11/29/2022 (written by isolis) – On the night of September 29, 2022, the international hacktivist group, Guacamaya, began leaking sensitive information and confidential documents from Mexico’s National Defense Department (Secretaría de la Defensa Nacional, Sedena). As its goal, the hacktivist group aims to target mining and oil companies within Latin America and has previously released stolen information from Latin American governments, including Guatemala, El Salvador, Peru, and Colombia. Guacamaya has been gradually releasing the 6,000 GB of stolen information detailing classified military reports, making this the largest hack in Mexican history. The four million leaked documents consist of confidential photos, videos, files, conversations, plans, and negotiations that reveal alarming information from across the branches of the Mexican government and military.
The Sedena Papers revealed sensitive information, such as corruption during the 2021 elections; the involvement of narcos in political campaigns, vote stealing, and vote purchasing were exposed. Animal Político reported that “at least 14 candidates for municipal presidents and deputies, of whom nine were winners in the 2021 election, were pointed out by Sedena for having possible links with organized crime groups in Morelos, Guerrero, and San Luis Potosí.” These reports have called into question the integrity of public elections and furthered speculation of public officials’ proximity to organized crime groups (OCGs).
The Guacamaya leaks also uncovered information detailing the collusion between high-level military officials and cartels. The information made available suggests that military officials exchanged weapons including hand grenades and other tactical equipment with drug trafficking organizations. A leaked Sedena document dated June 10, 2019, revealed that a soldier offered weapons, grenades, and information regarding armed forces operations to a drug trafficking cartel based in Tejupilco, State of Mexico.
More stolen Sedena emails reveal further information from a new drug cartel group founded by a former Mexican Marine, Carlos Enrique “El Marino” Martínez Cuesta. The Marine defected from his ranks to join the Sinaloa Cartel but left after in-fighting began within the cartel following the fall of Joaquin “El Chapo” Guzmán.” He then proceeded to create his own group in Colima. Martínez Cuesta’s group Los Exiliados (or “The Exiled Ones”) was mentioned in an email thread between a commander of the Mexican Army in Colima and a colleague from August 2022. The emails list Los Exiliados among cartels such as the Jalisco New Generation Cartel and Los Mezcales, blaming them for the recent rise in violence in Colima and Jalisco.
As reported by El Universal, the leaks indicate that Sedena monitored Ken Salazar, the current United States Ambassador to Mexico. Guacamaya reveals a series of Sedena internal reports detailing meetings, social media posts, and statements as well as recordings of Salazar’s conversations with various Mexican officials. According to El Universal, the former U.S. Ambassador to Mexico under former President Donal Trump, Christopher Landau, was also on Sedena’s radar. There were 25 reports on his activity between March 2019 and January 2021. U.S. officials have largely refrained from publicly commenting on the cyberattack in Mexico.
Mexican President Andrés Manuel López Obrador confirmed the cyberattack on Sedena by Guacamaya in a press conference on September 30, 2022. During the address, the President speculated that the hacktivists were a foreign threat, stating that “I understand that this same group has already done the same in other countries….that is why I think it is something that is managed from abroad, that it is not from Mexico.” (Author’s own translation.) (Original text: Tengo entendido de que este mismo grupo ya ha hecho lo mismo en otros países creo que en Colombia, en chile, por eso pienso que es algo que se maneja desde el extranjero. Que no es de México.) President López Obrador also confirmed the concerns regarding his personal health exposed by the leak, reassuring the public that he would be fine and would begin taking medication shortly. López Obrador continued by making a joke about the situation by requesting a section from the song, “Que no me quiso el Ejército” or “The Army Didn’t Love me” by Francisco José Hernández Mandujano (Chico Che).
Mexico’s military has not yet released a public statement over a month after the leak. General Sandoval was summoned to Congress by the National Defense Commission of the Chamber of Deputies but did not appear. Guacamaya continues to release information from the Sedena hack.
Sources
Franceschi-Bicchierai, Lorenzo. “Meet the environmental hacktivists trying to ‘sabotage’ mining companies.” VICE. August 16, 2022. https://www.vice.com/en/article/5d39j3/meet-the-environmental-hacktivists-trying-to-sabotage-mining-companies
Acevedo, Á. Carlos. “Amlo reconoce que está enfermo y con Riesgo de Infarto; Confirma Hackeo de Información a sedena.” Semanario ZETA. September 30, 2022 https://zetatijuana.com/2022/09/amlo-reconoce-que-esta-enfermo-y-con-riesgo-de-infarto-confirma-hackeo-de-informacion-a-sedena/
“Estado de salud del jefe del Ejecutivo es bueno. Conferencia presidente AMLO.” Andrés Manuel López Obrador, September 30 ,2022 . https://youtu.be/NxdDR1Nt6m8
Crail, Alejandra y Ramírez, Miriam. “Ken Salazar, con marcaje personal de la sedena.” El Universal.” October 5, 2022. https://www.eluniversal.com.mx/nacion/ken-salazar-con-marcaje-personal-de-la-sedena?utm_source=web&utm_medium=social_buttons&utm_campaign=social_sharing&utm_content=whatsapp
“#sedenaleaks Revela Corrupción militar: Venden Armas del Ejército a Criminales.” Mexicanos Contra la Corrupción y la Impunidad. October 8, 2022. https://contralacorrupcion.mx/sedenaleaks-revela-corrupcion-militar-venden-armas-del-ejercito-a-criminales/
Chaparro, Luis. “Leaked emails show Mexico’s military sold grenades to the cartels.” VICE. October 10, 2022. https://www.vice.com/en/article/v7vpzx/data-leak-mexico-military-sold-to-cartel
“Massive leak of military docs reveals Mexico Armed Cartels, surveilled journalists & zapatistas.” Democracy Now! October 12, 2022. https://www.democracynow.org/2022/10/12/mexico_military_drug_cartels_ayotzinapa_ministry
Camhaji, Elías. “White House on Mexico’s Defense Ministry Leaks: ‘all governments are vulnerable to being hacked.’” EL PAÍS English Edition. October 13, 2022. https://english.elpais.com/international/2022-10-13/white-house-on-mexicos-defense-ministry-leaks-all-governments-are-vulnerable-to-being-hacked.html
Político, R. A. “Huachicoleros Tejen red con policías, GN Y Funcionarios.” Animal Político. October 17, 2022 https://www.animalpolitico.com/2022/10/sedena-leaks-huachicoleros-red-policias-funcionarios
Newsroom, M. D. P. “Lopez Obrador declares that he supports general Sandoval all the way in his decision not to appear before Congress.” Mexico Daily Post. October 21, 2022. https://mexicodailypost.com/2022/10/21/lopez-obrador-declares-that-he-supports-general-sandoval-all-the-way-in-his-decision-not-to-appear-before-congress/
“Sedena leaks: Narco, robos y compra de votos los incidentes durante las elecciones 2021.” La Otra Opinión. October 24, 2022 https://laotraopinion.com.mx/sedena-leaks-narco-robos-y-compra-de-votos-los-incidentes-durante-las-elecciones-2021/
Chaparro, Luis.“A marine known as ‘el marino’ has allegedly started his own cartel.” VICE. October 27, 2022. https://www.vice.com/en/article/n7z9ad/a-marine-known-as-el-marino-has-allegedly-started-his-own-cartel
Anónimo. “‘Los exiliados’: El Nuevo Cártel Liderado por un ex Marino Que trabajó para “el mayo” zambada“. infobae. October 28, 2022 https://www.infobae.com/america/mexico/2022/10/28/los-exiliados-el-nuevo-cartel-liderado-por-un-ex-marino-que-trabajo-para-el-mayo-zambada/
Torres, Cuauhtemoc.“Amlo responds after hackers reveal his health issues. MundoNOW.” https://mundonow.com/en/hackers-uncover-amlos-health-issues/
GUACAMAYA. “Enlace Hacktivista” Retrieved November 8, 2022 https://enlacehacktivista.org/comunicado_guacamaya.txt