Limited distribution: Secretaría de la Defensa Nacional México (6 TBs)
Guacamaya's hack of Mexico's SEDENA, showing evidence of corruption in the military, plus their surveillance of politicians, diplomats, artists, activists and journalists
We have listed in our Limited Distribution section six terabytes of emails from Mexico’s military oversight secretariat. The SEDENA or Secretaría de la Defensa Nacional is the office in charge of the Mexican Army and its Air Force. SEDENA was hacked by Guacamaya as a part of the Fuerzas Represivas actions targeting military and police forces in Mexico, Chile, Peru and El Salvador.
The Fuerzas Represivas datasets were published simultaneously by DDoSecrets and Enlace Hacktivista. Guacamaya provided both publishers with a statement, and video displaying how they did the hacks. On why the SEDENA data is Limited Distribution, Guacamaya stated:
“We would like for everyone to have access to the leak, but in this case it isn’t possible since it contains information that in the hands of narcos could endanger a lot of people. Nevertheless it has been shared with many investigative journalists who wrote to either DDoSecrets or Enlace Hacktivista.”
Guacamaya told Enlace Hacktivista how the SEDENA hack was unique:
“All the other leaks were downloaded with Proxyshell as seen on the video, except SEDENA which happened with an ancient Zimbra vulnerability. It was simply using this to exploit the vulnerability and put up a webshell, then using the webshell to download all the mails in /opt/zimbra/store.”
Enlace Hacktivista has published a sample of documents from this dataset.
For access to the rest of the documents in this limited distribution data, journalists and other researchers can write to DDoSecrets to request access, keeping in mind our guidelines for requesting documents.
Mexico’s president confirmed the hack in late September, and new headlines have been coming out every day from journalists who have access to the leak.
The leak contains evidence for how the SEDENA drafted a 2022 set of law amendments to place the National Guard under the remit of the military. Under the Mexican Constitution, the National Guard is a civilian law enforcement entity.
Some of the early reporting on the SEDENA leak found evidence of the Army continuous use of Pegasus software from Israel’s NSO Group to spy on journalists and politicians. From an Article 19 report:
According to information obtained by the Guacamaya hacktivist group's leak, SEDENA has continued to request quotes from companies in the Pegasus network. For example, in November 2020, SEDENA requested a quote from Comercializadora Antsua; in March 2021, from Proyectos y Diseños VME; and in April 2022 (months after the Project Pegasus scandal), from KBH Track, to mention a few cases.
SEDENA responded to this reporting to say they were clients of the NSO vendor only between June 27, 2011 and August 24, 2013, and that the tool was only used to spy on organized crime, not on human rights defenders, journalists or activists. This statement is easily disproven by the documents in the leak.
Spying on journalists, artists, activists, grieving parents, community events, political staffers and politicians would be a common practice in the army, with or without Pegasus software.
The Army appears preoccupied with opposition to the Tren Maya. The Tren Maya project would connect cities in the Yucatán peninsula with rail lines and build up new tourism facilities along the route. The Army appears to be worried that the EZLN in Chiapas could gain steam and take up arms again by tapping in to public opposition to the Tren Maya plan.
The SEDENA is financially invested in multiple parts of the Tren Maya business plan, AMLO confirmed. The SEDENA is contracted to build one of the legs of the railway. SEDENA is also looking to expand into the business world, with a plan to take over ownership of the Presidential jets and use them as part of a fleet for their new commercial airline (El Financiero). The same state corporation SEDENA owns the new state-run airline through, would own the Tren Maya and international airports in Felipe Ángeles and Tulum.
The Army even sent surveillance details to track members of the Ejército Zapatista de Liberación Nacional on a recent tour EZLN did to meet activists in Europe.
The leak confirms the experiences of reporters who covered the tour and noticed the surveillance:
“These leaks are just confirmation of something the zapatistas already knew. At the start of the tour, it was possible to take photos with the participants and the events were much more open. Then there was a moment when the tour’s coordinators decided that photos could no longer be taken, and the events became more limited.”
The SEDENA appears to run a secret military unit tasked with managing the security and all of the healthcare appointments for all of the President’s family members.
More links to research into the leaks can be found on our site.