Chile, the Andes and cybersecurity

How this Latin American country is trying to join the digital revolution and succeed.

High on a hill in the middle of Santiago, Chile, you can see the Andes on the horizon and the mosaic of history at your feet.

From this hill, called Santa Lucia, waves of rulers and conquerors—from the Incans to the Spanish conquistadors—watched for enemies and prepared for attack. The result is a patchwork of defenses—stone walls, staircases, cannons and turrets from different eras—all designed to protect this 200-foot volcano remnant and its surrounding residents from advancing hordes. 

One hundred years ago, the collage of physical defenses might have kept them back. But now, the invaders are waging their attack through digital networks. And like the hill of Santa Lucia, Chile’s patchwork cyber defenses may not withstand the crush.

Some companies in Chile are moving to protect themselves, cybersecurity experts in Latin America say, but Chile itself—the government—is lagging behind.

“We have already suffered attacks from hacktivists like Anonymous, etcetera, and many conflicts with neighboring countries,” said Gabriel Bergel with cybersecurity companies ElevenPaths and Dreamlab Technologies. “In spite of the evidence that they have attacked us, we have not advanced much in this scope.”

No choice

In this country, with more smart phone subscriptions than its 17 million people and more than 70% Internet penetration, the digital world is as much a part of Chile as the Andes and Chilean wine.

“Given the actual situation, we don’t have much choice but to evolve in cybersecurity,” said Bergel, who lives in Santiago. “Unless we would prefer not to be on the Internet and not have a smart phone, and in reality that is not going happen.”

And it is evolving, he told Archer News, but in some cases not fast enough.

In February, hacktivists broke into the database of an agency of Chile’s Ministry of Social Development and stole the personal information of more than 300,000 citizens, according to Softpedia. They also posted a message on the agency’s site saying, “The way that the government protects the information of the people…” and telling the country’s president to “do something right” or resign. The hack reportedly went unnoticed for about two days.

Last year, activists took over the Chilean Ministry of Defense website and replaced the homepage with a page reading “Hacked,” “Sadam Husein” and “Sorry Admin Because Your Site Security is Low WE aRe ISIS,” according to Reuters.

Multiple news reports describe various Anonymous hacks on Chilean government sites in recent years, including a 2013 attack where hackers posted a 17-minute porn video on Chile’s Ministry of Agriculture page, reported Softpedia.

All this did not come without warning. Back in 2008, a hacker infiltrated Chile’s education ministry, electoral service and military systems and posted confidential data belonging to six million people, reported the BBC

The hacker left a message saying he wanted “to demonstrate how poorly protected the data in Chile is, and how nobody works to protect it,” according to USA Today.

Military

Chile’s military computer systems may have problems as well. Researchers from Dreamlab Technologies said they were able to access to a list of personal information, including home addresses, for people in the country’s air force, potentially leaving the military vulnerable.

“I don’t need to send you an army. Everything is on the Internet,” said Dreamlab’s Fabien Spychiger at the Center for Industrial Cybersecurity’s conference in Santiago this month. “I can do an attack on that person and I can check on their children, their family.”

Lacking a national strategy

A 2016 report on cybersecurity in Latin America said Chile lacks a national cybersecurity strategy and a central command and control structure.

Failing to protect a country’s computer systems can be costly—the Inter-American Development Bank and Organization of American States report said that the region overall, from South America to the Caribbean, loses about $90 billion year to cyber criminals.

The Chilean government may have a shortage of money and qualified personnel, said Bergel. Another factor, he added—constant government upheaval that can lead to dramatic staff and policy changes and a patchwork of cyber defense structure.

“It is difficult,” he said. “The government changes every four years, and many people change with it. They have to start over.”

“What we have to do is try to implement cybersecurity under this method of operation,“ he said. “Try to create a continuum that evolves and doesn’t start over every time the government changes or every time someone in an important role changes.”

Improving in cybersecurity

Still, experts say, Chile is improving in cybersecurity, and has surpassed many other countries in Latin America. The IDB-OAS report gave Chile praise for government awareness of the issues and work toward shaping a better future, as well as the country’s laws that help prosecute cyber criminals who are stealing people’s money through phishing, hacking and malware.

It said the government has updated security technology for its infrastructure and is carrying out education campaigns for the public to make them more aware of safety and privacy on the Internet.

A 2015 Trend Micro report said Chile is one of the few Latin American countries that is increasing its cybersecurity budget over past years.

And the country is working to develop its high-tech industry, according to the IDB-OAS report.

“The Startup Chile program, managed by the Chilean Economic Development Agency via InnovaChile, is helping to transform Chile into an innovation and entrepreneurship hub in Latin America,” the report said. “This accelerator program seeks to attract early stage, high-potential entrepreneurs in Chile, using it as a platform to go global.”

Moving forward

Chile’s government launched a plan to create a National Policy on Cybersecurity and just released the results of its call for public input in April.

Gabriel Zamorano Seguel of Chile’s Superintendence of Servicios Sanitarios warned that cyber attacks could affect people’s drinking water, saying attackers could hit not just water service databases, but also operations equipment for water treatment and sewage.

He said cyber attackers have already gone after Chilean water companies twice, both times in 2013, in one case reportedly taking over control devices that supplied drinking water to parts of a city and stopping and starting the water flow.

Other commenters asked for more cybersecurity training for public officials, requirements for companies to report data breaches, and laws to protect people’s private information. There is no HIPAA law in Chile, so medical organizations are not required to safeguard people’s medical records like they are in the U.S.

“Today as a country we very much need—and it is best to require—public and private companies to have a minimum safety certification to operate with sensitive data and highly sensitive of Chilean citizens,” said José Luis Escobar Cornejo with Walmart in Chile.

Others asked for the policy to address human rights and privacy as well, so citizens are not abused. They requested fines or punishments for companies and organizations that do not comply. And they asked for Chile’s cybersecurity standards to match those of countries like the U.S. and Japan.

Some said the national policy, when it comes together, will be an important step forward.

“(It is) an initiative that we believe is timely and critically important to increase the security of the Chilean online ecosystem and likely to result in greater economic opportunity for the country,” wrote Sebastian Palacios of Microsoft Chile.

Falling for phishing

As the government moves forward in cybersecurity, the people of Chile may need to follow suit. The IDB-OAS report said cyber crime in Latin America has gone up 40%.

“In reality, people still fall for phishing a lot,” said Bergel. “It’s incredible.”

“There is one phishing e-mail in particular that asks you for 40 numbers from a certain card. The person may spend half an hour writing out the numbers. And they still believe in it,” he said.

 The increase in crime may also lead to an increase in cyber defense at all levels, according to Bergel.

“Thank to hacktivists, like Anonymous and LulzSec, and things that have happened, like WikiLeaks and Snowden, it is making the average person more conscientious of what is really happening, so they can protect their information,” he said. Companies and government are reacting as well.

“Implementing policy, or investing in technology so that they don’t become part of the statistic of vulnerable organizations,” explained Bergel.

Chile connected

The Andes, more than 4,000 miles long and at points more than 20,000 feet high, once isolated Chile from its neighbors. It was a feat to cross—one army lost a third of its men along the way. Now millions of bits of data cross every second.

As the world becomes more connected, there may be more need for every country to have stronger cyber defenses and savvier citizens.

“It is necessary because of globalization,” Bergel said. “We are every day more connected and we depend more on technology. This dependence on technology makes us need to evolve cybersecurity. If not, with the dependence on technology, it will be dangerous for us.”

Standing on the hill of Santa Lucia, the city of Santiago spreads out before you, with traffic lights, banks, water, power plants, and the six million people living here now relying on the digital world to move and thrive.

“There are really serious reasons for which we need to change,” he added. ”People’s lives are at stake.”