W7y8w3

colombiaHacking information on the peace talks in ColombiaColnodoAriel Barbosa (with the collaboration of Olga Paz)www.colnodo.apc.orgIntroductionColombia is a country with one of the highest internetpenetration rates in Latin America. This is dueto governmental policies and high investment fromthe private sector, aimed at opening and consolidatingnew markets.One of the most recognised ministries in thecurrent government, based on its initiatives andsuccess, is the Ministry of ICTs. One of its leadinginitiatives is the Vive Digital Programme, whichaims to expand not only ICT infrastructure but alsothe demand for internet services in the country. Oneof the outcomes of this strategy is that Colombiahas more mobile phones than inhabitants and morethan 60% of the population are internet users.Although there has been great progress in providinginternet access, services, applications andcontent, the country is still behind in defining adequatepolicies in order to strike the right balancebetween state surveillance and the right to privacyof citizens. Many recent cases have demonstratedthe lack of effective policies and regulationscontrolling information and data storage, and appropriatepenalties in cases where information hasbeen illegally disclosed and obtained from citizensand public servants. Some of these cases are: the“chuzadas” 1 (particularly phone hacking) carriedout by the former Security Administrative Department(DAS); Operation Andromeda; the hacking ofphones and computers of participants in the agrarianstrike of 2013; and, most recently, the hackingof phones and computers to sabotage the recentpresidential election campaign.Faced with these events, which caused greatconcern among the public, the government decidedto draft a cyber security and cyber defence policy.The first step taken was to seek the technical assistanceof the Organization of American States (OAS),which recommended the inclusion of civil society indefining the policy. However, the complete text of1 “Chuzada” is a term used in Colombia when someone secretly tapsa phone line without consent.the policy has not been disclosed to the public andthere is growing fear that it will only be disclosedwhen finalised, without the participation of civilsociety, which would help prevent imbalances betweencitizen rights and state surveillance.Policies and regulation on cyber securityand cyber defenceIn comparison to other countries in the region, Colombiahas made great progress in its technologicaland technical capacity, closing the gap with developedcountries. However, regarding institutionalcoordination and operations there is still much tobe done in terms of design and implementation.One of the first policies outlining the guidelinesfor cyber security and cyber defence dates from 14July 2011 (National Council for Economic and SocialPolicy – CONPES 3701). 2 This policy includesthe national and international background, andspells out the regulations in the country regardingthese issues. Based on this policy, the Cyber JointCommand, the Cyber Police Centre, the ColombianInformation Security Coordination Centre (CSIRT)and the Response Group for Cyber Incidents in Colombiawere created. These entities work togetherwith the Army Technical Intelligence Central (Citec)and the Police Intelligence Directorate (Dipol).Following the first state phone hacking scandal,known as “chuzadas” and carried out by the DAS,the national government closed DAS and passedthe Intelligence Bill, which became law on 17 April2013.This law was put to the test following a secondscandal known as “Andromeda”, which revealed thefailures in enforcing the law, mainly by members ofthe army who over several months spied illegallyon civil servants and important public figures. In2014, the government began to draft the cyber defenceand cyber security policies, a process in whichseveral civil society organisations (among themColnodo) asked to be involved – as recommendedby the OAS.2 www.mintic.gov.co/portal/604/articles-3510_documento.pdf“Buggly”, the “Ethical Hacking Community” centre where the Andromeda operation was carried out. photo: eltiempo.comPeace talks in ColombiaSince the 1950s at least three generations of Colombianshave endured an internal conflict in thecountry caused by the huge inequality in the distributionof wealth – a conflict whose main actors havebeen different guerrilla groups and the country’sarmed forces.In October 2012, President Juan Manuel Santosconfirmed that the government was holding peacetalks with FARC, the largest guerrilla group in thecountry, and the oldest in the world. The news wasreceived both with optimism and scepticism giventhe failed attempts at peace talks in the past withthe same guerrilla group during former presidentAndrés Pastrana’s administration (one of the mostinfamous incidents during those talks, which tookplace in January 1999, is known as “the emptychair”, referring to the absence of the FARC commander,Manuel Marulanda). 3This cycle of internal conflict and failed peacetalks allowed intelligence agencies free rein,and some of their activities have not been fullyidentified.Andromeda, a front for illegal surveillanceof the peace talksThe distrust surrounding the peace talks wasconfirmed when on 3 February 2014, the weeklymagazine Semana, which has one of the highestcirculations in the country, published an article3 es.wikipedia.org/wiki/Di%C3%A1logos_de_paz_entre_el_gobierno_Pastrana_y_las_FARCexposing “a military intelligence front where not allactivities were legal” 4 that started operating onemonth before President Santos initiated the newpeace talks. The investigation revealed how the militaryintelligence set up a front for their operations,and used this as a base to illegally surveil membersof the government and public figures involved in thepeace talks.The surveillance base was located in a buildingin a residential neighbourhood in Bogota. Onthe second floor, above a restaurant on the groundfloor, there was a so-called “Ethical Hacking Community”centre, offering courses on website designand information security and publications on how tospy on a chat site and how to create and detect webattacks, among others.This centre had been legally opened and wasregistered in the Bogota Chamber of Commerceon 12 September 2012. Semana’s investigationrevealed a series of illegal phone and computerhackings carried out by members of the nationalarmy, and a military hacking information centre locatedin a room known as the “Grey Room”. 5The name of this secret operation was “Andromeda”,and an official from the Number OneArmy Technical Intelligence Battalion (Bitec-1) wasin charge of the operation. This battalion is part ofCitec, recognised for its success in fighting the FARCby infiltrating their communications – in the past4 www.semana.com/nacion/articulo/alguien-espio-losnegociadores-de-la-habana/376076-35 www.semana.com//nacion/articulo/la-sala-desde-donde-sehacian-las-chuzadas-del-ejercito/376079-3110 / Global Information Society Watch colombia / 111