Gustavo Castillo and Reuters
Newspaper La Jornada
Saturday October 1, 2022, p. 7
The cyber attack that impacted sensitive information of the Secretary of National Defense (Sedena) was perpetrated against a server that the unit uses in the cloud of a private company, since their systems are in convergence for what within the armed institution is called the Cyberspace Operations Center, military sources pointed out.
The group of cyberattackers called Guacamaya Hacks opened a Twitter account in September of this year, and according to records it has 38,872 followers. In his account he presents a link that leads to a web page called Hacktivist Link, whose objective is to document “the history of hackers“, in addition to share educational resources for hackers
. also provides a space for hackers to post their attacks, leaks and releases
.
The interviewees referred that the information obtained illegally by the Guacamaya group are mostly reports prepared by different areas, which were in the process of being integrated into the cyber platform developed by Sedena and with which they will seek to have the highest level in 2023. security and its development can be used by other dependencies.
However, the start of the Cyberspace Operations Center was complicated because, despite being considered a priority project of the military institution, the 585 million pesos requested were not considered in the 2017 budget.
According to a report by the Reuters agency, “the hack which allowed the obtaining of six terabytes of classified information, including thousands of emails from the Mexican Army and Navy, has revealed the great vulnerability of the government and the country in cybersecurity issues, derived from insufficient investment and planning,” experts warned.
Yesterday, President Andrés Manuel López Obrador confirmed the massive leak of confidential Sedena documents that, among other things, brought to light medical reports that give undisclosed details of the president’s coronary ailments.
“Six terabytes it is a significant measure in terms of information. If we talk about documents, I could say that it is outrageous,” said Francisco Solano, Logicalis IT and portfolio director for northern Latin America. It is something that lets us see that it was not a fortuitous situation (…) It has a plan, it is well thought out
he added.
According to Solano and specialized web pages, the vulnerability exploited by hackers It was an evolution of ProxyShell, a weakness in the Microsoft Exchange server detected in the first half of last year that, however, the Mexican government was unable to correct due to lack of resources.
Many of the patches for the protection of this vulnerability were published months later, but this forced to carry out relevant updates. When the necessary automation mechanisms and staff are not in place, it becomes even more complex. We have the antidote, but not who applies it
Solan opined.
According to various private studies, Mexico is the country in Latin America that receives the most cyber attacks. However, according to the prestigious National Cybersecurity Index, it ranks 84th out of 160, below countries such as Colombia, Panama, Jamaica or Peru.
In the initial nine months of operation of the first stage of the Cyberspace Operations Center, in 2020, 5,535 cyberattack attempts were detected on the servers used by Sedena, according to agency reports.
According to the definition given by the General Staff of the Sedena, this center, whose base of operations is located in Military Field number 1, in Mexico City, intends to allow the armed forces to act in this new strategic scenario
to combat the risks to national security posed by illegal activities on the Internet, including the spread of computer viruses, hackinformation theft, digital espionage and fraud.
This site tracks, through various tools, cyberattack attempts and tries to identify the weak points of a computer system.
In this context, and according to data from the military institution, one of the main attacks is known as malicious code injection
of which there were 1,496 attempts in 2020. Another type of breach attempt is made through software malicious, with which it seeks to introduce programs designed to erase information, damage it, duplicate it and send it abroad or encrypt it and ask for a reward in exchange for releasing it. In 2020, 1,334 cases were reported.
