Andrés
Sepúlveda rigged elections throughout Latin America for almost a
decade. He tells his story for the first time.
PART 3
According to
Sepúlveda, his payments were made in cash, half upfront. When he
traveled, he used a fake passport and stayed alone in a hotel, far
from campaign staff. No one could bring a smartphone or camera into
his room.
Most jobs
were initiated in person. Sepúlveda says Rendón would give him a
piece of paper with target names, e-mail addresses, and phone
numbers. Sepúlveda would take the note to his hotel, enter the data
into an encrypted file, then burn the page or flush it down the
toilet. If Rendón needed to send an e-mail, he used coded language.
To “caress” meant to attack; to “listen to music” meant to
intercept a target’s phone calls.
Rendón and
Sepúlveda took pains not to be seen together. They communicated over
encrypted phones, which they replaced every two months. Sepúlveda
says he sent daily progress reports and intelligence briefings from
throwaway e-mail accounts to a go-between in Rendón’s consulting
firm.
Each job
ended with a specific, color-coded destruct sequence. On election
day, Sepúlveda would purge all data classified as “red.” Those
were files that could send him and his handlers to prison:
intercepted phone calls and e-mails, lists of hacking victims, and
confidential briefings he prepared for the campaigns. All phones,
hard drives, flash drives, and computer servers were physically
destroyed. Less-sensitive “yellow” data—travel schedules,
salary spreadsheets, fundraising plans—were saved to an encrypted
thumb drive and given to the campaigns for one final review. A week
later it, too, would be destroyed.
For most
jobs, Sepúlveda assembled a crew and operated out of rental homes
and apartments in Bogotá. He had a rotating group of 7 to 15 hackers
brought in from across Latin America, drawing on the various regions’
specialties. Brazilians, in his view, develop the best malware.
Venezuelans and Ecuadoreans are superb at scanning systems and
software for vulnerabilities. Argentines are mobile intercept
artists. Mexicans are masterly hackers in general but talk too much.
Sepúlveda used them only in emergencies.
The
assignments lasted anywhere from a few days to several months. In
Honduras, Sepúlveda defended the communications and computer systems
of presidential candidate Porfirio Lobo Sosa from hackers employed by
his competitors. In Guatemala, he digitally eavesdropped on six
political and business figures, and says he delivered the data to
Rendón on encrypted flash drives at dead drops. (Sepúlveda says it
was a small job for a client of Rendón’s who has ties to the
right-wing National Advancement Party, or PAN. The PAN says it never
hired Rendón and has no knowledge of any of his claimed activities.)
In Nicaragua in 2011, Sepúlveda attacked Ortega, who was running for
his third presidential term. In one of the rare jobs in which he was
working for a client other than Rendón, he broke into the e-mail
account of Rosario Murillo, Ortega’s wife and the government’s
chief spokeswoman, and stole a trove of personal and government
secrets.
In Venezuela
in 2012, the team abandoned its usual caution, animated by disgust
with Chávez. With Chávez running for his fourth term, Sepúlveda
posted an anonymized YouTube clip of himself rifling through the
e-mail of one of the most powerful people in Venezuela, Diosdado
Cabello, then president of the National Assembly. He also went
outside his tight circle of trusted hackers and rallied Anonymous,
the hacktivist group, to attack Chávez’s website.
After
Sepúlveda hacked Cabello’s Twitter account, Rendón seemed to
congratulate him. “Eres noticia :)”—you’re news—he wrote in
a Sept. 9, 2012, e-mail, linking to a story about the breach. (Rendón
says he never sent such an e-mail.) Sepúlveda provided screen shots
of a dozen e-mails, and many of the original e-mails, showing that
from November 2011 to September 2012 Sepúlveda sent long lists of
government websites he hacked for various campaigns to a senior
member of Rendón’s consulting firm, lacing them with hacker slang
(“Owned!” read one). Two weeks before Venezuela’s presidential
election, Sepúlveda sent screen shots showing how he’d hacked
Chávez’s website and could turn it on and off at will.
Chávez
won but died five months later of cancer, triggering an emergency
election, won by Nicolás Maduro. The day before Maduro claimed
victory, Sepúlveda hacked his Twitter account and posted allegations
of election fraud. Blaming “conspiracy hackings from abroad,” the
government of Venezuela disabled the Internet across the entire
country for 20 minutes.
Source:
Comments
Post a Comment