Guacamaya

Introduction and Overview

Guacamaya is an environmentalist hacktivist group, presumed to be based in Latin America, that publicly emerged in early 2022. Little is known about the group other than their motivations. Through several manifestos and interviews, members of the group have expressed that their goal is to resist imperialism, colonialism, and oppression in Latin America, with the ultimate goal of preventing environmental degradation in the region. The word ‘Guacamaya’ is the Mayan word for ‘macaw’, a bird native to Central and South America. The group also refers to the region they are fighting for as Abya Yala, which is an indigenous word for the American continent (Richard). In one of their manifestos, Guacamaya specifically refers to Abya Yala as including the land between Mexico and Patagonia (Guacamaya). Due to the language and terminology used by the group, it is assumed that the hackers who make up this collective are of indigenous origins, or at least sympathetic to the various causes of indigenous people in the region, if not a combination of both. Although it is also not known where in Latin America the group is based, it is very possible that the collective is made up of members who are spread across the region.

History & Foundations

Guacamaya’s history is very young; the group has only been publicly known in its current form since 2022. Their activities were first made public after the group hacked a number of oil and mining companies in Central and South America. During these hacks, Guacamaya released emails sent by the companies they had targeted as well as several governments that had also been breached during the group’s hacking campaign. According to the group, the point of these attacks was to expose the connection between governments in the region and corporations that are exploiting the land for its natural resources (Biccherai).

Much of the group's origins and the conditions that led to their formation can be found in their manifestos. In these documents, the group discusses the progression of European colonialism starting in 1492 and continuing to the modern day with a global hegemonic order controlled by the United States. They explain how, from their perspective, the current states of “Abya Yala” are controlled by governments that were either directly put in place by the United States or at the very least are complicit in furthering the world order imposed by the ‘Global North’. In their view, the Global North, led by the United States, exploits the people and resources of the Global South in order to further their capitalistic development. Crucially, however, the group believes that this development is simultaneously destroying the world’s environment – and hence their environmental convictions and objectives (Guacamaya). In this sense, the history and foundations of Guacamaya can be viewed in the broader context of indigenous struggles in Latin America against colonial governments, U.S. imperialism, and the neo-liberal world order.

Objectives & Ideology

As previously stated, the ideology of Guacamaya falls along anti-imperialist, pro-indigenous, and environmentalist lines. As a result of this, the group’s objectives have taken aim against the entire social order of Latin America. Through their efforts, they hope to disrupt the nation-states that rule over the region and what they view as the oppressive systems and institutions they have created in order to maintain their control. Most recently, this has primarily involved targeting militaries and police forces in the region. The group views these militarised institutions as a key tool used by the state to enforce their will on the people. In an environmental context, this means that the military and police will be used to put down resistance (often from indigenous groups) to projects that degrade the environment.

For these reasons, Guacamaya’s objectives can range from small and simple tasks to large and complex initiatives. Some of their relatively smaller objectives include using hacking attacks to expose lies and corruption within Latin American governments. On the other hand, their long-term goals would involve the dismantling of the nation-state system in the region, the overturning of capitalism, and a dismantling of the current world order, all in the furtherance of protecting people and nature.

Political Abilities & Approach to Resistance

Guacamaya exclusively uses hacking as a means to bring about the political change they desire. When the group first became public, their hacking campaigns primarily targeted corporations that were extracting resources in Latin America, as well as the local governments that allowed this extraction to carry on. Recently, they have begun to increasingly target government entities, specifically military and police organizations throughout the region. Data leaks are the group’s weapon of choice in their political struggle; their hacking campaigns mostly focus on stealing information that they can release to the public and which exposes corruption and oppressive activity within governments.

In some of the group’s most recent hacks, a wide range of revelations were brought to light that led to widespread issues and scandals amongst the targeted government organizations. Perhaps most significant were the leaks that came from Mexico, where Guacamaya was able to hack the country’s military databases (specifically SEDENA, the Mexican Ministry of Defense) that brought several troubling issues to light within Mexican society. Among these were acts of corruption, such as the Mexican government’s involvement with organized crime groups in the country. The documents leaked by Guacamaya provided evidence that the Mexican government has been selling weapons to drug cartels that included grenades, tactical equipment, and even sharing information back and forth between cartels and the government (Chaparro). In Mexico, the leaks also revealed much about the government’s surveillance practices. As heavily reported by regional media outlets, leaks revealed the government’s reported use of Pegasus spyware to monitor journalists and human rights activists in the country.

→ Pegasus is a form of malware that allows the individual who infects a victim’s phone to completely access everything on the device.

→ This includes all the data stored on it, as well as the ability to turn on the camera, microphone, etc. without the victim knowing.

→ Pegasus was developed by the NSO Group, an Israeli intelligence company that has come under fire after Pegasus was allegedly used by several repressive governments to carry out illicit acts on their citizens.

→ Pegasus was supposedly the spyware used by Saudi Arabia to infect Jamal Khashoggi’s phone before he was murdered.

→ Pegasus utilizes “zero-click” infection, meaning that the malware can infect a victim’s phone simply by being sent to them via iMessage, for example, without the victim even clicking a malicious link or taking any similar form of action on their end (Martin).

The leaks also revealed that the Mexican military was surveilling feminist, environmental, and indigenous groups in Mexico. The EZLN, also referred to as the Zapatistas, were among one of the most monitored groups in the country, particularly their activity in opposing a new infrastructure project referred to as “Maya Tran”(Avispa). In addition to these specific revelations, the documents leaked by Guacamaya painted an overall picture of how deeply ingrained the Mexican military is becoming in all aspects of Mexican society, as well as the impacts that trend is having on the citizens of Mexico.

Other nations that were impacted by Guacamaya’s leaks were Chile, Colombia, Peru, and El Salvador. In some of these listed countries, the leaks made by Guacamaya have led to organizational changes. In Chile, for instance, General Guillermo Paiva Hernandez resigned as the head of the Joint Chiefs of Staff of the Chilean Armed Forces, after the country’s military faced scrutiny over leaks revealing that their intelligence operations focused on internal political organizations and indigenous groups, such as the Mapuche, who have been involved in political struggle against the Chilean government (MercoPress). The government in El Salvador was also found to be using Pegasus spyware to monitor journalists and activists in their country, similarly to the military in Mexico. Guacamaya’s leaks also revealed that the government in El Salvador was engaged in negotiations with the MS-13 criminal organization (Cimpanu). Guacamaya’s hacking campaign revealed similar trends across the region, that governments, militaries, and police forces across Latin America were engaged in corruption, unethical domestic surveillance campaigns, and collaborating with organized crime networks in their respective countries.

While the scope of Guacamaya’s hacks have been impressive, the particular hacking methods they utilized to carry out these data leaks were fairly simplistic and more of a reflection on the poor cyber-security practices of their targets than the technical prowess of the hackers. Guacamaya was able to access the email servers of these various organizations through a series of vulnerabilities in Microsoft Exchange that are collectively referred to as ProxyShell (Cimpanu).

Relations & Perceptions in the Media

Guacamaya has not received widespread media coverage. Whatever the reason, coverage of the group has mostly been in Latin American news sources or cyber-security publications. A further frustration for the group is that their message of environmentalism and anti-imperialism has often been drowned out in favor of talking points surrounding specific revelations of their data leaks. An example would be in Mexico, where much of the coverage of Guacamaya’s data leaks has revolved around the health of the Mexican President, Andrés Manuel López Obrador, after it was revealed that he had several undisclosed health issues (Greig). In addition to this, Guacamaya’s hacking campaign has kick-started a dialogue on cyber-security practices in Latin America. The region has recently received more attention as an easy target for cyber criminals due to the relaxed and outdated security practices implemented by Latin American governments. The Guacamaya leaks were additional validation of this assumption as relatively simple security vulnerabilities allowed these cyber-attacks to be carried out.

There is little indication at this time that Guacamaya has contacts outside of their region. Their objectives align very closely with other indigenous resistance groups in Latin America, although there is no sign that these groups have been in contact or in any way worked together thus far. The world of hacktivism and cybercrime is as interconnected as the internet itself, and other hacking collectives with similar ideologies will be watching the activities of Guacamaya.

Additional Resources