Why Mexican Cyber-Cartels Threaten U.S. National Security

cc Flickr Christiaan Colen, modified, https://flickr.com/photos/christiaancolen/33091154720/in/photolist-Sq9Pqm-U3k9Bz-UeUmQ4-UbjUVd-T1445t-SXwrDu-SXwrAU-UbjUTQ-TDYV4y-SWrekQ-UbjUZS-TDYVdw-UbjUZG-SWreno-SNGXHP-QHmqGN-2ihKDCf-TnKDZR-JEPWWJ-25cNM1x-UiV14d-2hes5hH-25cNQ96-WQErVx-Jq3gNn-29YrAcY-S2Kfr7-27ZVH5N-2aXfFqU-2bo1Juf-261pkzJ-UJPvB8-2gsbTBK-21aG5yM-WGca29-V4wAYs-22GFVxn-29j68qj-HKXdX6-2bDtUEm-23sazRY-21zefsR-XzG4e2-TDNAMg-2ebnxdx-2h6RJKn-M5guka-22BGWMi-2cUbDAu-HgQvcb

Mexican transnational criminal organizations (TCOs) are expanding into cybercrime to form “cyber-cartels,” which present unique threats to U.S. national security interests. Mexican drug cartels have already begun to use technology to further their business operations, including doxxing and surveillance software. Now, these new Mexican cyber-cartels strategically leverage technology to pursue profit, security, and influence in three main areas: cybercrime, dark web markets, and cryptocurrency.

This trend is particularly alarming given that Mexican TCOs already pose the greatest criminal drug threat to the United States, and narcotrafficking-related violence has embroiled a weak Mexican state into a security crisis. As the recent ransomware attack by a Russian cybercriminal group on Colonial Pipeline demonstrated, American critical infrastructure and private companies are also highly vulnerable to attack by non-state cybercriminal actors. It is urgent that the U.S. respond to TCO innovation and counter Mexican cyber-cartels by relying on comprehensive interagency cooperation and collaboration with international partners.


Cybercrime, the dark web, and cryptocurrencies

The democratization of internet access in Mexico has fueled the “cybercrime as a service” (CaaS) economy, in which criminals purchase hacking tools or services to carry out sophisticated cybercrime. Mexican cartels now use CaaS to acquire talent and buy exploit kits and network access. In 2018, the criminal group Bandidos Revolutions Team stole $15.2 million from five banks, carrying out the largest cyberattack in Mexican history. Bandidos leader Héctor Ortiz Solares recruited 20 hackers who developed ATM malware that took advantage of vulnerabilities in Mexico’s interbanking system to extract cash and make deposits to third party accounts. The Bandidos case exemplifies the fusion of transnational organized crime and cybercrime. This threat will likely accelerate as TCOs continue to diversify financial activities and exploit the rise of COVID-19-related cybercrime.

The dark web and cryptocurrency have also created opportunities for Mexican cartels to distribute drug shipments and launder money, particularly in response to COVID-19 lockdowns. The United Nations Office on Drugs and Crime has confirmed that Mexican TCOs are exploring the dark web to locate buyers for large-scale drug shipments on sites following in the footsteps of the now-defunct Silk Road, Alphabay, and Dream Market. Mexican cartels also utilize dark web markets to source synthetic opioids from China. The Sinaloa Cartel and Cártel Jalisco Nueva Generación use bitcoin to launder illicit funds. Overlapping interests in fentanyl production have also linked Mexican and Chinese TCOs with Chinese brokers laundering drug proceeds on behalf of cartels. In 2020, the US Justice Department indicted six Chinese individuals who allegedly used mobile banking apps and cryptocurrency to launder drug funds. The growing partnership between Mexican cartels and Chinese money launderers underscores the creativity of TCOs in employing cryptocurrency and foreign cash transfers in an era of heightened US-China tensions. Mexican and Chinese TCOs have taken advantage of Sino-US geopolitical competition to strengthen their collaboration, presumably without fear of investigation by China or the United States.


Toward a comprehensive US approach

To mitigate the rise of cyber-cartels, the US government should implement a comprehensive interagency approach to conducting threat assessments, including by convening a cyber-cartel working group within the National Cyber Investigative Joint Task Force led by the FBI with relevant stakeholders from the Departments of Defense, Treasury, and Homeland Security. This working group will share information about Mexican TCO cyber activity across agencies and will advise and train Mexican law enforcement on how to respond, particularly to hacking threats targeting banking institutions. US policymakers should be alerted to the potential transnational partnership between Chinese and Mexican TCOs and the working group should investigate the role of the Chinese state in co-opting or allowing these criminal elements to operate within its borders.

In tandem, the State Department should engage with the Chinese government to elevate drug-related money laundering as a shared priority and establish joint protocols for investigating illicit digital asset transfers. Lastly, Congress should increase funding to the Treasury’s Financial Crimes Enforcement Network to bolster its capacity to monitor suspicious transactions, in addition to dark market and cryptocurrency activity. A holistic framework that unites government stakeholders and partners with China and Mexico will equip the United States to outpace cyber-cartel innovation.


The views expressed in this article are those of the authors alone and do not necessarily reflect those of Geopoliticalmonitor.com

Back to Top


Lost your password?