THE HACK PACK
During the most recent Mexican Independence Day celebration, hackers initiated “Operación Tequila,” posting a video on the Mexican Congress' official website accusing the government of treason and exhorting others to join the movement. The @MexicanH Twitter handle simultaneously released the email passwords of numerous congressmen.
“We are all security cameras, waiting for the precise moment to capture corruption and injustice,” MexicanH Team told Fusion via direct message on Twitter.
MexicanH calls itself a wing of the Anonymous collective in Mexico. “The group was founded to prevent Anonymous from engaging in illegal acts,” says the person or persons behind the Twitter account, also stating that Anonymous is not only composed of hackers.
“There are all types of people, professors, engineers, students, etc.” A New Yorker article posits that most members possess minimal technical skills and are “geeks and protesters.”
MexicanH Team says some of its previous stunts include accessing the databases and servers of the Mexican army, navy and the ruling party as well as network giant Televisa.
Hackers did infiltrate these databases and servers. But in the realm of hacking and the deep web it is very difficult to verify actors; many leaders are self-appointed and virtually anyone can claim membership or responsibility for a hack. Moreover, it is difficult to pinpoint whether a one-man organization or an actual coordinated group of hackers performed these cyber attacks.
“We are Anonymous. We are legion,” the amorphous group is known for saying. This could simultaneously be the collective’s strongest and weakest asset.
Nonetheless, the group's Mexican cyberwar was thrust into the real world when the hacktivist collective uploaded a video stating the Zetas cartel had kidnapped one of their members in the coastal city of Veracruz after they initiated #OpCartel, an international online effort to expose ties between the criminal organization and legitimate businesses and law enforcement.
It is rumored the victim was released hours before the symbolic Nov. 5 deadline set by the speaker in the Guy Fawkes mask. Nevertheless, the victim was not identified and no police report was filed. The private intelligence firm Stratfor confirmed that in 2011 “four people with connections to anti-cartel blog websites” were attacked. Stratfor analysts warned they had “seen evidence of cartels employing their own computer scientists to engage in cybercrime” and thus “cartels likely have individuals working to track anti-cartel bloggers and hackers.”
The Daily Beast recently published a report on how cartel hitmen put a bounty on a woman that tweeted against them. The last photograph published from her account was of her “lying on a dirty floor with a coup de grace bullet wound in the face.”
MexicanH tells Fusion it was forged to act as the online muscle, a measure to allegedly protect the collective at large from retaliation or legal persecution.
Hacktivism is starting to gain steam in Mexico, mainly as a direct response to government policies and tactics regarding the Internet, social networks and new technologies.
Rodrigo Samano, Director of Intelligence Services Latin America, a cyber-security start-up based out of Mexico City, believes that many individuals and groups claim feats done by others to gain hacker prestige. Samano says the Mexican Congress webpage hack does not have the typical traits of an Anonymous group attack. “I wouldn't attribute MexicanH to Anonymous regulars, but then again, anyone can join."
“You have to think of Anonymous as the behind the scenes architects who create a gateway which is then filled and traveled by the masses.”
Samano is concerned that while sensible government information has not been accessed and divulged, Mexican institutions are still at an “early stage” when it comes to cybersecurity.
Authorities are now taking action to improve this and intelligence gathering, but Samano says the main idea behind some of the country’s new Internet laws and government actions look like the goal is “to spy on and censor users.”
On Dec. 2, 2013, the web hosting company GoDaddy.com suspended the domain of anti-government website 1dmx.org. In an email, the GoDaddy digital crime unit told the site administrators 1dmx was now “part of an ongoing law enforcement investigation.” The officer in charge of the probe was said to be a special agent from “Homeland Security Investigations” based out of the US Embassy in Mexico City.
On March 2014 the website resurfaced via op1d.mx, releasing a statement accusing the American and Mexican governments of having censored the domain for hosting content and evidence showing how demonstrations against Peña Nieto assuming office on December 1, 2012 were suppressed:
“The documentation assembled by citizens confirmed that the Federal Police used rubber bullets. It also proved that the projectile that killed the theater director and activist Juan Francisco Kuykendall, came from police forces and not from the demonstrators. Videos and pictures showed that the police acted in coordination with government paid rioters.”
Luis Fernando Garcia, a human rights attorney who helped 1dmx.org file a lawsuit, tells Fusion “the Mexican government denied before a judge ordering the suspension of the domain.” However, he says a GoDaddy employee revealed the petition came from the Federal Police’s Specialized Center on Technological Response (CERT-MX for its Spanish acronym) via Homeland Security special agent Jason Barry.
A May 2013 Immigration and Customs Enforcement press release confirms agent Barry was stationed in Mexico City. A speaker bio from a Crimes Against Children conference confirms Barry worked at the Embassy and has recently begun working at Facebook as the Trust and Safety Manager for North America.
Facebook declined to comment. The U.S. Department of Homeland Security did not respond to Fusion’s inquiry on U.S. involvement. Fusion submitted A Freedom of Information Act request, asking ICE for all documents pertaining to the 1dmx.org domain investigation. ICE withheld the documents from Fusion citing three exemptions and alleged disclosing these files could cause "clearly unwarranted invasion of personal privacy" and "sensitive information contained within the responsive records could reasonably be expected to risk circumvention of the law."
According to the 1dmx.org lawyer, ICE agent Jason Barry would have requested the site to be brought down on behalf of CERT-MX, which is a member of the Forum of Incident Response and Security Teams since 2010. FIRST is a private organization that has certified 307 cybersecurity response teams across 67 countries. A presentation by the CERT-MX agency shows that Anonymous is considered one of the main threats within the Internet battleground.
CERT-MX did not provide comment on the 1dmx.org case or confirmed if they are closely monitoring Anonymous. An agency employee tells Fusion CERT-MX was created as a government measure to catch up with the rapid and changing pace of cyberspace. For example, he says that in Mexico denial-of-service attacks, commonly called DDoS attacks, are legal.
A DDoS attack is performed by saturating the server(s)
The government has begun to tackle these matters by focusing more resources on cybersecurity capacitation and promoting cybersecurity legislative initiatives, which hacktivists argue have Orwellian shades.
In June 2013 a new telecommunications law was introduced as part of President Peña Nieto’s set of ambitious reforms, causing an uproar among Mexico’s activists, hackers and Internet enthusiasts.
In spite of the public demonstrations, the Mexican Congress approved parts of the legislation. According to a summary report by CNN, legislators removed the controversial presidential proposal to allow authorities to order service providers to block Internet contents.
Legislators also limited the proposal to allow the government to block communications in certain places or moments designated as critical to maintain public or national security, narrowing the scope to prisons and their surroundings or “when the competent authority instructs in order to cease delinquency.”
The proposal to force service providers to keep a communication record of users was passed without any modifications: “Records will include names, addresses, types of communications, the numbers making and receiving the calls, dates, times, durations and features of the devices used [sic] and service providers will have to store these records for a minimum of two years; during the first year the authority will be able to consult the databases in real time, during the second year the service provider will have to grant access upon request.”
In drug cases, kidnapping, extortion or when a victim’s life is at risk, authorities will be able to intervene on private communications and ask the service provider to give up the geolocation of the user.
Luis Fernando Garcia who also founded an activist group in defense of digital rights was consulted at a Senate hearing on the new law. “The hearing didn’t do any good. In fact, they added more monitoring elements to the law and increased the loopholes.” He tells Fusion this has given the government “carte blanche to access private records.” Moreover, he warns that the law does not define mechanisms of transparency and accountability. “A competent authority to oversee this has not been named and the government doesn’t require neither a judge nor a warrant to approve their eavesdropping.”
Mexico’s Ministry of Transportation and Telecommunications did not respond to Fusion’s inquiries on these controversial clauses.
MexicanH Team says the reform’s “main objective is espionage and censorship.”
Digital convergence researcher and academic Luis Miguel Martinez tells Fusion the telecommunications law passed by the government is heavily influenced by the interests of the nation’s private telecom industries. He says the law has great aspects however. For example, Martinez says it recognizes net neutrality even though it doesn’t offer a clear explanation on how to implement it. “The law also allows public access to satellite networks and article six of the Mexican Constitution was modified some years ago to guarantee everyone has free access to the Internet.” The law also brings television to the digital age, Martinez says.
In 2007 various governments held secret meetings to discuss a new global regime for intellectual property rights. A document obtained by Wikileaks revealed the United States, Japan, Switzerland, the European Commission, Canada, Australia, New Zealand, South Korea and Mexico joined the talks. Wikileaks alleges that the treaty being drafted from these meetings contained legal ambiguities and clauses that could potentially criminalize “the non-profit facilitation of unauthorized information exchange on the internet.” The document has several clauses that seek to sanction “safeguards for Internet Service Providers (ISPs) from liability, to encourage ISPs to cooperate with right holders in the removal of infringing material.”
Mexico’s executive branch signed the Anti-Counterfeiting Trade Agreement (ACTA) treaty but the Senate did not approve it. Critics point out one of the main problems with these laws are the ambiguity of the language they adhere to; without strict definitions, the government could easily decide what constitutes “unauthorized information” or “infringing material” to suit political needs.
When ACTA did not go into effect, some legislators tried their luck once again by introducing a Mexican version of The Stop Online Piracy Act (SOPA), a controversial US bill aimed at tackling online copyright infringement. The Mexican bill was soon dubbed the Doring Law, mocking PAN conservative party Senator Federico Doring, who introduced the legislation. The bill proposed obliging Internet providers to give out the IP addresses of alleged piracy perpetrators to the authorities.
When the bill was introduced, hackers promoted #OpDoring on Twitter and brought down the websites of the Mexican Secretariat of the Interior and the Senate. Senator Doring declined to comment.
Today, Mexico is one of the 12 countries that have entered a series of mostly secret negotiations on the Trans-Pacific Partnership (TPP), an ambitious economic trade agreement being led by the US. Leaked TPP negotiation drafts on intellectual property regulations show that the proposed global regime could have significant effects on freedom of information and how it is exchanged online.
ACTA and these proposed treaties and negotiations showcase how an American know-how on cybersecurity and internet monitoring mechanisms seem to be increasingly influencing the efforts of other nations and the southern neighbor.
On October 16, 2009 Secretary of State Hillary Clinton addressed the “Alliance of Youth” summit in Mexico City. The department of state said “over 100 young leaders, entrepreneurs, policy makers and academics from over 20 countries spanning from Lebanon to Brazil to Sri Lanka” met in Mexico to “explore ways to advance grassroots movements seeking positive social change through 21st century technology and tools.” Speakers included Twitter chairman Jack Dorsey, YouTube’s head of News and Politics Steve Grove and Google’s Principal of New Business Development Kristen Morrissey.
In his new book, When Google Met Wikileaks, Australian hacker and Wikileaks founder Julian Assange says the Alliance of Youth group is a state department effort in “bringing internet-based global ‘pro-democracy activists’ into US foreign relations patronage network.” The conferences are funded by the department of state and corporate sponsors (Google, MTV, PepsiCo, YouTube, Facebook, and others) and Assange says they consist of flying in “carefully selected social media activists.”
The Alliance of Youth initiative has now re-branded itself as Movements.org.
Assange alleges the US government has cozied up to America’s tech giants in an effort to produce these NGO initiatives and exert influence on rising activists and movements that have embraced and thrive on social media.
The Wikileaks founder writes:
“Google Ideas is bigger, but it follows the same game plan. Glance down the speaker lists of its annual invite-only get-togethers, such as “Crisis in a Connected World” in October 2013. Social network theorists and activists give the event a veneer of authenticity, but in truth it boasts a toxic piñata of attendees: US officials, telecom magnates, security consultants, finance capitalists, and foreign-policy tech vultures … [sic] At the hard core are the arms contractors and career military: active US Cyber Command chieftains, and even the admiral responsible for all US military operations in Latin America from 2006 to 2009.”
Assange cites leaked Stratfor emails and accuses Jared Cohen, the founder of Movements.org, former adviser to Condoleezza Rice and Hillary Clinton and now director of Google Ideas, of “trying to plant his fingerprints on some of the major historical events in the contemporary Middle East,” specifically referring to the Arab Spring movements. The emails mention Google’s “covert role in foaming up uprisings.”
Time magazine named Jared Cohen one of the most influential people of 2013. Walter Isaacson wrote: “When Twitter was planning to shut down for maintenance right before the 2009 Iranian elections, Cohen persuaded the company not to because it had become an organizing method for young dissidents.”
Google did not respond to Fusion’s request to interview Mr. Cohen.
Assange could be painting a far too grim picture of a tech giant that also does plenty of good. In any case, Google could be the one who has actually cozied up to the government. The Financial Times reports the tech firm is now the top political campaign contributor, above Goldman Sachs and others.
In the 2012 presidential race, candidate Enrique Peña Nieto was projected to win by a large vote margin. But on May 11, 2012 a calculated presidential campaign stumbled.
Peña Nieto visited Universidad Iberoamericana, a private university in Mexico City to expose his political agenda and vision for the country. The discussion halted after a group of students confronted him for the Salvador Atenco incident where Peña Nieto allegedly had police quell a demonstration in the town which resulted in the brutal beating, death and rape of some protesters. Peña Nieto swiftly exited the auditorium as the student denunciations grew louder. Outside he was chased by a larger congregation of students who blocked his path. Peña Nieto was forced to take shelter in one of the university’s bathrooms.
His campaign immediately accused the students of working for leftist candidate Andres Manuel Lopez Obrador. In response, 131 university students uploaded a video to Youtube in which they showed their ID cards to discredit the political affiliation rumors. The video went viral and the #yosoy132 (I am a 132) monicker was born.
What was believed to be an indifferent Mexican youth suddenly took to the streets. Facebook and Twitter were used to organize mass protests against Peña Nieto and the country’s media monopolies, which they accused of favoring the candidate. The growing movement began to brand itself as the “Mexican Spring.”
Nevertheless, some of the technological tools that yosoy132 was employing to circumvent authorities were soon turned against the movement. Moreover, in Anonymous fashion, the students’ inability to designate leaders, pinpoint membership and coordinate a disciplined strategy while proclaiming a set of concrete goals ended up crippling the entire cause.
A month after the Universidad Iberoamericana incident, Manuel Cossio Ramos, a young man claiming to be a student and a member of yosoy132, uploaded a video to YouTube in which he expressed his disappointment and concerns for the movement.
Ramos accuses the yosoy132 leadership of being "co-opted" by Mexico's left
Contralinea magazine obtained a series of official documents that alleged Ramos was actually an agent for CISEN (Mexico’s intelligence organ). According to Proceso magazine at the time Ramos was the director of Open Source Information — a CISEN unit “dedicated to infiltrating social movements to divide them and spy on their leaders.” A video allegedly uploaded by Anonymous also accused Ramos of trying to infiltrate anti-government websites.
Proceso says Ramos approached the movement, claiming to be an experienced web industry businessman that could help yosoy132 develop its online presence. Proceso claims “his objective was to take control of the domain of the official page www.yosoy132.com.” Ramos reportedly befriended many members via Twitter and after gaining their trust released videos and other materials to the web linking some to Mexico’s left. New technologies had given rise to the movement and now they were being used discrediting it.
Former CISEN director Guillermo Valdez says he doesn't know what happened within Mexico’s intelligence since he left the government in September 2011. “CISEN’s actions are directed by an agenda of national security risks which is approved by the National Security Council,” he explains. “When I was at CISEN political or electoral issues usually did not pertain to national security.” He emphasizes that “following up on a case does not necessarily imply espionage in the pejorative sense of the word.”
One of the so-called leaders of the movement, Antonio Attolini, tells Fusion he only saw Ramos once. “I was never interested in these conspiracy theories: that we were being financed by the left or we had been infiltrated by the right.” He says social networks allowed the movement to get the utmost participation. “The Internet is the great equalizer of our time,” he says. Attolini explains the problem was that these new tools of participation did not translate into forms of organization, social networks would allow many politically compromised individuals to join in real time and this “ended up stalling the movement.”
Attolini claims he is not the “self-appointed” leader as many of his critics point out. “People asked me to be the interlocutor, they favored my voice over that of others because they said it was much more succinct and concrete.” He says yosoy132 thrived on the holy trinity of social networking: “Twitter was our velocity, Facebook our formal organization and YouTube our ideological reinforcement."
The yosoy132 movement spread nationwide and eventually incorporated tens of thousands of students across Mexico’s private and public universities. However, the street demonstrations were soon joined by other groups with highly politicized agendas; worker syndicates, anarchists and some who saw this as an opportunity to commit acts of vandalism. Virtually anyone could claim to belong to yosoy132 while smashing windows, the movement’s powerful uniformity became its Achilles heel.
Peña Nieto won the election and the students returned to the classroom. Some of the visible heads of the movement ended up working for Televisa, the network giant they had once accused of monopolizing television and imposing candidates.
SPAM THE CONVERSATION
A study conducted by Indiana University Computer Scientists John-Paul Verkamp and Minaxi Gupta showcases how spam Twitter accounts were used for the “dilution of protests against the Mexican presidential candidate, Enrique Peña Nieto.”
The event they focused on was the May 19-20, 2012 anti-Peña Nieto march popularly branded in social media as #marchaAntiEPN. The study determines the event was “inundated with spam tweets intended to dilute their content.” Verkamp and Gupta found the percentage of spam accounts was low but their tweeting was high. “In Mexico, 50 spam accounts produced a sustained 1,000 tweets per day throughout the incident.” For example: there were 28,000 legitimate accounts producing 306,000 tweets vs. only 3,200 fake accounts producing 498,000 spam tweets.
A study graph showing tweets by date
Verkamp tells Fusion the accounts were “obviously generated by a computer, as the vast majority of accounts had names that looked the same, following a pattern: first name, last name, number, such as AnaAvil58972814, AnaAvil76571383, etc.” He says “the goal of these tweets seems primarily to drown out the legitimate conversation that would otherwise be happening around a certain set of hashtags.”
“The goal mostly seems to just be more chatty and break Twitter's search and streaming functionality, so that when a user comes to Twitter looking for information, instead they would find two thirds of the posts, or more at times, to be worthless or counter to what they were looking for," Verkamp explains. He can’t confirm if the spam was coming from Peña Nieto’s campaign. “It could easily have been either people directly involved in the campaign or merely supporters that wanted to help,” he concludes.
Computerized spam accounts are not the only tools used in the Internet battleground. There are companies that will actually hire persons to open up numerous accounts and tweet all day. A former employee at iBloom, a digital marketing company in Mexico, says that during election season the firm would hire many independent contractors who would spend 8 hours a day doing this.
“They would pay them approximately $600 a month in cash to keep them off the books.” The employee who spent two years at iBloom said each of these contractors had to send out 400 positive tweets on a daily basis using approximately 5,000 accounts. The employee reveals the company serviced the ruling party, its presidential campaign and many politicians from Partido Verde, one of the parties that formed part of the coalition that took Mr. Peña Nieto to power. “All political parties are doing this, bombarding Twitter with positive comments about their actions and policies.”
An Organization of American States (OAS) report graph shows the breakdown of spam in Latin America.
Jorge Messianu, a community manager for FireFish, a digital media agency in Mexico, says some of these bombarding accounts are called “Trolls” since they try to cause a viral disturbance whether it is through positive or negative feedback. Messianu says political parties are behind most of the “positive trolling” and that this is a growing trend. “We are seeing a lot of this with the upcoming governor elections,” he says.
This is also happening with the current student protests in Mexico. An analytical study published by Mexican newspaper La Razon says that 90 percent of all the accounts tweeting the anti-Peña Nieto hashtags such as #DemandoturenunciaEPN (I demand your resignation EPN) come from Twitter bots.
Guardian or Spy?
The yosoy132 experience planted many of the seeds of hacktivism, which is now growing in Mexico.
The laws to suppress hacker collectives are growing as well. Moreover, NSA-style surveillance is being imitated by developing countries seeking to improve their cybersecurity capabilities.
Former CISEN director, Guillermo Valdez tells Fusion “intelligence is increasingly gathered from open sources and everything on the Internet is open source.” He says governments need new systems and software to do this and believes intervention is necessary. “In 2011 there were more than 2,000 terrorist webpages online, if you don’t find those sites and enter them to see what they are saying, then you can’t find out what they are up to.” Valdez says that Mexico’s new telecommunication law was conceived to allow private communication intervention “fundamentally for kidnapping cases” and says this is not a “carte blanche” for the government to access private records.
“Weak cybersecurity is one of the gravest dangers to national security,” he explains. “You can have hackers playing little games and invading Twitter accounts or blocking government web pages, but those hackers can also steal confidential information from banks or PEMEX.”
Digital convergence academic Luis Miguel Martinez tells Fusion “the hacker movement in Mexico is incipient compared to that of other nations.” He points in another direction: “the yosoy132 and the student protests now, these can be considered the true agents of change, taking advantage of social networks to achieve organization."
The Mexican government has announced the creation of The National Center for the Fusion of Intelligence, centralizing resources from The Attorney General’s Office, the army, navy, the Federal Police and CISEN. A new Law of Intelligence is also being drafted. The coordination of intelligence gathering is crucial in the fight against drug cartels and other forms of organized crime.
A report by the Organization of American States says that in 2012 in the Americas "hacktivist campaigns brought important unforeseen benefits." According to OAS the threat of politically motivated hacking "did provoke increased collaboration among key stakeholders, including law enforcement agencies, Internet service providers (ISPs), and an infrastructure operator."
OAS says that in 2012 Mexico "registered a 40 percent increase in the number of cyber incidents," mostly hacktivist attacks. "The country still cites a lack of legislative norms and public awareness as reasons for cyber insecurity," states the report. However, the real issue at stake does not seem to be making a political statement. OAS warns "organized crime groups are becoming cybercapable and hacker syndicates are growing in number and sophistication."
An OAS report graph shows the breakdown of malicious website hosting in Latin America.
Governments need to strengthen the state's cybersecurity capabilities. The dilemma seems to go back to the question of trust. Can citizens trust that these new laws and actions will be used to further unpoliticized national security purposes?
PRD leftist party Congressman Fernando Belaunzaran says the answer is no. “I see the old regime’s authoritarianism being restored in Mexico,” he tells Fusion. He warns all these new intelligence proposals will be coordinated by the Secretariat of the Interior, stating intelligence gathering is a state task not a government instrument. He says that in Mexico “Intelligence is being used to find who the political opposition is sleeping with and not to tackle national security problems.”
The Congressman alleges that the creation of the new Intelligence Center erases the division between ruling party and state. He also complains the telecommunications law is dangerously ambiguous, stating articles 189 and 190 of the law “allow any security organ to request information,” from governors to municipal police. He points to the recent disappearance of the 43 Mexican students, “Can you imagine what would happen if the Iguala police was able to request personal data?” He believes Mexican authorities will not resist the temptation to exploit these ambiguities in the law for political purposes.
The current Mexican student tragedy has sparked mass protests nationwide, originating across Mexico’s public and private universities. #DemandoturenunciaEPN (I demand your resignation Enrique Peña Nieto) is now a trending topic on Twitter in Mexico. There is a similar yosoy132 momentum, less hopeful and more aggressive as depicted in the burning of government buildings in the capital of Guerrero, the state where the students disappeared and mass graves were found.
MexicanH Team encourages hackers to launch an operation against the government of Guerrero
Hacktivists and social networks are bound to play a key role in these rising movements, however demonstrators should keep in mind they are no longer the sole masters of the Internet and social networks; these have ceased to be spaces free of restrictions, tailored only for the youth.
At a conference on Internet issues in late October, the research firm AMAI said Mexico lead the market in the use of social networks. AMAI stated the global social media penetration average is at approximately 85 percent while Mexico is at 98 percent.
The latest data by The National Institute of Statistics and Geography (INEGI) shows Mexico’s Internet user population is at 44 percent, 71 percent of users being below the age of 35. The government wants to bring the internet to the masses. In September, Facebook CEO Mark Zuckerberg visited Mexico and held talks with President Enrique Peña Nieto and telecommunications magnate Carlos Slim to discuss ways to expand the nation’s Internet access and capabilities. But wiring-up doesn't necessarily mean progress.
Young Mexicans can simply look north to see how living "on the grid" comes at a cost. In the words of NSA whistleblower Edward Snowden; “Even if you are not doing anything wrong, you are being watched and recorded.” Like most tools, the Internet can be used for good or bad, people will be quick to praise it and simultaneously denounce it. Regardless of which direction the conversation turns, the net neutrality days are over.
November 5, 2014: Anonymous members and supporters across the globe take to the streets in the #MillionMaskMarch