Top South America hackers rattle Peru's Cabinet
LIMA, Peru (AP) — The Peruvian hackers have broken into military, police, and other sensitive government networks in Argentina, Colombia, Chile, Venezuela, defacing websites and extracting sensitive data to strut their programming prowess and make political points.
Now the team calling itself LulzSecPeru has created a national political uproar.
Emails the hackers stole from the Peruvian Council of Ministers' network and dumped online last month fueled accusations that top Cabinet ministers have acted more like industry lobbyists than public servants. That helped precipitate a no-confidence vote last week that the Cabinet barely survived.
The hackers, who describe themselves as two young men, are a homegrown version of the U.S. and U.K-based LulzSec "black hat" hacker collective that has attacked the Church of Scientology and agitated on behalf of the WikiLeaks online secret-spillers and Occupy Wall Street.
A lot of "hacktivism" out of the United States and western Europe has waned or been driven underground by police pressure and arrests, said Gabriella Coleman, an anthropologist at McGill University, in Montreal, Canada, who has studied the phenomenon.
"The hackers in Latin America, however, never really stopped," Coleman said.
LulzSecPeru is widely considered the region's most accomplished hacktivist team, said Camilo Galdos, a Peruvian digital security expert. Until now, their signature exploit was hijacking the Twitter accounts of Venezuela's president and ruling socialist party during elections last year.
Nothing they'd done, however, had the impact of the online dump of an estimated 3,500 emails from the account of then-Prime Minister Rene Cornejo, dating from February to July. "Happy Hunting!" the hackers wrote when they linked to the upload destination.
The prime minister who had just succeeded Cornejo, Ana Jara, said some of the purloined emails may have concerned matters of "national defense."
But what reporters found instead was evidence of the inside influence of Peru's fishing and oil industry lobbies, putting the country's energy and finance ministers in the hot seat.
In one missive, a fishing industry executive asked the finance minister if the anchoveta season can be extended. She later got her wish.
The energy minister, in a testy email exchange, impatiently dismissed objections by the environment minister to his coziness with an Australian oil company with offshore concessions. Oil industry technicians — not regulators — are best qualified to deem whether environmental impact studies are necessary for exploratory seismic testing, he said.
The revelations helped prompt a "no confidence" vote in Congress that came within one vote of forcing the entire Cabinet to resign.
The "CornejoLeaks" spectacle, as the press dubbed it, delighted the hackers.
"We're mixed up in everything. "There is no limit to the hacking." one of the duo, who goes by the nickname Cyber-Rat, boasted in an encrypted online chat with The Associated Press, which reached him through the Twitter account where the team announces its hacks.
Cyber-Rat said he's 17 and will quit before becoming an adult to avoid landing in prison. He handles the social networking, cultivates the Anonymous activists who help publicize LulzSecPeru's hacks and admits to "a tendency toward narcissism." His partner goes by Desh501, says he is between 19 and 23 and a university student.
Desh is the technical whiz, and more reserved.
"I'm very private. I don't have hacker friends in person, only virtually," Desh typed.
Both say they are autodidacts. Cyber-Rat said he started programming at age 8; Desh at age 6.
Cyber-Rat said their hacking is "a quest for (the) ecstasy of doing something unprecedented," shaming administrators who claim their networks are bulletproof.
Desh said he is motivated by reached him through the Twitter account where the team publicizes its hacks, to "1. the abuse of power. 2. the lack of transparency."
Some of their hacks are clearly political. They defaced the website of the Peru-based Antamina copper mine in 2012 after the multinational consortium's slurry pipeline burst, sickening dozens.
And they defaced the Venezuelan ruling party's website again in February in support of anti-government protesters, entering through one of the backdoors they say they secretly leave in networks they penetrate.
Desh said they also retain access to the Chilean Air Force network, from which they extracted the published sensitive documents on arms purchases. They called last month's action payback for Chile's spying on Peru's air force in a case uncovered in 2009.
The hackers, who provided as credentials documents they said they obtained in one of their Venezuela hacks, said they neither enrich themselves nor do damage with their exploits
But many believe LulzSecPeru did do harm when it accessed the network of the company that manages Peru's top-level internet domain. In October 2012, it dumped online a database of thousands of names, phone numbers, email addresses and passwords. The affected sites included banks, security companies, Google — every domain ending with ".pe"
Desh said Rat did so without consulting him. "I almost killed him that day."
A company representative, leading Peruvian Internet activist Erick Iriarte, said the hack occurred well before the upload — six weeks earlier, according to Desh — and customers were notified in time to change their passwords.
Across Latin America, government-run networks are generally regarded as insecure and untrustworthy. A surprising number of senior officials use private email services instead.
Peruvian authorities call LulzSecPeru "cyber-pirates" and say they could face up to eight years in prison under Peru's new computer crimes statute.
But they first must be caught, and independent security experts say Peru's cyberpolice are outmatched. LulzSecPeru's first claim to fame was penetrating the Peruvian cyberpolice network in early 2012. It claims it still has hidden backdoor access.
The unit's commander, Col. Carlos Salvatierra, would not discuss details of the LulzSecPeru investigation but said it includes "permanent coordination" with other affected governments and has been ongoing for months.
LulzSec as a name derives from "lulz" — a variant of LOL (laughing out loud) that evokes the mischievous bliss of hackers who expose sloppy security ("sec"). And there is little greater 'lulz' for the pair than mocking to their 30,300 Twitter followers the technology chief for Peru's Council of Ministers, who is also president of the Lima chapter of the country's top cybersecurity group.
Security experts have also asked why the official has not appeared in public to explain how his network was violated.
Desh said it took a month to get inside the Cabinet's system.
He said he then routed a carbon copy of all traffic for nearly a month to an external server, capturing Cornejo's email password in the process. Desh said Cornejo's Gmail account was linked to the ex-premier's official email account and that he accessed a mirror of it on the network.
Rat said the hackers are staying away from the Council of Ministers' network for now. He said it now has "honey pots" — traps set to try to ensnare them.
The two say they are confident they cover their tracks sufficiently. And they said they don't tempt fate, keeping U.S. government networks off their target list because they don't want the FBI pursuing them.
"I don't worry that much, though I don't rule out the option that they will trap me," said Desh.
"Nobody is invincible."
Frank Bajak on Twitter: http://www.twitter.com/fbajak