up new websites, mirroring banks such as the one that called in IntSights.

“Carlo,” Intsight’s cyber threat intelligence advisor Charity Wright told SecurityWeek, “is almost a Robin Hood type of character.” He does little to hide himself, and even provides tutorials and advice to other phishers around the world.

Another example of this unsophisticated form of Latin American criminality can found in the Bineros, so called for the widespread use of the BINero fraud. The BIN number is the 4- to 6-character code at the beginning of a credit card number that identifies the issuing organization. However, since not all banks accept all issuing sources, the processing software needs to be able to reject some and accept others. Perhaps because of this complexity, there is a vulnerability in the processing of credit card numbers on some websites.

The Bineros discovered that some websites will accept a transaction with some BIN numbers, without properly processing the remaining numbers of the card. “The threat actors have discovered which BIN numbers are not compatible with some websites,” said Wright. “So, they can enter the initial BIN number digits and then fill in the rest with random numbers and create a successful but fraudulent transaction on that site.” Each individual fraud may not be large, but the practice is common and widespread. There are even groups on social media like Facebook that discuss the BIN numbers that work with different websites.

But there is a darker side to the Latin American hacking scene. Drug cartels are beginning to recruit the more sophisticated hackers to help with money laundering, ATM thefts, and breaking into bank networks. “The cartels aren’t using hackers to provide an alternative to drug money, just a relatively easy additional source of income — it’s easier to use a hacker to syphon money out of an ATM than to break into one, or rob a bank.”

Some of these hackers are lured into joining the cartels by the gangs flaunting their wealth. “They lure them in with meetings at their mansions, showing their wealth and suggesting the hackers can have a similar lifestyle,” said Wright. “Everyone in the region is very financially motivated, so it doesn’t take much. But we’ve also heard reports of hackers being abducted and forced to work with the gangs. The marriage between hackers and the cartels,” she added, “will be the most pressing threat during 2020.”

Fueling this process are the huge amounts of drug money held by the cartels, and the growing use of cryptocurrency to help launder it. In 2014, an FBI bust in Los Angeles seized $90 million dollars being laundered by the Mexican Sinaloa cartel. Most of this money was in cash.

More recently, in October 2019, Molina Lee — an official of the Panamanian payment processing firm Crypto Capital — was arrested in Greece under a European Arrest Warrant and extradited to Poland. “The Polish Ministry of Justice,” says the IntSights report, “seized $350 million from a Polish bank, claiming that the funds directly tied to money laundering that Molina Lee conducted for Colombian drug cartels using cryptocurrency.”

Cryptocurrency has the effect of globalizing cybercrime. In the past, much of Latin America’s cybercrime was local, caused by language and money transfer issues. Cryptocurrency has removed the latter. Cryptocurrency tumbler or mixer services mix possibly tainted money with other money while simultaneously obfuscating the source through multiple ‘hops’ through TOR. Unregulated exchanges are also used. “Researchers estimate,” says the report, “that after cryptocurrencies have been cleaned on exchanges, 97 percent end up in countries that have extremely lax regulations, with Latin American economies topping the charts.”

With the more advanced Latin American hackers joining forces with well-established and cash-rich drug cartels, and with relatively easy international money laundering and transfer available through cryptocurrency, the danger now is that Latin American hackers will cease being confined to Latin American countries, and will begin to see anywhere in the world as a potential target.

Related: Cryptocurrencies and the Revolution in Cybercrime Economics 

Related: Brazilian Hackers Described as Adaptable Pirates 

Related: Cybercriminals Capitalizing on Ineffective Law Enforcement in Latin America

Related: Guildma Malware Expands Targets Beyond Brazil

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...