Hacking Governments and Government Hacking in Latin America: 2022 in Review

In 2022, cyber-attacks on government databases and systems broke into headlines in several Latin American countries. These attacks have exposed government systems’ vulnerabilities—including sometimes basic ones, like failing to keep software updated with critical patches—and shown how attacks can affect government data, services, and infrastructure. On the other hand, they also served to shed light on arbitrary government surveillance practices concealed from proper oversight.

To give some examples, ransomware attacks affected government services in Quito, Ecuador; targeted Chile’s judicial system and the National Consumer Service (Sernac); as well as impacted operations that are dependent on the digital platforms of the Colombian sanitary authority (Invima) and companies’ oversight agency (Supersociedades). Probably the most extensive attack took place in Costa Rica, disrupting government services and leading President Rodrigo Chaves to declare a national emergency.

The Conti group, responsible for Costa Rica’s first hit in April,  has also accessed two email boxes belonging to the Intelligence Division of Perú’s Ministry of Interior (DIGIMIN), seeking a ransom in order not to publish the information obtained. Conti’s message states there was no data encryption in DIGIMIN’s network, and that almost all documents the group downloaded were classified as secret. According to media reports analyzing what Conti eventually published online, DIGIMIN has monitored—under the label of “terrorism,”—public events about missing persons and forced disappearances even when government entities were the organizers. The state's arbitrary monitoring of human rights defenders, political parties, journalists, and opposition leaders came more strongly into the spotlight with the “Guacamaya Leaks.”

#Guacamaya Leaks and #Ejército Espía

Guacamaya is the name of the hacktivist group that in September leaked around 10 terabytes of emails from mainly military institutions in Chile, México, Perú, Colombia, and El Salvador. This was not the first round of “Guacamaya Leaks,” though.

Earlier in 2022, the hacktivist group leaked documents related to mining projects in Guatemala and mining and oil companies in Chile, Ecuador, Colombia, Brazil, and Venezuela. The earlier leak led to the Forbidden Stories’