Security issues in Latin America

Author: Martin Voelk
December 11, 2014

We have quite a few government and private industry customers in Latin America. We are used to the fact that Security is by far not as advanced as in the U.S. or Europe, but what we encountered recently in 3 different Latin American countries is scary. We won’t be mentioning the countries specifically as we do not want to provide any further details, but as we have a lot of readers from Latin America, this little post should serve as an eye opener.

Piracy Operating Systems

In many Latin American countries you can simply buy any Operating System such as Windows on a street market and many governments don’t have laws against this or don’t enforce it at all in Latin America. No one should do this but so many individuals and businesses do. The problem is that a lot of those cracked OS versions have built-in backdoors which automatically expose the machine on installation and people don’t realise it.

Windows XP

Despite Microsoft’s end of sale / support / patching of Windows XP, we found XP to be the most widely deployed OS in many Latin American countries. This is a hackers dream. High class remote and client side exploits are available and Microsoft won’t patch any more. Bad enough if private persons still use it, shocking that governments have it in use still.

The USB enforcement

Many of the countries in LATAM now try to move taxation duties online. Nice idea, but where is the security? One example is that business owners in certain countries in Latam have to go to the tax office with their report sheets in electronic format. You can guess where this is going….yes. They expect people to put it on a USB which the Admin ladies then plug into their Windows XP systems. That cries out for a client side exploit with auto-run enabled on Windows XP per default.

There are very few security companies operating in Latin America. IT Security is widely neglected. Everyone understands the need for physical security, CCTV, barbed wire etc. but when it comes to online security even governments fail on basic security. We try to play our partner in Consulting and making at least our customers more secure, but it’s a drop in the ocean, so we hope that if people from Latin America read this article they may take IT Security a bit more seriously.