The People’s Republic of China’s recently stated plans to invest $250 billion in Latin America over the next 10 years will likely have cyber security implications for U.S. private sector entities operating in the region. Such implications may include increased targeted intrusion attempts by China-linked cyber espionage actors, as well as the possibility of increased hacktivism by Latin America-focused groups. An influx of capital and the potential subsequent increase in business may prompt cyber criminal groups to turn greater attention to the region, attempting to compromise personally identifiable information or other data from companies to facilitate fraud and extortion-related cyber operations.
Context
Foreign Direct Investment (FDI) to Latin American countries is currently dominated by Europe and the US, but China’s intensifying economic and political influence in Latin America is likely to result in increased regional Chinese influence over the next decade. In addition to direct investment, Beijing will also collaborate with Latin American governments and companies in a number of key industries, all likely part of a broader strategic investment plan for Latin America intended to strengthen China’s economic status and increase its geopolitical influence.
In 2014, the Netherlands comprised 20% of FDI to Latin America, followed by the U.S. (17%), and Spain (10%); FDI from China amounted to less than 6%. While the gross amount of FDI in the region decreased overall in 2014, the percentage of that total attributed to China grew, according to the Council on Foreign Relations. Since 2005, China has provided loan commitments totaling over US$100 billion to Latin American countries. While Chinese loans often come with oil sale agreements and, in some cases, agreements to purchase equipment from Chinese entities, the lenders to not impose policy stipulations. Agreements like this tend to work out favorably for Central and South American nations, especially those with ample stores of natural resources and oil, such as Venezuela and Brazil.
China’s pledge of US$250 billion through a number of programs, most notably the China-Latin America and Caribbean Countries Cooperation Plan (2015-2019), denotes an increase of over 150% in loan commitments during the last decade. If the current annual US FDI in Latin America (approximately US$27.2 billion) continues over the next 10 years, the anticipated average annual FDI will be roughly equivalent to that of China (US$25 billion). As part of the Cooperation Plan, the Chinese Government in 2014 proposed a “three by three” joint construction model regarding the logistics, energy, and information technology sectors, as well as the broadening of three financing channels – funds, credits and insurance. National representatives reportedly will also enact cooperative strategies between China and Latin American governments on cyber-related issues.
China will likely be keen on securing future infrastructure and natural resource contracts that the South American region has to offer. The 12th iteration of China’s 5 year plans – the CCP’s bi-decade strategic socio-economic roadmap – has prioritized advances and acquisitions of natural resources such as new energy and minerals. The next set of plans will likely continue to emphasize these objectives as well. While China already has some notable mineral and energy contracts in the region with Ecuador, Venezuela, and Brazil, Chinese organizations will probably be keen on securing similar, and possibly additional, agreements in the near future.
Cyber Espionage
China’s cyber espionage activities historically have been oriented towards gaining an advantage over competitors in key investment and industrial ventures, a strategy which is likely to continue in support of its Latin America expansion. Beijing’s economic decisions are oriented towards the preservation of the Chinese Communist Party (CCP), which is judged by cultural and political analysts to be bound up in a neo-Confucianist concept of a “harmonious society”, in which continued economic balance is integral. Essential to this balance is the maintenance of a robust economic stature and geopolitical posture.
China-linked computer network exploitation operators are widely judged to be among the most sophisticated in the world. Targeted intrusion activities include spear phishing, strategic website compromises (aka watering hole operations), as well as various forms of social networking reconnaissance and penetration. Security researchers and government officials have strong suspicions that Chinese actors have targeted the US private sector extensively in the past for corporate espionage, perhaps aptly demonstrated in the spring 2014 Department of Justice indictment which charged five individuals linked to the People’s Liberation Army (PLA) of conducting corporate espionage and intellectual property theft against US corporations.
As Chinese government and industry entities continue to bolster trade agreements, investments, infrastructure contracts, and research projects with Latin America, Chinese entities may perceive certain, but not all, parallel US activity in the region as threatening to aspects of the basis of their existence, prompting cyber espionage activities against public and private sector entities operating in the region in order to gain a completive edge.
Regional Hacktivism
The perceived economic and political effects of increased Chinese investment in the LATAM region may also rouse regional hacktivist activity prompted by social issues like unemployment and poverty, and anti-establishment causes such as perceived corporate/government corruption. In countries with notable domestic social and economic struggles—such as Brazil, Venezuela, Argentina, and Colombia—hacktivists have demonstrated a tendency to target government and commercial entities perceived to be contributing to less-than-favorable socio-economic conditions.
Most Latin American hacktivists adopt personas associated with the Anonymous hacking collective and operate on a vigilante social justice and/or an anti-establishment ideology. These actors and groups commit (or claim to commit) both legitimate and illegitimate cyber activities often congruous with socio-political issues typically centered on Latin American countries. An influx of foreign influence and worker presence in Latin American countries, plus high-profile infrastructure and business projects stemming from Chinese investments, may encourage regional hacktivists to target government and private sector entities operating in Latin America. Hacktivists who typically target Latin American entities usually conduct distributed denial of service (DDoS) operations, website defacements, and data leaks from websites with moderate-low computer network security.
In addition to hacktivist targeting of government entities in LATAM, hacktivists in the region also have been observed targeting foreign companies based on issues that transcend regional struggles, such as broader human rights and corruption allegations. Typical triggers for hacktivist activity in LATAM include social issues like unemployment and poverty, anti-establishment causes such as perceived corporate/government corruption, increased foreign influence and worker presence in LATAM countries.
For example, last year, media reports indicated that Peru-based hacktivists associated with LulzSecPeru leaked Peruvian government documents which contained sensitive government-corporate communications between domestic oil and fishing industry leaders. In 2012, the group also defaced the website of the Peru-based Antamina copper mine. Also in 2014, in support of the hacktivist campaign #OpIsrael, Latin American hacktivists from a number of nations participated in DDoS operations against several Israeli banks, according to news reports.
Cyber Criminal
Of course, an increase in the flow of capital and business ventures presents a larger and more attractive surface area for financially motivated malicious cyber actors. Regional and extra-regional cybercrime gangs may take increased interest in focusing data theft operations against corporations conducting business in the region.
Outlook
Given the significant presence of U.S. corporations and organizations in Latin America, the possibility exists that Chinese state-sponsored computer network operators may attempt to conduct targeted intrusion operations against U.S.-based entities operating region in an effort to glean sensitive information to procure a strategic information advantage for economic and policy decisions during China’s Latin American expansion. The U.S. has the largest foreign financial institution presence in Latin America and is a natural repository of sensitive investment and trade information. In addition, the U.S. and China continue to be the top import-export partners for many nations in the region, as well key sources of foreign investment. As certain Chinese threat actors are known to have notable levels of sophistication, the capability of such actors, coupled with the possibility of future intent to target U.S. entities operating in the region, may pose a significant threat to certain sectors operating in a number of Latin American nations in the future.
An an influx of Chinese investment related to corporate and government activities may also trigger increased malicious hacktivist activities, which could be directed at foreign-based entities which have a presence in Latin America. Most regionally-based hacktivists display a relative lack of sophistication, rendering malicious efforts against well-defended networks ineffective. Additionally, the increase in business that will ostensibly be created by the infusion of capital into the region may make entities operating in Latin America appear more lucrative to cyber criminals hoping to illegitimately capitalize on the region’s increase in transactions, both corporate and personal.
The private sector should remain aware of these potential implications, and begin to enact policy and protocol measures to adequately harden their networks in order to maintain and ideal security environment in order to minimize the risk of sensitive information theft and computer network disruptions.
