A cyber attack against the General Directorate of Arms and Ammunition Control (Digecam), which occurred on April 7, allowed the theft of information from about 18 thousand users, explained Otto Rosito, director of the entity, during a summons to the Interior Commission of the Congress of the Republic.
This Tuesday, April 21, Digecam authorities said that the network infrastructure and internal systems were not compromised, since the attack was limited to the website.
Rosito indicated that the data presented corresponds to what was published on the page and that the estimated number of affected people is about 18 thousand users.
“What the attack was able to obtain is the detailed information on the page, more than that, and we have an estimated 18 thousand users,” he commented.
He added that the attack was attributed to a user who identifies himself as “Gordon Freeman”, who would also have led similar actions in other Latin American countries in the last 15 days.
“He—Gordon Freeman—takes credit for the attack carried out on the Digecam; he publicly does so,” he explained.
Digecam authorities do not know if it was a person or an organization that carried out the attack, but they believe that it originated abroad.
“Hackers have several ways of carrying out the attack, because they can be terrorists or soldiers of fortune,” explained Rosito.
Another hypothesis is that the attack was motivated by ego, to demonstrate that they could violate the institution’s systems; However, it will be the investigation that determines the causes.
He explained that they will not disclose information about technical vectors or specific vulnerabilities, so as not to facilitate new criminal actions.
Rosito confirmed that a complaint was filed with the Public Ministry (MP) and that technical analyzes continue to determine the scope of the incident.
He added that Digecam maintains its operations and continues to serve affected users. In addition, he indicated that the systems continue to function and have been reinforced.
No laws in Guatemala against cyber attacks
“The infiltration was done through the web portal, through a denial of service attack that lasted approximately 13 hours,” explained Julio César Taracena, commander of the Army Communications Brigade.
He commented that cyber attacks are transnational and there is a gap to criminally prosecute those responsible, because there is no law in Guatemala.
“Guatemala is part of those countries that do not have it; it is a security issue that concerns all Guatemalans, not just us—Army—,” he indicated.
Taracena said that the country’s cybersecurity is in charge of the cyber defense battalion and, according to the government agreement for its creation, its scope is limited to the Ministry of Defense.