Posted on Thu, Nov. 03, 2011
last updated: October 31, 2011 07:22:34 PM
BOGOTA Ecuador — President Rafael Correa was about to launch into his state of the union address when the presidential website came under attack. As thousands of people were logging on to watch his speech streamed live, the site went down for more than two hours.
It was Aug. 10 and it was the first time Ecuadors government had been attacked by Anonymous, the online hacker collective, police said.
Cyber-crime has been prevalent in Latin America since the dawn of online transactions. But many nations are struggling with a new threat: politically-motivated hackers.
As computers and the Internet have become more prevalent in the region, homegrown cyber-activists are taking cues from groups in Europe and the United States, analysts said.
Just this year, groups claiming to be affiliates of Anonymous perhaps the largest and most well-known hacker group have sprung up in Colombia, Chile, Ecuador and Venezuela.
Brazilian government websites have been attacked more than 1,250 times this year, according to Zone-H, which tracks hacker activity. In Colombia, hackers recently brought down sites for the ministry of education, the senate, the presidency and President Juan Manuel Santos personal webpage. Chile has seen waves of cyber attacks as part of Anonymous BadEducation campaign in support of student protestors.
We thought these kind of things only happened in large countries, said Jose Luis Chávez, a computer engineer who advises the government of Guatemala on cyber security. In August, Anonymous threatened to take down that nations government websites.
It was a bluff. But the day before the expected attack, several Guatemalan news outlets were knocked offline, Chávez said.
There was no real knowledge of how these attacks worked, he said. While computer experts have read about them happening in the United States or Europe, Chávez said, Wed never lived them in the flesh.
Using chat rooms, Twitter and other social media sites, groups like Anonymous direct their followers and harness infected computers to overwhelm websites with traffic. It was one of these denial-of-service, or DoS, attacks that took Correas speech offline.
Other hackers break into sites to steal information or alter them sometimes with a political purpose but often just to demonstrate their skills. Of the 1.4 million website attacks that Zone-H recorded in 2010, 8 percent were politically motivated.
Gordon Duguid, the executive secretary of the Inter-American Committee Against Terrorism at the Organization of American States, said its impossible to get an accurate reading on cyber attacks in the region.
Anecdotal evidence, however, suggests a trend of increasing attacks targeting government information systems and networks, he said. As Internet usage in Central and South America has spiked more than 1,000 percent over the last decade, Duguid said, the number of individuals in the region with the desire and wherewithal to seek to disrupt or penetrate government information systems and networks has also increased.
On Tuesday, U.S. Secretary of State Hillary Clinton is opening the London Conference on Cyberspace, a global gathering that will look at how nations can cooperate to fight online criminal networks.
In Colombia, government websites have been hacked and altered 480 times this year, according to Zone-H data. In all of 2010, less than 250 such defacements were reported. In Ecuador, government websites have been compromised 230 times. Venezuela has seen 200 government websites hit this year.
Venezuelas slow Internet connections have kept it from being a hotbed for hackers, said Rafael Nuñez of CleanPerception, a Caracas-based online reputation company. But the country does have one of the highest Twitter usage rates in the world. (President Chávez has more than 2 million followers more than any other sitting leader except for Barack Obama, who has 10.8 million.)
That has made Twitter a prime target for hackers, Nuñez said.
Since July, someone calling themselves N33 has hacked into more than 20 Twitter accounts of public figures, including journalists, artists and opposition politicians. N33s calling card is the image of a red beret one of President Chávezs symbols.
I know things like that have happened in the United States, said Nuñez, recalling that Obamas and Sarah Palins Twitter accounts were hacked while they were on the campaign trail. But this isnt something weve seen here before.
For the most part, the attacks in Latin America have been benign. Earlier this year, Colombia was on alert after hackers published police officers contact information, but the data ultimately did not represent a security threat, officials said.
But its just a matter of time before a real threat emerges, said Lt. Col. Jairo Gordillo, the head of the Information Technology Group inside Colombias National Police.
Hacktivism represents the greatest potential risk, because it can scale-up very quickly, he said. Groups like Anonymous, for now, are focused on denial-of-service attacks . but sometime they might attack a page that provides critical services, and that might lead to collateral damage if someone needed those services.
Gordillo said police have already spotted hackers breaking into the national communication system and other state infrastructure.
The recent uptick in cyber attacks has the region on its toes. In 2006, Argentina, Brazil, Canada, Chile and the United States were the only countries in the hemisphere with national Computer Security Incident Response Teams. Now more than 15 nations have them, the OAS said.
In July, Colombia rolled out a cyber security and cyber defense strategy that included creating a joint armed forces cyber command, an acknowledgment that the issue is one of national security.
Were anticipating the arrival in our country of risks and threats that have already been seen at other latitudes, Rodrigo Rivera, Colombias Minister of Defense at the time, said as the initiative was rolled out.
Examples of those risks abound. Starting in 2003, The United States was the victim of a prolonged cyber attack called Titan Rain that security experts believe was an attempt by the Chinese government to find system vulnerabilities. In 2007, Estonias government, media and banking websites were knocked offline and parliament members saw their fax machines and cell phones jammed. Experts believe the massive and sophisticated attack was organized by Moscow.
During a recent lecture in Bogota to regional cyber-security specialists, Richard Stiennon, the author of Surviving Cyberwar, said Israel may have used a cyber attack in 2007 to disable Syrias radars before sending in bombers to take out a suspected nuclear plant. That was the same tactic that The New York Times suggested the U.S. was considering before bombing Libya.
Such episodes are harbingers of a new era of warfare, he said. The cyber threat has not matured, Stiennon said. The worst is yet to come.