Guacamaya Leaks: Amidst Intelligence and State Abuse

Guacamaya, the hacktivist group, is exposing multiple secrets of Latin American governments and armies. This puts on the table the ethical debate concerning the balance between transparency, national security and citizens’ right to intimacy. Hackers spied on them, but they spied on us.

Illustration: Erick Retana

By Cristian Ascencio

September 19th is a holiday in Chile. On that day, the country observes “Glories of the Army” with a military parade in which the Armed Forces march in front of the top civil authority. It is a celebratory day that members of the military prepare in advance to demonstrate that they are the most professional and trustworthy Army in Latin America. 

But someone rained on their parade this year. On that same day, the hacktivist group Guacamaya leaked 400,000 e-mails uncovering the cyber vulnerability of one of the military corps with the largest budget in the region. The leaked e-mails belong to the Joint Chiefs of Defense and they cover issues such as neighboring countries, the migration crisis, the Mapuche conflict, the social outburst of 2019 and activists. 

How did the hackers get their hands on these e-mails? They did it by means of a gap in the Microsoft e-mail servers, an attack that is known as a ProxyShell, of which Microsoft had warned its users back in March 2021. Guacamaya also managed to leak, through similar cracks, e-mails of the Armies of Mexico, Peru and El Salvador, which have been shared with journalists and interested organizations throughout the continent. Additionally, as the group announced, it could leak documents of the Colombian Army in upcoming days.  

The worst, according to Hiram Camarillo an expert in cyber security and CEO of Seekcurity, is that the Mexican government’s cyber security vulnerability had been a matter of public knowledge for a while, there were even audits that had warned about it. “Guacamaya detected that another person or group had accessed the e-mails of the Sedena (Secretary of National Defense) before they did.” Camarillo adds that these and the other hacks required an intermediate level of expertise, “not knowledge at Nasa level.” 

In the case of Mexico, Guacamaya managed to download six terabytes of information which reveal that the Mexican Army dedicates a significant part of its intelligence tasks to writing reports about activists. Feminists’ meetings, Chilean-Mexican singer Mon Laferte and indigenous leader Maria de Jesus Patricio Martinez, known as “Marichuy”, have all been featured in reports. In a document, the militaries equate feminist movements to subversive groups. Zapatista indigenous people from Chiapas and the family members of the students  of the Ayotzinapa mass kidnapping are also in the reports.

But that is not all. According to an investigation by R3D (Red de Defensa de Derechos Digitales), Animal Politico, Proceso and Aristegui Noticias, conducted using the documents leaked by Guacamaya, the Army spied on at least three journalists using the popular Israeli spyware Pegasus. Those journalists in particular were investigating alleged human rights violations committed by the Armed Forces. In fact, the #GuacamayaLeaks confirmed that the militaries had procured the spyware Pegasus, despite the fact that they had denied it. 

Luis Fernando Garcia, Executive Director of R3D, claims that the Guacamaya leaks validated something that had been presumed: in Mexico, the Army is in charge. So much that it may even spy on citizens without a warrant or disobey the President of the Republic without repercussions.

Garcia explains that the Mexican Army does not have the authority to intervene in communications “unless they have a federal warrant, and even if they did, it should be reported quarterly, which it hasn’t, so any intervention on their part is flagrantly illegal.”

It is worth remembering that President Andres Manuel Lopez Obrador denies that journalists have been spied on in his administration. In fact, in recent days, the President dismissed much of what has been revealed by the leaks, even if the documents contradict him. For instance, he denied that members of the high command had tried to intercede on behalf of militaries under investigation for the case of the disappearance of the students in Ayotzinapa. Yet, leaked documents include a letter by General Luis Cresencio Sandoval in which he makes an appeal on behalf of the first military that has been sent to jail for this case. 

Also, some documents prove that members of the military deterred the experts’ probe during the investigation of the Ayotzinapa case. Furthermore, a general refused to allow the excavations on lots of land near military barracks to take place.

In another facet of the leaked e-mails in Mexico, the messages reveal that the Army has fostered an organizational culture to keep sexual abuse against female members undercover. According to an analysis of over 1,000 e-mails conducted by El Pais, victims are usually ignored, discharged or transferred. Out of 308 accused militaries, only five were sentenced and ten processed. Overall, cases ended up being filed. 

In Peru, the leak is not as large (100 gigabytes) but equally shocking in terms of the activities conducted by the military intelligence. In the e-mails, there is one with a report on what the Peruvian Army considers “impacts to the democratic State”. It features political parties such as Patria Roja; popular leaders, such as former representative of Izquierda Unida Bladimiro Begazo; and former militant of Frente Amplio and recent candidate to the regional government of Arequipa, Hector Herrera. The latter is included for having defended in court citizens who protested against the Tia Maria mining project. The leaked e-mails also criticize teachers, local journalists and NGOs that act as consultants to the civil population against mining projects.  

The Peruvian outlet La Encerrona asked the Army for comment regarding the leaks. No reply was given, but the militaries did threaten to accuse the journalists of treason. 

Many questions arise from what is going on in terms of drawing the line between information necessary to protect national security and spying on citizens, even pertaining to what Armies consider subversive activities. Is it acceptable for a military force to write reports about organizations in civil society or environmental activists? 

For Juan Carlos Lara, Director of the NGO Derechos Digitales, states can undertake intelligence activities to safekeep national security but abiding by legislation and with accountability. “Looking for threats in times of peace may result in trying to find alleged threats anywhere. We need protection from exaggeration to justify espionage activities by the states.”

What do we know about Guacamaya? It is not its first time doing hacktivism. It had posted information about extractive industries, i.e., Minera Fenix in Guatemala. When the documents leaked by Guacamaya were reviewed, a group of 65 journalists discovered that the Swiss-Russian conglomerate Solway, parent company of Fenix, had plans to burn down subsistence agriculture crops, buy off local leaders and bribe the National Police. Yet this year, Guacamaya went from hacking companies to hacking Latin American Armies, accusing them of being accomplices of extractivism.  

In a statement published on the internet, the hacktivists explain their motives: “The Armies of Abya Yala (the indigenous word for the American continent) have guaranteed and made room for extractivist companies coming from the Global North. They are acting as their bodyguards. The Army is doing the dirty work of the states, companies and organized crime, such as drug trafficking.” 

The latest leak of e-mails from Latin American militares was dubbed Operation Repressive Forces. The group explained how they downloaded the documents in a video with hip hop music in the background. 

Although the leak has allowed societies, for instance in Mexico, to learn about their government’s illegal activities, it also poses questions in the opposite sense: What would happen if these documents fall into the wrong hands? Or, how safe is the identity of informants from criminal groups, for instance? And, not to go far, what does the government have on us, such as health and judicial records, debt, etc.? “What is the use of protecting our own personal information, not giving away our identification number in stores, for example, if someone is going to hack it from government institutions,” Hiram Camarillo adds. 

“This is extremely sensitive information that is highly damaging. I am concerned about who might have access to it and sell it,” Nadia Sanders, editor of La Lista website who had access to the files, said in BBC Mundo. It is very hard to say who will have access to these files, although prior to the download you need to request the links –with due accreditation as a journalist– through the site Enlace Hacktivista and the platform forwards a user and a password.

“These leaks are a response to a lack of transparency,” says Juan Carlos Lara. But since they are done through irregular channels “it exposes private information of people who have been illegally followed.”

For Lara, it is important to protect the work of journalists now that they are reviewing the leaked documents, hopefully as responsibly as possible. “As much as we recognize that these leaks make up for a lack of transparency, there must be some liability for how much information is put out there, mostly information that affects citizens.”

DEJA UNA RESPUESTA

Por favor ingrese su comentario!
Por favor ingrese su nombre aquí