south-america-cyber
Security

Is South America prepared for cyberattacks?

Eduardo Diaz is president of Neosecure in Santiago, Chile, a cybersecurity company providing forensics, security monitoring, and intrusion detection to major banks, retailers, and other customers throughout South America.  Neosecure has offices in Chile, Colombia, Peru, Argentina, and customers in other countries too. Given his position, Eduardo is well positioned to comment on the cyber security situation in South America and describe the region’s preparedness to fend off major attacks against its infrastructure.

Mr. Diaz speaks English fluently. Yet I have edited some of his direct quotes to fix grammar issues. (Had a journalist interviewed me in Spanish, the situation would be much worse.)

First question: I ask Eduardo whether South America is ready for a cyberattack against the power and water systems, the stock exchange and other critical infrastructure, and whether there is any kind of cyber command in each country.

He says, “We are seeing a growing number of attacks to the infrastructure. Some attacks are based on political issues. Someone from Chile attacks Peru. Someone from Peru attacks Chile and so on.” He is referring to border disputes between Chile and Peru and Chile and Bolivia. Chile and Peru have settled their dispute while the border dispute with Bolivia remains open and is particularly heated.

Regarding overall readiness he says, “We are in the early stages of protection. In some countries they don’t have a list, don’t have a protection plan. It’s not like the USA where they have a government plan. Here cyber-defense varies by country.”

Colombia on top

Diaz says Colombia has the best cybersecurity defenses at the national level.  This is because Colombia has been at war with the FARC guerrillas for 50 years. They frequently attack physical infrastructure, blowing up power transmission lines and petroleum pipelines. Also Colombia has had a violent past of extortion and kidnapping although the security situation there is much improved. 

Diaz says, “What I see is that Colombia has a better system because they have had security issues for a long time. But better does not mean good.” 

Of the Chilean government he says cyber security says exists in name only. 

“What we see in Chile is we really don't have a government that is concerned about what could happen. They designed some committee, but it is just words. I think in Chile we are not prepared for that. We don’t have any kind of protection or any kind of response team.”

Asked to describe some specific attacks, he points to major attacks in Brazil and Chile.

“We saw in the past a huge attack against the banks. There years ago there was a huge DDoS attack against Brazil.” The attackers were not known.

Asked about data loss he says, “There have not been any major data breaches.”  But he adds that there is no law that requires victims to disclose data loss to their customers. 

Rather, DDoS is the issue here. Diazo says that this summer, banks in Chile suffered a DDoS attack. “It was a huge DDoS attack. The internet payment system did not work for a long time.”

Hacked ATMs

In Chile a couple of years ago Colombian gangs were replacing the electronic card readers in ATM machines with their own devices that would capture the debit card number and mounted cameras to record the PIN as the bank customer typed that in. My wife was a victim of this crime, as was my father-in-law.

“They were a mafia group,” Diaz says. “They are not connected with the FARC or something like that. They are moving between the countries. After that they moved to Argentina and so on.”

“About three years ago there was a Mexican attack on the internet. They used social engineering, phishing and malware to capture a lot of information. The total amount of fraud was $35 million in 2011. Finally law enforcement saw that all the money was transferred to Ciudad de Juárez in Mexico.” 

As for going after the criminals there, he said, “No one wants to go to Ciudad de Juárez. There are places in the world where no one wants to go.”

POS devices attacked via Bluetooth

A year ago hackers placed malware inside the actual POS credit card readers (as opposed to the POS cash register).  Eduardo says, “They hacked the POS, they put devices on the POS device. Then they put a membrane on the keyboard [to capture the PIN] and sent the data over Bluetooth. They used big antennae to connect the POS.”  This is a fairly high tech attack.

Since those devices are PCI (for example, MasterCard) compliant, “Those are supposed to be tamper-proof.” He laid the blame on, “failure of the company that provided those to the Chilean banks.”

Cyberculture

Asked whether there are any cultural issues in South America that makes it difficult to fight cybercrime. Diaz said, “Cybercrime is easier when you have corruption. Corruption is huge. In Argentina, mainly.”

Part of the problem is the detached nature of the internet where one is not dealing with people in person. It can turn Dr Jekyll into Mr Hyde.

Diaz says that in cybercrime people have a different set of morals than those on the ground. There are less cultural inhibitions. Anyone who reads the comments section of an online newspaper knows that first-hand. He points to those hackers in Mexico who executed their crimes from the comfort of them homes.

“We see cybercrime growing very fast because the people’s ethics are different on the internet than the physical world.”

Most of the world’s most notorious internet attacks have been against large US and European companies because there is so much money there and against the US government because of the War on Terror. Criminal mafiosi would seem to the be a big issue here in South America. Diaz points to an alarming lack of preparedness of the countries here to deal with any eventual calamity. Perhaps it will take a crisis to provoke that. Brazil might be doing something to prepare for the Olympics next year. If so maybe some other neighbouring countries will join that effort. But then, maybe not as history shows there is very little cross-border cooperation among countries in South America with regards to anything.

PREVIOUS ARTICLE

« CMO Files: Anjana Arora, VP of Marketing, Infinite

NEXT ARTICLE

C-suite career advice: Mark Woodhams, NetSuite »
Walker Rowe

Walker Rowe is a US citizen living and working in Santiago, Chile. There he edits the online magazine SouthernPacificReview.com and writes the blog "The Avocado Republic" about life in rural Chile.

  • Mail