March 13, 2015

In recent forensic investigations for U.S. customers, we stumbled across a lot of non-proxy’d attacks from Latin American countries. Many people ask us why a lot of attackers don’t even both to disguise their true source IP addresses? Well, there are a lot of different issues surrounding this.

  1. Weak IT Legislation, no IT legislation or governments/law enforcements unwilling to co-operate with certain countries. This is something that can’t be changed and won’t be changed easily. In certain countries you can buy piracy software, piracy music on 8 Gib USBs, 100 Gig hard drives full of latest movies in “mercados”. Those countries of course don’t care about hacking activities or other illegal actions done online, if they permit it offline.
  2. Complete incompetent Internet Service Providers who ignore all aspects of Security, logging and so forth. We won’t mention countries or ISP names but the issue is more than wide spread. During one of our recent assignments we found that complete Peering Routers of various IPs had no access filter for remote access and the usernames were set to: admin and guess? admin123. We discovered that all main core and DSL access routers all had the same local authentication of admin and admin123. Should a hacker uncover this, a 4 million people city is pretty much offline.
  3. Wireless Security is to 95% non existent. For example in Mexico 50% of all private and business users have either their Access Points open or WEP encrypted. Those who use WPA, leave it to factory standard which is a numeric number of 8 – 12 digits. A rainbow table for this is standard equipment for any Pentester. Then you have like 5% left where you may need to employ Social Engineering techniques.
  4. Location Tracking and IP address assignment from ISPs. Another big problem. IP addresses are being handed out in a widely uncoordinated manner, meaning that a person in city X will get an IP in city Y. Mobile Apps particularly suffer from those assignment and tracking problems making it really hard to track the actual location.
  5. Little to no IT Security awareness amongst employees of ISPs and businesses. Whilst social engineering works well in developed countries like the U.S. or Europe, in Latin America even basic password rules are widely ignored. There is a strong understanding that physical security is important (gates, guards, cameras etc.) but IT equipment is left wide open.

The list goes on and on and with those deficits in IT Security across complete country infrastructures, hackers and people with malicious intend have no obstacles in their way doing what they are doing. The missing legislation in many countries along with the non-enforcement of the little legislation in place certainly assists hackers in their activities.



Security issues in Latin America

Author: Martin Voelk
December 11, 2014

We have quite a few government and private industry customers in Latin America. We are used to the fact that Security is by far not as advanced as in the U.S. or Europe, but what we encountered recently in 3 different Latin American countries is scary. We won’t be mentioning the countries specifically as we do not want to provide any further details, but as we have a lot of readers from Latin America, this little post should serve as an eye opener.

Piracy Operating Systems

In many Latin American countries you can simply buy any Operating System such as Windows on a street market and many governments don’t have laws against this or don’t enforce it at all in Latin America. No one should do this but so many individuals and businesses do. The problem is that a lot of those cracked OS versions have built-in backdoors which automatically expose the machine on installation and people don’t realise it.

Windows XP

Despite Microsoft’s end of sale / support / patching of Windows XP, we found XP to be the most widely deployed OS in many Latin American countries. This is a hackers dream. High class remote and client side exploits are available and Microsoft won’t patch any more. Bad enough if private persons still use it, shocking that governments have it in use still.

The USB enforcement

Many of the countries in LATAM now try to move taxation duties online. Nice idea, but where is the security? One example is that business owners in certain countries in Latam have to go to the tax office with their report sheets in electronic format. You can guess where this is going….yes. They expect people to put it on a USB which the Admin ladies then plug into their Windows XP systems. That cries out for a client side exploit with auto-run enabled on Windows XP per default.

There are very few security companies operating in Latin America. IT Security is widely neglected. Everyone understands the need for physical security, CCTV, barbed wire etc. but when it comes to online security even governments fail on basic security. We try to play our partner in Consulting and making at least our customers more secure, but it’s a drop in the ocean, so we hope that if people from Latin America read this article they may take IT Security a bit more seriously.