Has the Government of El Salvador entered into agreements with the “maras”?

A few days ago, the Salvadoran newspaper El Faro reported that the country’s steep decline in homicides, hailed as the Government’s main achievement during Nayib Bukele’s little over a year-long leadership, was being called into question by a press investigation which claims the success can be attributed to a pact with the ‘mara’ Salvatrucha gang (MS13).

The newspaper published a report, citing official documents and statements from one of the gang’s leaders, which suggest the Government has been in negotiations with MS13 since June 2020, and that the pact would include electoral favours during the 2021 elections.

El Faro’s investigation indicates that negotiations between the Government and the “maras” include the groups’ commitment to back the current officialdom in the election next February. In return, the government has allegedly promised to repeal laws and weaken the maximum security regime in prisons if Bukele’s Nuevas Ideas party gains control of the Legislative Assembly and wins the right to choose the 84 MPs and 262 local governments.

Meanwhile, according to police data, between January the 1st and September the 2nd this year, there were 829 homicides in the country. This figure represents a reduction of approximately 56% on the 1,871 violent deaths recorded during the same period in 2019.

If this trend continues, El Salvador will close 2020 with around 1,200 homicides, representing a murder rate of 18 per 100,000 inhabitants, its lowest figure since 1994.

The “maras” have been declared a terrorist group by El Salvador’s Supreme Court. Therefore, as the evidence supporting the Government’s alleged dialogue with the group mounts and the voices denouncing these links gain credibility, the US State Department and the North-American Congress are becoming increasingly concerned.

Despite the investigative reports, El Salvador’s president, Nayib Bukele, denied his government had made a pact with the “mara” Salvatrucha (MS13) gang to reduce the number of assassinations in exchange for more beneficial custodial terms. Bukele pointed out that the same people who had previously accused the Government of violating the terrorists’ human rights were now accusing it of granting them privileges.

The president recalled the events of last April when the “maras” increased the daily average number of murders for several days. In response, the Salvadoran Government ordered the prisons to confine the “maras” to their cells 24 hours a day, fix metal plates to the bars of their cell doors to prevent them communicating with signals, and ensure gang members were mixed in their cells, regardless of whether they belonged to rival gangs.

However, according to the El Faro newspaper, the decision to mix different gang members in the same prison cell was later repealed following talks between government officials and the heads of the criminal organisations; an accusation denied by the Government.


Aquest apunt en català / Esta entrada en español / Post en français

More cyberattacks in the first six months of 2020 than in the whole of 2019

The profound changes brought about by the COVID-19 pandemic in relation to the growth of remote working, and increasing incidences of ransomware activity have been the two main drivers behind the increase in cyberattacks.

A report by the company CrowdStrike on the recent online threat level affecting its clients revealed more intrusion attempts during the first six months of this year than during the whole of 2019.

The cybersecurity service provider’s threat investigation team blocked some 41,000 possible intrusions between the 1st of January and the 30th of June this year, compared to 35,000 for the whole of last year. Incidents of intrusions involving malicious activity by a cybercriminal during the first six months of 2020, were 154% higher than the number of similar threats identified by CrowdStrike investigators in 2019.

Predictably, one of the major factors responsible for the increased threat activity was the rapid shift to remote work in response to the COVID-19 pandemic. This change significantly expanded the potential attack surface in many organisations, space which the cybercriminals were quick to exploit.

Another contributing factor was the growing availability of ransomware as a service (RaaS) and the consequent increase in the number of users able to carry out network attacks. There was a particularly marked increase in ransomware attacks which also involved the theft of sensitive data and subsequent attempts to extort victims by threatening to make it public.

Despite all the attention that cyber threat and espionage groups have recently garnered, the vast majority of the actual attacks blocked by CrowdStrike during the first six months of this year were financially motivated. In fact, 82% of the attacks detected by the investigators fell into the category of e-crime, compared to 69% in 2019.

As has been the case for some time, organisations in the financial, technology and telecommunications sectors were more active and better protected than organisations in most other sectors. Furthermore, CrowdStrike observed a dramatic increase in intrusion activity involving manufacturing companies.

Indeed, manufacturing was, during the first half of 2020, the second most frequently targeted industry after the technology sector. According to the company, the critical nature of most manufacturing operations and the valuable intellectual property and other data held by manufacturing companies in the sector make it an attractive target for both financially motivated attackers and other cybercriminals.

Other sectors that were increasingly targeted by cybercriminals included healthcare, the food and beverage industry, and academic institutions.


Aquest apunt en català / Esta entrada en español / Post en français

INTERPOL warns of the rising threat posed by cybercrime

369.-baixaIncidences of cybercrime are increasing at an alarming rate as a consequence of the COVID-19 pandemic, and a new report from INTERPOL predicts they will accelerate further.

The report explains how cybercriminals have been exploiting our growing and necessary reliance on digital technology during recent months. This includes a sudden shift to teleworking by many organisations, which has involved the deployment of often unsecured remote systems and networks.

Based on the information provided by its member countries, INTERPOL has concluded that during the pandemic there has been a particularly significant increase in malicious domains (22%), malware and ransomware (36%) and phishing scams (59%).

Threat actors have revised their usual online scams and phishing schemes to commit crimes that feed on people’s financial and health fears during the COVID-19 crisis.

The report has also revealed a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure which offer more substantial financial gains.

INTERPOL believes that cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19. The increased online dependency for people around the world is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date.

The report concludes that a further increase in cybercrime is highly likely in the near future. This is primarily due to vulnerabilities related to working from home, a continued focus on coronavirus-themed online scams and, when a COVID-19 vaccination becomes available, it is highly probable that there will be another spike in phishing related to these medical products.

According to the INTERPOL report, therefore, the COVID-19 pandemic is providing a wealth of opportunities for cybercriminals. In fact, many organisations could be at a greater risk of cyber attacks after turning to remote access solutions such as VPNs.

These remote access points may not be correctly configured or sufficiently secure because the remote computers may not have the latest technology installed. Furthermore, personnel may have had to use their own personal devices to work from home, which presents challenges from a security standpoint.


Aquest apunt en català / Esta entrada en español / Post en français

Ransomware, the other pandemic

368.-baixaWhile the whole world suffers the ravages of the COVID-19 pandemic, another virus, albeit one of a more technical nature, is wreaking havoc everywhere. Although this virus has been around for years, its cases have risen alarmingly in the past few months, and it can have severe consequences for critical activities and organisations such as hospitals, businesses and governments.

This virus is called ransomware. A scheme called No More Ransom is helping victims fight back without paying the hackers. No More Ransom is the first public-private partnership of its kind to help victims of ransomware recover their encrypted data without having to pay the ransom amount to cybercriminals. The initiative’s partners include Europol, Politie, Kaspersky and McAfee.

Since its launch, the No More Ransom decryption tool repository has registered over 4.2 million visitors from 188 countries and stopped an estimated $ 632 million in ransom demands from ending up in criminals’ pockets.

Powered by the contributions of its 163 partners, the portal has added 28 tools in the past year and can now decrypt 140 different types of ransomware infections. The portal is available in 36 languages.

To use it, simply go to the website nomoreransom.org and follow the Crypto Sheriff steps to help identify the ransomware strain affecting the device. If a solution is available, a link will be provided to download the decryption tool for free. No More Ransom goes a long way to help people impacted by ransomware, but there are still many types of ransomware out there without a fix.

Just like the coronavirus pandemic, prevention is better than cure, and fortunately, there are some preventative steps you can take to protect yourself:

  • Always keep a copy of your most important files somewhere else: in the cloud, on another offline drive, on a memory stick, or on another computer.
  • Use reliable and up-to-date anti-virus software.
  • Do not download programs from suspicious sources.
  • Do not open attachments in e-mails from unknown senders, even if they look important and credible.
  • And if you fall victim to a ransomware attack, do not pay the ransom.

We now need an innovative solution for those ransomware families not yet covered by the portal to help victims recover their files without giving in to the demands of the criminals.


Aquest apunt en català / Esta entrada en español / Post en français

Sexual offenders have increased their criminal activities during the COVID-19 pandemic

366.-baixaSince the start of the COVID-19 pandemic, the amount of sexual exploitation material shared has increased: online child abuse, sexual coercion and extortion of minors.

And minors were not exempt as we shifted from the real world to the virtual world: video calls to friends and family, interaction with social networks, online games, use of the internet for education and schooling. The more time they spend online, the more offenders are online, and the greater the exchange of material if they find new victims. Often, these victims are unaware they have been targeted through self-generated material; an area that represents a significant threat to children’s safety.

The current situation has provided sex offenders with the perfect opportunity to access a broader group of potential victims. The report published a few weeks ago by Europol analyses the increased sharing of child sexual exploitation images online and how to confront this serious threat to children’s safety.

The exchange of child abuse material is usually not motivated by financial gains, although offenders do pay for some forms of it, such as live distant child abuse. Through live streaming, offenders unable to travel due to corona restrictions can have children abused at their request.

The economic slow-down related to the COVID-19 pandemic may stimulate an increase in child abuse material produced within vulnerable communities for financial gain. And child abuse material content can also be disguised behind advertisements bringing criminals profits with a “pay per click” formula.

Society, including law enforcement, needs to focus even more on educating children and prevent them from becoming victims in the first place. The best weapon against sexual predators is to educate children to prevent the crimes. The harm resulting from being a victim of this crime is severe, and every time a picture or video is shared, this results in repeat victimisation.

Europol is monitoring the threat and provides continuous support to EU Member States and other law enforcement agencies to identify offenders and victims. The Europe-wide #SayNo campaign seeks to raise children’s awareness of the dangers of sharing explicit material online.

Europol coordinated an investigation in Italy involving more than 200 investigators. The operation, which took place in June 2020, was based on intelligence provided by Europol and directed by the Turin Prosecutor’s Office.

The investigation led to the arrest of 3 individuals, alongside the seizure of thousands of files. During the course of the investigation, the officers discovered that one of the suspects identified had been previously arrested for sexual abuse of children. The summary details the discovery of images and videos of sexual violence in which the victims were mainly babies, 6-year-old children and pre-teens.


Aquest apunt en català / Esta entrada en español / Post en français


El Salvador continues its precarious battle against the gangs

362.- baixaIn the midst of the COVID-19 pandemic, images of thousands of gang members stacked together by the government of El Salvador were broadcast around the world.

The country continues to be entrenched in its own war against gang members, especially those from the Mara Salvatrucha and 18 gangs. According to Osiris Luna, Deputy Minister of Security and the Director of Prisons, the State’s decision to integrate and confine members of the different criminal structures to the same cells is intended to create a shock effect among the gangs.

For two decades, incumbent governments have resorted to the prisons in an effort to give the appearance of winning the battle against gang violence. Let’s not forget that, according to official estimates, there are an estimated 60,000 active gang members in a country of fewer than 7 million people.

Furthermore, in 2018, the prisons reported that 44% of the prison population were understood to belong to a gang, accounting for about 17,400 of the 39,300 people being held in the country’s jails.

Previously, the penitentiary system segregated the members of rival gangs, assigning exclusive prisons to each group.

The initiative, seen by the gangs as a victory over the system, was successful in curtailing the number of riots and murders occurring inside prisons. However, it also served to consolidate the power and internal organisation of the criminal structures.

In 2016, the previous government took the first steps towards changing the system, but under the Bukele Administration, the reforms have been accelerated.

The potential consequences of the new prison policies are unpredictable. But it should also be understood that gangs like Mara Salvatrucha or MS-13 are formed by a conglomerate of programs and cliques with operational autonomy and, although a general command does exist, they do not always follow the same orders. In fact, there have been bloody disputes between members of the same gang. Nowadays, in El Salvador, talking about the MS-13 gang as a single homogeneous entity is somewhat misleading.

The other big gang, known as Barrio 18, also suffered internal conflicts in the middle of the last decade and split into two halves: the Sureños and the Revolucionarios.

Other smaller gangs include La Mirada, Locos 13 and Mao-Mao, which currently have about 300 of their active members imprisoned.

Another front to highlight is the so-called retirees; gang members who have left MS-13 or 18, mainly due to internal conflicts.

Although they are no longer considered to be gang members, there are around 3,000 of them in El Salvador’s prisons. And in 2004, they were allocated an exclusive prison facility in the city of Sonsonate.




Aquest apunt en català / Esta entrada en español / Post en français

Women and organised crime in Latin America

358.- baixaOrganised crime is one of the main problems faced by Latin America. This, according to the “Women in Organised Crime in Latin America: Beyond Victims and Victimisers” report commissioned by the Colombian Organised Crime Observatory.

Among its disruptive effects, the high levels of violence seen across the region are especially alarming. Since the 1990s, the opening-up of economies, in combination with the institutional weakness of the states and other social factors such as poverty and inequality, have favoured the growth of transnational criminal activities, including drug trafficking, arms trafficking, and migrant smuggling. As a result, Latin America has become the region with the fastest-growing criminal dynamics in the world.

Men have always been dominant in the different illegal economies, and a tendency to see criminal activities as a “man’s activity” has prevailed. Female participation in organised crime has largely been overlooked by academic analysis and public debate.

Due to the scarcity of information and data, investigations into this topic are limited although they have increased in the last decade. The relative invisibility of women in debates about organised crime stems from the general perception that they are appendices to male criminals, typically partners or sexual objects. Stereotypes of women as being dependent and weak reinforce the notion that they are incapable of making independent decisions regarding their participation in illegal activities.

Female participation in organised crime structures is not uniform. The diverse roles that women play in criminal economies allow us to characterise different types of participation forming a spectrum, which ranges from subordinates and victims to protagonists, leaders and perpetrators.

Despite the scarce systematic empirical evidence about the participation of women in organised crime, this investigation allows us to make some recommendations focused on prevention and attention for affected communities:

  • Strengthen statistical information systems related to organised crime and the participation of women in diverse criminal acts, both as victims and perpetrators.
  • Build strategies which account for the varied nature of the participation of women in organised crime economies.
  • Understand the factors that drive women to participate in illegal acts for preventive purposes.
  • Map out the multiple and varied roles women play in organised crime, including their role in other illegal economies like contraband and extortion.
  • Promote the empowerment of women, through collective initiatives which seek to give opportunities to those at risk of being recruited by organised crime.
  • Strengthen cooperation mechanisms, designed to help the victims of organised crime, between local, regional and national governments across Latin America.
  • Urge Latin American police and judicial bodies to apply a gender approach to their investigations.
  • Seek effective collaboration between social, economic and educational policy institutions to reorient those women specialised in certain roles within criminal economies towards legality.


Aquest apunt en català / Esta entrada en español / Post en français


Be careful with your mobile phone SIM

357.- baixaHow do criminals steal thousands of euros by hijacking mobile phone numbers? It’s a common story: the signal bars disappear from your mobile phone, and people call your phone number, but it doesn’t ring. You try to login to your bank account, but the password fails. You have become the newest victim of SIM swap fraud, and your phone number is now in the control of a criminal.

SIM swap fraud is committed when a fraudster dupes the victim’s mobile phone operator into porting the victim’s mobile number to a SIM in their possession. The fraudster then starts receiving any incoming calls and text messages, including the one-time banking passwords which are sent to the victim’s phone number.

The fraudster can then perform transactions, using information gathered through techniques like malware, and when the bank sends a one-time-password via SMS, the criminal receives it and completes the authorisation for the transaction.

Several law enforcement agencies in Europe -Austria, Spain and Romania- have carried out operations against this common denominator, considered by the authorities to be a growing threat. In Spain, the state authorities working in conjunction with Europol and the European Cybercrime Centre (EC3), arrested a group of 12 individuals who had managed to steal amounts of up to €137,000 from the bank accounts of several victims. The suspects were of Italian, Romanian, Colombian and Spanish nationality.

The modus operandi was simple, yet effective. The criminals managed to obtain victims’ online banking credentials with different banks by employing hacking techniques like banking trojans or other types of malware.

If you don’t want to be the next victim, here are some measures you can to take to protect yourself:

  • Keep your devices’ software up to date.
  • Do not click on links or download attachments that come with unexpected emails.
  • Do not reply to suspicious emails.
  • Limit the amount of personal data you share online.
  • Try to use two-factor authentication for your online services, rather than having an authentication code sent over SMS.
  • When possible, do not associate your phone number with sensitive online accounts.
  • Set up your own PIN to restrict access to the SIM card. Do not share this PIN with anyone.

If your phone loses reception suddenly for nor apparent reason:

  • Report the situation to your service provider.
  • If there are suspicious transactions in your bank account, contact the bank.
  • Immediately change all the passwords for your online accounts.
  • Keep all evidence, in case you need to contact the police.


Aquest apunt en català / Esta entrada en español / Post en français

How criminals exploit the COVID-19 crisis

352.- baixaA few weeks ago, Europol published a report on the types of criminal activities being used to exploit the COVID-19 crisis.

The current crisis, unprecedented in the history of the European Union, has seen the Member States enacting various lockdown measures, including travel restrictions and limitations to public life, to combat the spread of the virus. These measures are designed to support public health systems, safeguard the economy and to ensure public order and safety.

The EU has identified several factors which, as a result of the COVID-19 pandemic, have led to changes in crime and terrorism, and impacted on the internal security of the EU. They are as follows:

  • High demand for certain goods, protective gear and pharmaceutical products.
  • Decreased mobility and flow of people across and into the EU.
  • Limitations to public life will make some criminal activities less visible and displace them to home or online settings.
  • Citizens remain at home and are increasingly teleworking, relying on digital solutions.
  • Increased anxiety and fear that may create vulnerability to exploitation.
  • Decreased supply of certain illicit goods in the EU.

The global pandemic of COVID-19 is not only a serious health issue but also a serious cybersecurity risk. Criminals swiftly took advantage of the virus proliferation and are abusing the demand people have for information and supplies.

Criminals have used the COVID-19 crisis to carry out social engineering attacks, namely phishing emails through spam campaigns and more targeted attempts such as business email compromise (BEC).

There is a long list of cyber-attacks against organisations and individuals, including phishing campaigns that distribute malware via malicious links and attachments, and execute malware and ransomware attacks that aim to profit from the global health concern.

Information received from law enforcement partners strongly indicates increased online activity by those seeking child abuse material. Mostly because offenders expect children to be more vulnerable due to isolation, with less supervision and more online exposure.

During the coming months, it’s expected that the potential for financial damage to citizens, businesses and public organisations will increase. Criminals have also adapted investment scams to elicit speculative investments in stocks related to COVID-19 with promises of substantial profits.

And it’s highly likely that criminals will adapt fraud schemes in order to exploit the post-pandemic situation. Once again, the elderly are more likely to be vulnerable to scams. Fraudsters will seek to approach victims at home by pretending to be law enforcement or social/healthcare officials offering testing for COVID-19 in an attempt to enter homes and steal valuables.


Aquest apunt en català / Esta entrada en español / Post en français

The cybercrime virus

351. green-hoodie-thumbnailCybercriminals have been the most adept at trying to exploit the COVID-19 pandemic for the various scams and attacks they carry out. With a record number of potential victims staying at home and using online services across the European Union (EU) during the pandemic, the ways in which cybercriminals can exploit emerging opportunities and vulnerabilities have multiplied.

The document Catching the virus cybercrime, written by Europol in April 2020, summarises the following major threats posed by cybercrime:

  • The impact of the COVID-19 pandemic on cybercrime has been the most visible and striking compared to other criminal activities.
  • Criminals active in cybercrime have been able to adapt quickly and capitalise on the anxieties and fears of their victims.
  • Phishing and ransomware campaigns are being launched to exploit the current crisis and are expected to continue to increase in scope and scale.
  • Activity around the distribution of child sexual exploitation material online appears to be on the increase, based on a number of indicators. The dark web continues to host various platforms such as marketplaces and vendor shops to distribute illicit goods and services.
  • After an initial fluctuation in sales via the dark web at the beginning of the crisis in Europe, the situation stabilised throughout March 2020.
  • Vendors attempt to innovate by offering COVID-19 related products.
  • Demand and supply dynamics for some goods are likely to be affected.
  • Product scarcity occurs via distributors on the surface web.
  • Criminal organisations seek to exploit the public health crisis to make a profit or advance geopolitical interests.
  • Increased disinformation and misinformation around COVID-19 continues to proliferate around the world, with potentially harmful consequences for public health and effective crisis communication.

Ransomware has been the most dominant cybercrime threat over the last several years. The current crisis is unlikely to change that dynamic. The pandemic may multiply the damaging impact of a successful attack against certain institutions, which reinforces the necessity for effective cyber resilience.

The number of phishing attempts exploiting the crisis is expected to continue to increase. However, we also expect a greater number of inexperienced cybercriminals to deploy ransomware-as-a-service. Not all of these campaigns will result in successful attacks due to the lack of experience and technical skills of the criminals.

Offenders are likely to attempt to take advantage of emotionally vulnerable, isolated children through grooming and sexual coercion and extortion.

Children allowed greater unsupervised internet access will be increasingly vulnerable to exposure to offenders through online activity such as online gaming, the use of chat groups in apps, phishing attempts via email, unsolicited contact in social media and other means.


Aquest apunt en català / Esta entrada en español / Post en français