June 4, 2013
Security News
Cyber-Mining in Mexico
Since the Spanish conquest, mining has figured prominently in the Mexican economy. While Canadian and other international investors continue extracting the riches of Mexico’s earth for the global market, other foreigners have seized on a 21st century form of mining as a new source of profit and power-data mining and trafficking.
This week, Mexican media re-exposed a massive black market in personal and financial data of Mexican residents with apparent tentacles in England, Argentina and the United  States. The Mexican city daily Reforma reported on the recent, successful  purchase of a list of 30 million registered voters for a price below $400.00.
According to the newspaper, the acquisition was made possible by writing to a Yahoo e-mail address that had been advertising for months the availability of “exclusive” and “important” Mexican data bases. The buyer was then put in contact with an individual identified only as “Jose Luis,” who said he divided his time between the U.S. and Argentina.
To prove his seriousness, “Jose Luis” then sent a sample of 100 listings each from different data bases and later instructed the potential buyer to deposit dollars in a Florida bank account in the name of Daniel Laniado Lazaro of Argentina.
Soon, an e-mail containing the magic links arrived to the purchaser. The data consisted of official Federal Electoral Institute (IFE) voter rolls, generally from 2012, for 15 Mexican states including Nuevo Leon, Colima, Nayarit, Aguascalientes, Quintana Roo,  Durango, Queretaro, Morelos, Coahuila, Sinaloa, Oaxaca, Tamaulipas, Michoacan, Puebla, and Guanajuato.
The shadowy Internet salesman offered a variety of other data bases for the cut-rate price of $200 each if the customer purchased four sets. Among the specials were the account numbers and personal data of  2,000,000 Banamex (Citi) clients, and the personal information and account numbers for 618,000 American Express credit card holders.
Interested buyers were informed of the availability of client data from the HSBC,  Bancomer and Santander banks; the Telmex phone monopoly and the Infinitum Internet service provider, both associated with Carlos Slim; the Axtel and Nextel cell phone companies; privatized Afores retirement accounts; and the Mexican Social Security Institute in the state of Mexico.    Separately, the Apro news service reported that the Yahoo e-mail address in addition to a similar Hotmail one were known to the authorities since at least September 2011.
While voter information is considered confidential under Mexican law, trafficking in personal information is likewise a violation of federal regulations.
Nonetheless, dubious or illegal data mining and trafficking has been periodically exposed in Mexico during the past decade. In 2003, the U.S. company ChoicePoint obtained the national IFE voter roll of the time, ostensibly by legal means from a private Mexican contractor for the IFE,  and in 2010 El Universal newspaper reported on the ease of obtaining the national motor vehicle registration list, the coveted IFE voter registration roll and other “products” in the Tepito neighborhood of Mexico City, a place where a buyer can reputedly purchase any item.
According to Apro, multiple complaints of massive breaches of personal information have been heard by different Mexican federal agencies during the past two years.
In May 2012, the Federal Institute for Information Access and Data Protection (IFAI) filed a legal complaint with the anti-organized crime unit of the federal attorney general’s office (PGR) against any parties responsible for selling data bases from England and Argentina. In the run-up to the legal action, the IFAI  held a series of meetings on the data trafficking matter with Mexico’s National Securities Commission in 2011 and 2012.
Last November, the National Commission for the Protection and Defense of Financial Services Customers filed a similar legal complaint with the PGR. In a statement this week, the IFAI said it did not know the status of the two legal cases pending with the PGR.
Although federal officials have been aware of a personal data security problem for some time, important information on Mexican citizens is still sold on the Internet. The data peddled in cyber-space could be useful not only to commercial hucksters, but also to individuals involved in a range of mischief encompassing election rigging, credit card fraud, phone cramming, and more.
“Despite the problem of kidnappings, extortions and insecurity in Mexico, the confidential data flows to the buyer without questioning,” Reforma observed.
Sources: El Diario de Juarez/Reforma, June 3, 2013. Proceso/Apro, June 3, 2013.  El Universal., April 21, 2010.
Frontera NorteSur: on-line, U.S.-Mexico border news Center for Latin American and Border Studies New Mexico State University Las Cruces, New Mexico
For a free electronic subscription email:[email protected]

Author: Editor

Share

Leave a Reply

Your email address will not be published.

*