Everything we know about the hacking of the Mexican government’s SICT

The SICT became the latest victim of a hack within the government of Mexican President Andrés Manuel López Obrador. The federal government secretariat in charge of highways and telecommunications networks in Mexico joined a long list of public administration agencies that have been victims of cyberattacks.

The Secretariat of Infrastructure, Communications and Transportation (SICT) announced on November 1 the suspension of deadlines and terms of various procedures and licenses of both the secretariat itself and the Federal Civil Aviation Agency between October 24 and December 31, 2022, “to safeguard the systems and information before the cybernetic incident in computer equipment at the service of this dependency”.

Ransomware

On October 24, the SICT He spread through his Twitter account that he had “activated the Homologated National Protocol for Cyber ​​Incident Management and Contingency Plan, in accordance with regulations, in order to contain possible vulnerabilities to information and data derived from illicit access to computer equipment. of the SICT”.

“The investigations are ongoing and according to the result, it will be reported and given to the corresponding authorities,” the agency concludes its message on social networks.

On October 27, the secretariat posted a message on its Twitter account in which it stated that “the person in charge of the #SICT office instructed the information technology area to, within the framework of the applicable regulations, carry out the necessary actions to safeguard the processing systems and restore them safely as soon as possible.

For Hiram Camarillo, a cybersecurity specialist at Seekurity, the information provided by the federal office suggests that the incident was a ransomware attack, that is, an attack that seeks to hijack the information and equipment of potential victims, with in order to demand a financial ransom in exchange for releasing the devices or not disclosing the stolen information.

According to Camarillo, a member of the technology team at the SICT assured him that “many computers had been compromised” and that the cyberattack was being investigated.

What is the SIT?

The SICT is one of the 19 secretariats and a ministry with which the Executive power of the Union counts for the “dispatch of matters of the administrative order”, in accordance with the Organic Law of the Federal Public Administration.

The mission of the SICT is “to promote safe, efficient and competitive transportation and communications systems, by strengthening the legal framework, defining public policies and designing strategies that contribute to the sustained growth of the economy and the balanced social development of the country.”

Some of the “issues” that Mexican law attributes to the SICT are:

• Formulate and conduct policies and programs for the development of communications and land and air transportation, according to the needs of the country;
• Prepare and conduct the telecommunications and radio broadcasting policies of the Federal Government;
• Grant concessions and permits to establish and operate air services in the national territory, promote, regulate and monitor their functioning and operation, as well as negotiate agreements for the provision of international air services;
• Regulate and monitor the administration of national airports, grant permits for the construction of private airports and monitor their operation;
• Manage the operation of traffic control services, as well as information and safety of air navigation;
• Build federal railways, yards and terminals for the establishment and operation of railways, and the technical supervision of their functioning and operation;
• Grant concessions and permits for the exploitation of motor transport services on federal highways and technically monitor their functioning and operation, as well as compliance with the respective legal provisions;
• Build and maintain federal roads and bridges, including international ones; as well as the federal motor transport stations and centrals;
• Build and preserve roads and bridges, in cooperation with the governments of the federal entities, with the municipalities and individuals;
• Build federal airports and cooperate with the governments of the States and the municipal authorities, in the construction and conservation of works of this kind;
• Grant concessions or permits to build the works that correspond to execute.

Just a year ago, what was then the Ministry of Communications and Transportation was renamed the Ministry of Infrastructure, Communications and Transportation (SICT) based on a proposal from the Federal Executive, which made it explicit in the title of the dependency that one of its attributions encompasses the national infrastructure.

critical infrastructures

Unlike the agreement that modifies the policies and provisions for the National Digital Strategy, in terms of information and communication technologies, and in information security, as well as the Administrative Manual of General Application in said matters, issued in January 2016 by the administration of Enrique Peña Nieto, the agreement by which the policies and provisions are issued to promote the use and exploitation of information technology, digital government, information and communication technologies, and the security of the information in the Federal Public Administration, issued in September 2021, by the AMLO administration, does not include a definition of what is critical infrastructure for the federal government.

For Alexei Pinal Ávila, Regional Sales Director of Nozomi Networks, a critical systems monitoring company whose clients include companies regulated by the SICT, the secretariat’s computer systems are one of the critical infrastructures of the Mexican State.

“Everything that belongs to or is administered by the government could be classified as a critical information system or a critical installation system. What makes a country work are the institutions, the government, and if those institutions lose their data or control over their facilities, then we citizens are the ones who suffer from the lack of those services,” Pinal said in an interview.

According to Nozomi’s manager, the SICT it is a common target for cyber attackers, who in this case were successful. With this cyberattack, the SICT joins the Ministry of National Defense (Sedena), the National Lottery, the Ministry of Economy, the National Insurance and Bonding Commission (CNSF) and the state oil company Pemex as one of the federal agencies that were victims of a cyberattack during the López Obrador administration.

Also the Public Function Secretary and the ISSSTE have experienced the exposure of databases with personal and sensitive information.

rodrigo.riquelme@eleconomista.mx

kg