One region, all voices




Read in

Guacamaya: Hacktivists from the Global South

The hacktivist group Guacamaya has breached police and military information systems in Chile, Colombia, El Salvador, Mexico, and Peru, as well as those of mining and energy companies in several countries in the region in 2022. For the moment, they have revealed government and private information of public interest on human rights violations against civilians, activists, journalists, national security issues, and environmental crimes. These cyber-attacks are all the more striking because they are being carried out by what could be the first Latin American hackers with an anti-colonialist manifesto, which seeks the liberation of peoples by combating “imperialism” from the network.

Guacamaya’s behavior can be categorized in different ways, such as cyberterrorism, communication guerrilla or culture of jamming, filterers, or slacktivism. However, the most accurate is hacktivism, which consists of a set of intentional and coordinated actions on the network that can be legal or illegal to achieve a political goal, such as attacking or subverting some existing power structure. 

But not all hacktivist behaviors have been the same historically; there is a first wave in the 1990s and a second with the emergence of Anonymous. Regarding the first wave, these cyberattacks mainly fought for the freedom of expression and freedom of the Internet and did so by means of two tactics: defacement, which consisted of attacking a website by modifying its aesthetic appearance, almost like virtual graffiti. Meanwhile, the net strike or “virtual sit-in” was a coordinated action to slow down the service of a web page until it was saturated.   

Guacamaya is part of the second wave, as its objectives and tactics are comparable to those of Anonymous, who, in addition to leaning towards freedom of expression, are concerned about the surveillance systems imposed by private and governmental institutions on citizens at the expense of their safety. One of their most popular tactics is doxxing, i.e., the public disclosure of information on the Internet about a person or organization.   

Poets of resistance and programming? 

This allegedly Latin American hacker group shows itself on the Internet with a poetic anti-colonialist discourse. It seeks to vindicate the freedom of all the communities of Abya Yala (the name used by the Kuna peoples of Panama and Colombia to refer to the American continent before the arrival of Christopher Columbus) from the extractivism of the global north. Their appearance on the Internet has been forceful, since, in addition to their leaks, they have also developed an aesthetic concept with four web contents: a site, a video, a communiqué, and a poem. 

The first content is the website, which is similar to a wiki and offers several services such as general information about the group, historically compiles some of their actions on the Internet, contains learning tools for those interested in becoming future hackers, has a link to communicate with them and some clarifications; the most striking of them is the Twitter account @guacamayahacks, which is false and does not represent them. The second content is a short video set to traditional and rap songs that have female voices and lyrics that allude to resistance and respect for mother earth. These are accompanied by three images representing this group’s ideals and actions, which are superimposed with the code they have used in their cyberattacks. 

The third and fourth contents are the communiqué and the poem in which they express in written and synthetic form their purpose: to fight against the inherited and imposed forms of North American and European colonialism and imperialism in the region, namely: the extractivism of the global north, together with the current racist police and military forces of the nation-state. To this end, they claim the knowledge and traditional knowledge of the native peoples. They resort to the language of care and respect for the common motherland: Abya Yala and the spiral temporality.       

The anti-colonial Trojan 

Despite the apparent coherence between his actions and his anti-colonialist discourse, some journalists are wary of Guacamaya, because they consider him a Trojan in favor of the geopolitical interests of the United States in the region. His leaks have been localized in countries such as Venezuela, Ecuador, and Colombia, which have certainly distanced themselves from the giant. By attacking mining-energy companies such as Solway, Enami, and Masarov Energy, present in these countries, which have economic ties with China, Russia, and Iran, they do not harm “U.S. imperialism”, but on the contrary: they favor it. 

If this were to be proven, Guacamaya would be part of an operation of state influence, strategically supported by an “anti-colonialist” discourse with the objective of discouraging the growing support achieved by China, Russia, and Iran in Latin American audiences. The truth is that this conjecture could easily be categorized as a “conspiracy narrative” and, as long as there is not enough evidence, it will remain just that. However, this pointing certainly reminds us of the WikiLeaks phenomenon, which at the time was considered a symbol of freedom of information, and then went on to be accused as a resource of the Russian Government to destabilize the legitimacy of the U.S. Government.


The alleged existence of these hacktivists from the Latin American global south is a milestone not only because of their origin and anti-colonial objectives but also eventually because of the scope of their leaks, which would shake more than one state and private institution. Furthermore, its actions point out, on the one hand, that in the region there are skilled programmers with significant experience in the field of technology, thus blurring commonplaces such as unskilled labor, with which Andrés Manuel López Obrador (AMLO) tried to label this cybernetic attack. On the other hand, it alerts the States and their cybersecurity, as it was circumvented, and their cyber crisis management protocols are weak, if not nonexistent, as shown by the cybersecurity index 2022 and governmental reactions.

*Translated from Spanish by Janaína Ruviaro da Silva


Otros artículos del autor

Estudiante del Máster en Gerencia del Desarrollo Global de la Universidad de East Anglia, Inglaterra. Máster en Estudios Internacionales de la Universidad de los Andes. Participante del Programa de Formación 360/Digital Sherlocks (DFRLab) del Consejo Atlántico para combatir la desinformación cohortes 2021-2022.


Related Posts

Do you want to collaborate with L21?

We believe in the free flow of information

Republish our articles freely, in print or digitally, under the Creative Commons license.

Tagged in:


More related articles