Mexico Struggling with Widespread Cyber Theft of Personal Data
The cyber theft of personal and business data in Mexico is reportedly increasing, illustrating the limited power that government institutions possess to counter the rapidly evolving and sizable cyber crime industry in the country.
Mexico has become a haven for the black market of stolen personal data of all kinds, reported Crónica. And the potential profits are considerable.
The former commissioner of the Mexican autonomous constitutional organism tasked with the protection of personal data (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales), Sigrid Arzt, said that "a medical file can be worth up to $10,000, because the information enables transactions to receive insurance, pension, impersonate someone and receive medical care."
Arzt also highlighted the widespread impunity with regards to cyber crime and blamed the absence of adequate legal tools and the lack of implementation of the existing laws.
Crónica also reported that the cyber theft is not the work of isolated hackers but that of criminal organizations. According to Sebastian Brenner, a security strategist for Symantec Latin America, these are "very well structured groups, with experts for every stage of the process: infiltration, capture, commercialization."
Brenner said that the data of an email account could be worth $30 while that of an internet gaming account could reach $3,000 -- an illustration of the variety of potential targets and prices -- and that these attacks, along with those targeting company networks, have been increasing in Mexico.
Moreover, cyber theft concerns not only a variety of possible targets, but also an array of potential buyers.
"At the lowest level are marketing enterprises...competitor firms and others specialized in creating new electronic systems for international markets; and organized crime in the worst cases, where information is used for theft, bribery, extortion and kidnapping," explained Issa Luna Pla, an investigator from the Legal Investigations Institute of the National Autonomous University of Mexico (Instituto de Investigaciones Jurídicas de la Universidad Nacional Autónoma de México).
The trend is troubling. What's more, the total cost for Mexico for cyber crime was an estimated $3 billion in 2012.
Mexico certainly needs to remedy the institutional deficiencies raised by Luna Pla: better legal frameworks and more efficient government mechanisms would obviously help. But institutional safeguards will not evolve as rapidly as the technology exploited by criminals. Most reports therefore advocate that private firms invest in more technological security, and that the government and others invest public awareness campaigns.
The other issue is that the barriers for entry into this business are so low that at this stage, the fight seems endless. There is no certainty, for example, as to what proportion of cyber crime is committed by criminal organizations in Mexico, nor significant details on the extent to which these groups are structured with a clear hierarchy. Laws need to change as quickly as techniques to go after these cyber criminals, no matter how structured they are.