Encrypted Messaging Apps Facilitating Cybercrime in Latin America
As Spanish- and Portuguese-speaking markets continue to drop off the Deep & Dark Web (DDW), criminals are migrating more and more to encrypted chat-services platforms for communication and commerce.
Markets operating in either language have been scarce and have been shutting down due to poor sales and/or management. Buyers and sellers who bypassed markets and used underground forums to meet, were finalizing negotiations or communicating directly instead over encrypted platforms.
While this is a stark contrast to operators in Eastern Europe and North America who still heavily trade on the DDW, criminals in Latin America prefer the convenience and relatively high levels of baseline security found in encrypted chat apps. Some of this is due to a relative lack of technological sophistication within the region.
Socioeconomic Reasons to Choose Chat over DDW
To fully understand the migration to chat services as it begins to replace the role of the DDW in Latin America, one must consider a number of factors. Mobile networking has a high adoption rate in the region, largely because of relatively low costs compared to computers, for example. Regional adoption of mobile apps for daily communication is also relatively high in the region, as is the availability and uptime of the major applications.
There’s also a perceived lack of law enforcement action affecting cybercrime in the region; Mexico, for example, has no formal cybercrime laws on its books. A 2017 IDG Connect article points out that Mexico, Argentina, Chile, Colombia, Paraguay, and Peru had yet to sign aboard the Budapest Convention on Cybercrime, the first international treaty addressing cybercrime, inaugurated in 2001. Despite hosting workshops and establishing CERTs in the region, countries have failed to ratify their participation in the convention or enact their own cybercrime laws.
The same holds somewhat true for Brazil, a Portuguese-speaking nation in Latin America. Despite an emerging economy and heavy investment in technology and connectivity, Brazil has also done relatively little to address cybercrime via legislation.
Portuguese-Speaking Communities Seeing Similar Trends
For many of the same reasons as other LatAm countries, there is also a limited presence of Portuguese-language communities on the DDW, many of whom have also flocked to encrypted chat applications for daily communication. Brazil has highest global daily use of messaging platforms. Last October, one of the few Portuguese-speaking markets in the region shut down and in a notice to its users, it said customers’ insistence on using a particular encrypted chat application for business as a big reason for the shutdown.
While for criminals there are numerous advantages to using encrypted chat for communication, it’s not an ideal platform for commerce. Unlike markets or forums where prospective buyers may be vetted and identities are verified, chat applications lack the same type of mechanism. In addition, there are no multisig wallets bringing added security to the use of cryptocurrency in transactions; also if cryptocurrency is used, there is no recommended or available cryptocurrency tumblers part and parcel to a chat app. In fact, in Latin American communities, cryptocurrency is often secondary to traditional payment processors, further indicating a lack of law enforcement oversight and the ability for criminals to choose convenience over security in these instances. Finally, many markets also offer buyers and sellers the ability to provide feedback or recourse for negative experiences, which is lacking on chat apps.
It appears that encrypted messaging applications serve two purposes within the Latin American cybercrime community. They serve as alternate communication channels to supplement DDW forums, and in some instances, they entirely replace DDW communications. Multiple threat actors choose to have Channels or Chats that serve a similar function of a room or thread, within a forum. Some actors will additionally choose to progressively share advertisements within a chat channel, similar to how one would advertise on a forum or marketplace. As a result, this migration to encrypted chat in Latin America figures to continue for the time being as these secure messaging applications continue to supersede DDW markets in the regions for criminals wishing to finalize transactions.
Ian W. Gray
Senior Intelligence Analyst
Ian W. Gray is a Senior Intelligence Analyst at Flashpoint, where he focuses on producing strategic and business risk intelligence reports on emerging cybercrime and hacktivist threats. Ian is a military reservist with extensive knowledge of the maritime domain and regional expertise on the Middle East, Europe, and South America. As a Veteran Volunteer, Ian supports The Homefront Foundation, a non-profit that helps veterans and first responders share their experiences through focused story-telling workshops. His insights and commentary have been featured in publications including Wired, Christian Science Monitor Passcode, ThreatPost, TechTarget, The Washington Examiner, Cyberscoop, The Diplomat, and others. He holds a bachelor’s degree in Middle Eastern Studies from Fordham University and a Master of International Affairs degree from Columbia University.