For Hiriam Alejandro Camarillo, CEO of Seekurity, a firm specializing in cybersecurity, there is always the risk of a database breach for companies, but it increases for the government and its agencies, whose staff on many occasions “can extract information and even sell it”, in addition to the fact that many of its elements in cybersecurity areas do not have the experience and training to shield the information of its operations.
Since 2020 various government institutions have been hacked, such as Pemex, National Lottery, the Mexican Institute of Social Security (IMSS), Bancomext, Ministry of Economy and the same Federal Electricity Commission (CFE).
“The people who are in charge of cybersecurity areas did not do their job, and if they did, they did it poorly or had no experience. This meant that many times there was an incident or that the equipment systems and servers could not be recovered. (Government agencies) always tell you that they are safe, but inside, it is a totally different case,” says Camarillo.
This could be replicated in the CFE Telecom mechanism for its telephony users and even for people connecting to free WiFi hotspots that it will install in hospitals, schools and public squares, which, being an open network, poses risks of privacy violations for citizens.
The Network in Defense of Digital Rights (R3D) assures that free networks represent a risk because hackers enter these Wi-Fi points can access certain information on the networkfor example, how many devices are connected, the address a user connects from, or the sites they visit.
Brenda Escobar, executive director of Telecommunications Policy, Connectivity and Infrastructure, in a June interview with Expansion detailed that On average, up to 170,000 people connect daily to the 23,500 Wi-Fi points that are currently enabled in the 16 city halls of CDMX and use the network of the company CFE Telecom.
Come espionage risk
The risk of leaking data from the state OMV is not the only concern that appears, there is also the possibility that the government can use the information of its mobile phone customers to spy on them and not only direct users, but also people who connect through the company’s free Wi-Fi points.
According to the director of Seekurity, the government already has the ability to listen to and review the calls and messages of any person, because many times has access to the antennas and systems of the telephone companies.
“Now we are talking about a government entity that is going to collect data to access a telephone service and, in these terms, it will be easier for the government to request information from the CFE about its users since CFE will not have to issue statements or does not have to say or justify any legal measure so that they can give access to other entities,” he explains.
Espionage by the government has become relevant due to the Pegasus system that has been used in the country to monitor journalists and social activists. The most recent case of hacking in Mexico by the Guacamaya group revealed that Sedena has espionaged this group of people.
The government has sought to create mechanisms that allow it to access citizen data. The latest attempt was the National Registry of Mobile Telephony Users (Panaut), which would force the 134.1 million users who currently have a telephone line to provide their personal and biometric data to combat telephone extortion. However, the Supreme Court of Justice of the Nation (SCJN) declared the invalidity of the entire decree creating the Panaut considering that it violates human rights in terms of privacy and protection of personal data.
Digitization accelerates cyber attacks
The pandemic accelerated the digitalization of companies, governments and users, but this change made visible the vulnerability of delivering and storing data in operating systems without a cybersecurity strategy that allows to protect digital information, devices and assets.
Mexico at the Latin American level has become one of the main nations to register attempted cyberattacks only in the first half of this year. According to Fortinet, a cybersecurity company, the country suffered 85 billion cyberattack attempts from January to June of this year, which implies an increase of 40% compared to the same period last year.
“Mexico has been the most attacked country in Latin America, followed by Brazil and Colombia. Mexico was also the country with the highest activity in the distribution of ransomware (harmful program that steals data) in the period from January to June, with more than 18,000 detections, followed by Colombia (17,000) and Costa Rica (14,000)”, indicates the data report of Cyberattack attempts in Mexico 2022 carried out by Fortinet .