Hackers in Mexico have found a profitable illicit enterprise in extorting businesses by hijacking computer systems, another dimension in the country’s large and growing cyber crime industry.
Speaking at a security conference in Mexico City, the head of Mexico’s Scientific Police Division, Ciro Humberto Ortiz Estrada, described how hackers remotely “kidnap” the computer systems and databases of businesses, reported La Jornada.
The criminals then demand payment — usually between $2,000 and $3,000 — for the user to regain access to the system. The individual or company is normally forced to pay by electronic transfer into national or foreign bank accounts.
Small and medium sized businesses are the most vulnerable to these attacks, as they often do not have the sophisticated protection systems of larger companies, according to Ortiz.
Ortiz warned cyber crime in Mexico was growing rapidly: while criminals made an estimated $2 billion from cyber crime in 2012, this increased to $3 billion in 2013, he said. Over the course of 2013, Mexico’s Federal Police registered 23,543 cyber crime cases.
InSight Crime Analysis
Mexico’s high internet connectivity and abundance of criminal groups have made it a growing hub for cyber crime — which more commonly takes the form of hacking, scams, fraud and theft.
SEE ALSO: Coverage of Cyber Crime
Reports of cyber extortion in Mexico are not new, with a 2011 McAfee survey of electricity infrastructure executives revealing that up to 80 percent of Mexican participants had been subject to cyber extortion.
However, the extortion reported by McAfee was principally based on threatening to bring down networks with distributed denial of service attacks (DDoS). The strategy of holding systems for ransom described by Ortiz suggests the crime is evolving.
Elsewhere in the region, less sophisticated forms of extortion that make use of the internet are also taking hold. In Colombia, for example, extortionists track down personal data online and use it to blackmail victims.
Mexico is now taking steps to address the problem of cyber crime. In 2012, the country created the National Cyber Incident Response Center (CERT-MX), and according to Ortiz, the federal government is currently evaluating a legal reform that will establish penalties for specific cyber crimes. However, as illustrated by the latest reported extortion techniques, the challenge is not limited to establishing new judicial and institutional mechanisms for tackling cyber crime, but also involves keeping up with a rapidly evolving criminal sector.