The Cryptocurrency Climate: Is a Hot or Cold Storage More Secure?

Cryptocurrency continues to gain popularity with about 145 million adult Americans currently owning or previously owning cryptocurrency, even with an increasing number of investors being conned out of their digital assets because of their inexperience in investing and lack of understanding of the social laws governing the security and protection of their digital assets through hot and cold storage wallets. This makes new investors the primary targets for con artists. The cons are not slowing the trend down. According to a recent study, Americans who have never bought cryptocurrency before believe they are likely to do so for the first time next year as a result of the falling stock market and rising inflation.

For this report, Overwatch examined allegations and recent sightings of fraudulent and counterfeit hot and cold cryptocurrency wallets, focusing on the Ledger Wallet, which is acknowledged as one of the most well-liked hot and cold wallets available. Our analysis pinpointed several problems investors encounter when storing their cryptocurrency for protection.

Hot and Cold Storage and Their Scams

Investors in cryptocurrencies have two primary options for protecting their money: Hot and cold wallet storage. The easiest way to distinguish between the two is that a hot wallet is online and frequently connected through apps, but a cold wallet is offline and generally a handheld digital device. The other less popular option is to leave purchased digital currency on the exchanges.

cryptocurrency - hot and cold wallet
The difference between hot and cold wallets in cryptocurrency.

A hot wallet’s fast accessibility of investing directly from a smartphone or computer app draws investors in large numbers. The ease with which one can now invest in digital money increases the potential of fraud for thousands of people. However, the federal government has recently issued warnings about cybercriminals actively impersonating reputable cryptocurrency investing firms and convincing investors to download phony mobile apps to steal cryptocurrency. However, these criminals have a history of using high-quality counterfeit cold wallets with established backend access to compromise investors’ digital assets. This is typically done by providing a pre-seeded device or establishing malware on the device prior to shipment. Once an investor receives the device and attempts to transfer currency from an exchange or another wallet, the fraudsters will be able to obtain the funds. We mention this to demonstrate that there is no superior storage solution with the product’s absence of carefulness.

In a Private Industry Notification published by the FBI on July 18, 2022, titled “Cyber Criminals Create Fraudulent Cryptocurrency Investment Application to Defraud US Investor,” the FBI described how fraudulent hot storage wallets operate. According to the report, cybercriminals persuade victims to download a fake app to add cryptocurrencies to their wallets. The victims later seek to withdraw money from the app, but they are informed via email that they must first pay taxes on their investments. The victims are still unable to receive their cryptocurrency withdrawals even after paying the supposedlevy. This fraud is only one of numerous hot wallet scams involving cryptocurrencies that analysts have come across recently.

Recent Scams Reported

Ledger has provided a list of current phishing attacks and many alert messages starting in December 2020 on its website. Many alerts are regarding the prevalence of fake hot wallets on the market and the structure of cold wallet frauds that use Ledger as a front. Online investors have been continuously reporting being victims of scams over the past few weeks. Overwatch analysts have also noticed other suspicious activity related to using fake Ledger applications that can be found on app stores like the Microsoft Store and the Google Play Store.

For example:

  • On June 12, 2022, a Reddit user reported a suspicious Ledger Live app was self-installed on their computer with a logo that did not match the mentioned company branding. Also found were misspelled words on the app’s landing page, where the user was requested to update their Ledger device.
  • On July 17, 2022, an additional Twitter user captured a screenshot from the Microsoft App store, revealing that a fake hot wallet app was established on the platform posted under a legitimate cryptocurrency cold wallet company, resulting in the user losing $20k.
  • On July 18, 2022, a user on Trustpilot reported that they purchased a counterfeit Ledger Wallet, which appeared tampered with before opening.
  • On July 19, 2022, a Reddit user captured screenshots of a downloaded fraudulent Hot Storage app that provided fake Recovery seed phrases to steal any transferred currency.

These schemes are not being used as a novel way to defraud cryptocurrency investors. Cybercriminals still follow the same playbook: they lure unsuspecting investors into engaging fake Ledger Wallets, entice users to download apps or visit phishing websites, and then steal any currency entered.

Our Investigation

So what are the current market trends that investors should be aware of? Overwatch analysts investigated and found that Ledger Hello is one of them, and it’s available on the Microsoft Store. However, after a thorough search, only three reviews could be found, one of which was a user warning about the application claiming that it steals your money and wallet recovery seeds.

Following this discovery, analysts searched in preparation for further reports mentioning Ledger Hello. They found a Reddit user report stating their cryptocurrency was stolen from the same Ledger Hello app downloaded from the Microsoft storefront.

In addition to our investigation, analysts ran advanced searches for Ledger Nano X and Ledger Nano S devices. Analysts found four devices being marketed on Amazon from the United Arab Emirates. The tip was based on user reports that the investors had purchased counterfeit Ledger wallets on Amazon.

It appears that the item was bought from an Amazon seller who has since left the marketplace. Analysts were able to locate an archived version of the landing page that promoted the product, nevertheless.

To further our study, we looked for any hints that fake ledger wallets were being bought, sold, or obtained in dubious marketplaces on the dark web. Our investigation turned up a fake Chrome Device Manager browser add-on that claimed to be a Ledger Nano S extension and was obtained from the Google Play Store. Investors drawn to this extension would think it was a credible hot wallet storage solution due to the extension’s internet connection. However, confirmation through the official Ledger website showed that this browser extension is not affiliated with the company, and its users are not encouraged to use it.

Our research into the dark web also turned up a forum where people talked about a set of Nano S ledgers bought in bulk on Alibaba. Following the adage “too good to be true,” investors interested in purchasing the item should view the product’s low pricing as a warning sign.

These counterfeit gadgets are presented in premium packaging that aims to resemble the real thing closely. However, there is a good chance that the device has been tampered with or pre-seeded. This frequently occurs with Chinese online markets, not only for cryptocurrency hardware.

Our Assessment

According to the aforementioned study, seventy-four percent of cryptocurrency investors, or nearly 107 million Americans, bought for the first time in the last two years. However, according to the Federal Trade Commission, over 46,000 customers claim to have lost over $1 billion in cryptocurrency to scams since the beginning of 2021. This is partially due to cryptocurrency being in its infancy and the naivety of new investors, unsuspecting of the tactics of fraudsters.

Due to the significant expansion of the cryptocurrency sector, Overwatch predicts that in 2023 there will be a rise in the use of fraudulent apps. To target their victims for cryptocurrency scams, fraudsters will continue to take advantage of app marketplaces and create high-quality counterfeit digital wallets, concentrating on how eager new investors are to enter the digital investment arena. Should this occur, inexperienced investors unaware of the insider’s secrets risk losing tens of thousands of dollars more than we have seen in the past.

This analysis was carried out by analysts using advanced search terms on a variety of social media sites and dark web forums. In addition, we examined the marketplaces for cryptocurrency apps on app stores including the Microsoft Store, Google Play Store, and Apple App Store. Subsequently it becomes a game of “Whack-a-mole” because fraudsters continue to add and withdraw applications from these platforms. The same is true for online merchant sites like Amazon. With that said, it’s crucial for investors to be knowledgeable about the applications they use and to avoid getting cryptocurrency cold wallets from unlicensed vendors.

For investors interested in purchasing a Ledger Cold Wallet specifically, or utilizing the Ledger app, both products should only be acquired through the official Ledger.com website.

 

Despite Legislation, Do U.S. Consumers Know Where and How Their Products are Made?

On June 21, 2022[i], the Uyghur Forced Labor Prevention Act (UFLPA) took effect in the United States. The Act was enacted in response to the 2014 investigations concerning the Uyghur population of Xinjiang, China, that determined the People’s Republic of China (PRC) committed numerous human rights violations that are still occurring today.[ii] The UFLPA now requires U.S. imports produced “wholly or in part in the Xinjiang Uyghur Autonomous Region” to have “clear and convincing evidence” to be free of forced labor.[iii] In addition to the enactment, monitoring resources have been implemented, and most American consumers are familiar with UFLPA, having little to no impact on purchasing behavior.

[iv]|[v]|[vi]

On the other hand, Chinese officials have countered U.S. allegations of forced labor in Xinjiang with accusations of lies and undercutting the international supply chain. Wang Wenbin, the Chinese Foreign Ministry spokesperson, stated that Xinjiang forced labor allegations are “a big lie made by anti-China forces.”[vii] Hua Chunying, Assistant Minister of Foreign Affairs, posted that the UFLPA “essentially deprives millions… of their right to work”. [viii] U.S. Secretary of State, Anthony Blinken, responded by stating, “we are rallying our allies and partners to make global supply chains free from the use of forced labor, to speak out against atrocities in Xinjiang, and to join us in calling on the government of the PRC to immediately end atrocities and human rights abuses, including forced labor.” [ix] | [x]

In this Overwatch brief, Echo Analytics Group and Valens Global analysts focused on challenges U.S consumers face when trying to understand the supply chain. Our research identified that forced labor products from the Xinjiang Uyghur Autonomous Region (XUAR) continue to make their way into the hands of American consumers. This brief is based on shipments already accepted into the U.S. from export companies known to utilize cotton from the XUAR and future shipments from the same companies operating under an alias.

Overwatch_60_Disclaimer
Overwatch

Unraveling the Origins of Consumer Goods

When a finished product arrives in the U.S., it is difficult to confirm or deny its origins within the Xinjiang Uyghur Autonomous Region (XUAR) with “clear and convincing evidence.” For this case, analysts looked at a shipment that landed in the port of Long Beach, CA, on June 29, 2022. The shipper’s name is Nanhai Textiles Import and Export carrying containers of women’s clothing. The COSCO Shipping Rose vessel came from the Yantian port in China. Before arriving in Long Beach, CA, we backtracked its movements using Vessel Finder and the International Maritime Organization (IMO) number to reveal stops in Hongqiao, Jiangyin, Xiamen, Yantian, and El Paso, Texas. However, Panjiva’s report dated June 29, 2022, and Bill of Lading #PSEAYTNLAX50787 were no longer available on the site. Look at the sample Bill of Lading and note the Shipper, Consignee, and Marks Description.

According to the UFPLA, we must show that Nanhai Textiles did not use cotton produced by forced labor in Xinjiang to show “clear and convincing evidence” for the items in container OOLU8868244.

After performing a series of searches in the Securities and Exchange Commission (SEC) and finding no record of Nanhai Textiles, analysts pivoted their search to find aliases for the company through Google Dorks, social media, Panjiva, Office of Foreign Asset Collection (OFAC), Market Watch, and human rights watchdogs (Politico, Voice of America, Human Rights Watch, Helena Kennedy Center, etc.). The following are all alias listings for Nanhai Textiles:

  • Nanhai Textile Import & Export Co LTD of Guangdong (link)
  • Foshan City Nanhai Deyao Textile Industrial Co., Ltd. (link)
  • Foshan Nanhai Weilong Textile Co., Ltd. (Facebook) (link)
  • FOSHAN NANHAI HONGXINGHONG TEXTILE CO., LTD. (link)
  • FoShan NanHai HuaChun Fashion Co., Ltd. “Supplier to PVH Corp
  • Foshan Chicley Textiles Co. Ltd. (link)

None of the above listings have direct ties to or show up on the Department of Homeland Security’s UFPLA list, a list of entities known to utilize forced labor. As a result, this shipment passed muster without issue and, luckily, just days after the UFPLA went into effect.

However, as listed above, Foshan NanHai HuaChun Fashion Co., Ltd. is a direct supplier to PVH Corporation (Corp.). PVH Corp manages significant apparel brands and denotes receiving products produced by Esquel Enterprises, also known as Changji Esquel Textile Co. Ltd (currently on the UFPLA entity list). Additionally, PVH Corp.’s current senior leadership formerly oversaw importing operations for Urban Outfitters, the same receivers of our case study shipment from Nanhai Textiles and retailers of PVH products.

These correlations do not necessarily connect our entities directly to materials sourced from the XUAR. Instead, our example shows the complex supply chain and how far removed the consumer is from the cultivation of raw materials to the finished product. How can a supplier provide “clear and convincing evidence” that their products meet the requirements in the UFPLA?

The difficulty in proving where raw materials came from is “at the ginning stage [when fibers are separated from their seeds], cotton from disparate locations is mixed together, making it impossible to trace the provenance,” according to Liv Simpliciano of Fashion Revolution in an interview for The Guardian. She quotes leaders in supply chain technology as saying the only way to prove the absence of Xinjiang cotton is a “complete digital chain of custody.”

According to an article published in the Taipei Times, Tech companies such as TrusTrace, Supply Shift, and TextileGenesis, plan to use “blockchain and artificial intelligence to trace supply chains for fashion labels.” These companies aim to provide transparency to the industry by providing traceability throughout the supply chain. However, as stated by TrusTrace, “Only the brand is informed,” meaning that TrusTrace is “not alerted when Xinjiang cotton is found in a brand’s supply chain.” This places the ownness back on the importer to report when they receive alerts, leaving the system vulnerable to market manipulation.

To the Informed Supplier

For an additional case study, we referenced “Laundering Cotton: How Xinjiang Cotton is Obscured in International Supply Chains.” Laura T. Murphy and her team covered the Texhong Textile Group, currently under scrutiny for sourcing from the Xinjiang Tianmian Foundation Textile Co. (not on the UFPLA entity list).

The case study shows direct correlations between the Xinjiang Source, Intermediary Manufacturer Supply Chain, and specific shipments.

According to Laundering Cotton, Texhong’s subsidiary Winnitex supplies manufacturer Andalan Mandiri Busana (AMB). On a shipping report from Panjiva, J.Crew received a large shipment of men’s pants labeled AR886-3 from AMB on 03/31/2021. The same product number was recorded on J.Crew’s website as available for purchase.[xi]

The Laundering Cotton report illuminates several other case studies from major American and international apparel retailers. They also caveat at the end of the report by stating that each entity named throughout the study has had the opportunity to reply. Their responses are recorded here in Annex D of the report.

Our Assessment

We assess that U.S. Importer inventories of XUAR-sourced products will continue to make their way into the hands of unwitting consumers. However, as the UFPLA expands its list of banned entities, future shipments of ethically sourced goods promise to deny forced labor products into the supply chain. As noted with the ginning stage of cotton and the complexity of supply chains, there may never be a single solution to help legislation against forced labor reach its full potential.

Overwatch assesses that it will take a combined effort on the UFPLA to expand their banned entities along with consumer awareness that anything from these designated regions could be in support of forced labor. Launching a consumer campaign to raise awareness about where and how products and services are sourced has proven highly effective, especially within the agriculture industry. We will likely not see any significant decrease in forced labor until consumers and legislation become more aligned.

Ultimately, the ones who will have the most significant impact are the producers of these products. When they have a healthy understanding of what their consumers demand and are concerned with their brand reputation, they will work to enforce a higher standard of “clear and convincing evidence” to their market base.

OSINT Workflow for Supply Chain Due Diligence

https://panjiva.com/ (shipments)

https://www.vesselfinder.com/ (vessels)

https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information (Sanction Lists)

https://www.sec.gov/edgar/search/ (Business by name lookup)

UFLPA Entity List | Homeland Security (dhs.gov) (Xinjiang Banned Entity List)

(List is not exhaustive or a complete list; this is the bare minimum.)

Sources

[i] U.S. Customs and Border Protection: Uyghur Forced Labor Prevention Act

[ii] Aljazeera: China’s Uighurs claim cultural ‘genocide’; China’s Uighurs claim cultural ‘genocide’ | Opinions | Al Jazeera

[iii] Ibid. page 1

[iv] WRC Case Brief: Lacoste Linked to Factory in China that Reportedly Uses Forced Labor; https://www.workersrights.org/wp-content/uploads/2020/03/WRC-Case-Brief-Yili-Zhuo-Wan-Lacoste.pdf

[v] Congressional-Executive Commission on China: Global Supply Chains, Forced Labor, and the Xinjiang Uyghur Autonomous Region; CECC Staff Report March 2020 – Global Supply Chains, Forced Labor, and the Xinjiang Uyghur Autonomous Region.pdf

[vi] Australian Strategic Policy Institute: Uyghurs for sale; https://www.aspi.org.au/report/uyghurs-sale

[vii] Politico: U.S. importers brace for chaos as Uyghur Act looms; https://www.politico.com/newsletters/politico-china-watcher/2022/06/16/u-s-importers-brace-for-chaos-as-uyghur-act-looms-00040072

[viii] Reuters: Tracking China’s Muslim Gulag; https://www.reuters.com/investigates/special-report/muslims-camps-china/

[ix] U.S. Dept of State, Dept of Treasury, Dept of Commerce, Dept of Homeland Security, Office of Trade Representative, and Dept of Labor: Xinjiang Supply Chain Business Advisory; 20210713_xinjiang_advisory_0.pdf (treasury.gov)

[x] United Nations Human Rights Council: UN human rights experts urge China to allow them ‘full access’- UN human rights experts urge China to allow them ‘full access’

[xi] Laura T. Murphy, et al. (2021). “Laundering Cotton: How Xinjiang Cotton is Obscured in International Supply Chains.” Sheffield, United Kingdom: Sheffield Hallam University Helena Kennedy Centre; https://www.shu.ac.uk/helena-kennedy-centre-international-justice/research-and-projects/all-projects/laundered-cotton

 

When AI In The Workplace Oversteps Privacy

Artificial Intelligence (AI) has become a growing member of today’s workforce. Companies use AI to help improve customer service, energy consumption, and quality assurance. However, what happens when AI moves into a managerial role in how employees operate? How far are employers allowed to take AI before concerning themselves with employee rights, ethics, and labor laws?

In this issue of Overwatch, we work to highlight some of the ways big employers are using AI to manage their employees and what that means for their employees and their culture.

In a 2017 Google Talk, Frank Abagnale (the man on whom “Catch Me If You Can” was based) tells young analysts that the type of con he was able to perform 50 years ago is “4,000 times easier today” due to the growing availability of technology. Through publicly available information (PAI), criminals can quickly see what corporate signatures should be on financial transactions, what the format of those transactions looks like, and even where employees hang out after work to talk shop. Impersonating employees has never been easier.  As Mr. Abagnale puts it, “you no longer need a printing press to make all four colors on an ID card that passes a quick visual inspection.”

Tesla is just one company that has taken this challenge head-on and started implementing several employee monitoring systems. What may have begun to protect the company against fraud has become a division of employee monitoring tools to help manage employees. Tesla was outed by CNBC back in 2017 for using a PR firm to monitor employee social media to counter employee unionization. Tesla’s recent activities include AI-powered presence patrols that notify employees when they haven’t swiped their badge at work enough to meet company standards. Overwatch analysts utilized a simple Google Dorking technique to search the TeamBlind.com website, a social media site for anonymous employee rants, to find several threads about how employees feel about such actions.

Our results are here.

The overall feeling from the anonymous employees who commented is that Tesla is justified in their actions, but the decision comes at a high cost to employee morale. Some even speculate that such activities are intentionally being used to assist with the ongoing downsizing the company is conducting in expectations of future economic limitations.

When it comes to ensuring safe work procedures are being implemented, AI has additional management roles to fulfill. For example, Amazon’s “Last Mile Safety” team has partnered with an “intelligent fleet safety” company called Netradyne to install AI-powered cameras in their delivery vehicles. According to Netradyne’s website, they are working to “transform the transportation ecosystem through Computer Vision and in-depth data analysis” powered by AI. This means that more than half of the Amazon delivery trucks you see are now equipped with an AI-powered camera system that monitors 270 degrees of visibility from the truck’s cab. This includes monitoring the drivers for safe driving behaviors. Last Mile Safety’s Sr. Manager, Karolina Haraldsdottir, explains what the system can do and how they work in an unlisted video shared with all driver teams.

Front view from Netradyne camera system.

Side views from Netradyne camera system

Driver view from Netradyne camera system

 

As you can see, this system is designed to use AI to enhance Amazon drivers’ safe driving skills. Videos are reviewed for driver improvement, tracking, and monitoring hazards and driving incidents. According to Haraldsdottir’s instructional video, the cameras will send reports back to Amazon if it detects any of the 16 pre-programmed signals that they deem unsafe. The system will also provide audio alerts to drivers when they run a stop sign, follow too close, speed, or the camera detects that they are distracted. These events are then used to give ratings of “poor,” “fair,” “good,” or “fantastic” to drivers. This may sound similar to those devices that insurance companies provide you to monitor the breaking and g-force of your car for safe driving but upgraded with an intelligent camera. Kudos to their PR team for not making the cameras red like the one from HAL 9000!  “Sorry, Dave, you can’t merge into that lane….”

One of the most considerable drawbacks of this technology is that AI is limited by the flaws of the programmers who created its algorithms.  As a result, AI can lack contextual awareness. For example, some drivers report losing points for following too closely when they get cut off. One such driver gave his anonymous story to help shed light and mentioned that his performance is now constantly monitored by an impartial system. He reports, “a car cuts me off to move into my lane, and the camera, in this really dystopian dark, robotic voice, shouts at me.” Think of an AI-powered back seat driver that never takes naps on the road, and they are in charge of your quarterly performance review.

Something that is less commonly known is that Amazon delivery drivers are not actually employees of the Seattle-based giant. Instead, Amazon utilizes sub-contractors through its Delivery Service Partners (DSP) program to fill these positions, thus protecting Amazon from immediate issues with the drivers as they implement their policies to the companies that serve these contracts.

In a 2021 Bloomberg report, it was noted that Amazon uses this relationship to dictate behaviors and activities of their drivers down to their grooming standards, appearance, body odor, and even their behaviors on and off the job. These standards are often monitored using the Netradyne monitoring systems. So how do employees protect themselves from these policies? The short answer is – they can’t. Every employee must sign consent agreements to keep the job. While this sounds like an infringement of the “legitimate expectations of privacy at work” listed in the Privacy Act of 1974 (recently updated in 2020), it is not. The privacy act focuses solely on what a Government Agency can do, and there are few rights given in the private sector outside of some State laws that protect individual privacy. However, at the state level, individual privacy is generally characterized as:

  • Intrusion of solitude
  • Appropriation of name or likeness
  • Public disclosure of private facts
  • False light

So it looks like Amazon’s cameras are here to stay despite many privacy activists telling news agencies such as Telegraph that they are “creepy, intrusive, and excessive.”

While there are many ways to monitor employee activity, incorporating an always-on camera and workstation monitoring systems can affect employee morale and corporate stigmas. According to CompTIA statistics on the usage of AI, “91.5% of leading businesses invest in AI on an ongoing basis.” However, the policy, oversite, and ethics of this employment are still very nascent. So nascent, in fact, that CompTIA lists the lack of governance as one of the top 5 reasons companies don’t adopt AI. Most of our policies and ethics have always focused on a government’s ability to infringe upon our expectations of privacy. Very few ever dictate what private companies can do as everything happens under the guise of “consumer consent.” If you buy the product or do the job, then you consent to its use in any way the builder deems fit.

As these companies continue to grow in size and influence, they push the bounds of ethics further and further with every decision. They can do this because of their leverage over their employees, who depend on their employment during challenging economic times. Silkie Carlo, the director of Big Brother Watch, equates this to Orwellian monitoring of our lowest-wage employees, implying that it’s not the governments that threaten your privacy the most but the companies that provide your everyday needs.

What’s next?

Overwatch assesses that large-scale implementation of an effective ethics policy is unlikely to occur. Employee morale will rarely outweigh the benefit of AI in the workplace. While 38% of employees expect their job to be automated by 2023, most AI integrations are employed to assist skilled labor with rudimentary tasks and to help increase safety and efficiency. Amazon alone has reported a 48% decrease in accidents, seatbelt wear has increased by 60%, and distracted driving has fallen by 75% due to their use of the Netradyne systems.

There is no doubt that AI is the wave of the future, and there are no (or at least very few) limits to how employers can use it to enhance their production. However, as we’ve seen in these few examples, it doesn’t take much for employers to go too far. With little room for recourse when an employer oversteps the bounds of civil liberties, the result is a smaller or more demoralized workforce. In some situations like this, a unionized workforce may become desirable. According to this Washington Post article, Amazon factory workers are striving to do just that to combat the overbearing micromanagement that Amazon exerts on its employees. In addition to Union talks, employers should monitor the market of available jobs. Big tech companies will likely find healthy competition for their workforce in those places that genuinely value employee morale over the bottom line.

As experts in combining publicly available information to answer questions, Echo Analytics Group wants to empower employers and employees to protect their information and build an #OSINTforGood society. However, for every bit of information an employer gathers on their employees, they become a bigger target for cybercriminals who want to use that information to exploit anyone they can. Also, freely communicating and applying a practice of transparency may help with morale in the culture when AI steps into a managerial role in the workforce. However, taking note of the reactions of Tesla and Amazon employees only shows that these choices to enhance safety and performance may come at the cost of lowered morale and production. The human race has always fought for civil liberties. It may only be a matter of time before the enemy of that fight changes from the Governments of the world to the big industry giants that pose an even more significant threat to life, liberty, and the pursuit of happiness.

What is Driving the Assassinations of Mayoral Politicians by Cartels in Mexico?

On March 10, 2020, at approximately 4:40 pm local time, Cèsar Valencia Caballero, the mayor of Aguililla, Michoacan, Mexico, was found dead. According to reports by the Agence France-Presse, a French-based international news agency, the man had been shot at least twice in the chest and neck.

This killing came just three weeks after the mayor, previously a local rancher and farmer, had allegedly declared an end to the cartel wars in the area. This announcement had been prompted by action taken by the federal police and military of Mexico to “free” the city after months under the control of the Cártel de Jalisco Nueva Generación (CJNG), also known as the Jalisco Cartel.

For this Overwatch, analysts will leverage publicly available data from various sources to statistically answer the question: what is driving the assassination of mayoral politicians by cartels in Mexico?

Mayor Caballero’s death is just the most recent in a long line of mayoral assassinations, as seen in Figures 1 and 2, created using data from The Justice in Mexico Project. According to the Justice in Mexico Project 2021 Special Report, a mayoral figure, defined as a mayor, candidate, or former mayor, was four times more likely than the average citizen to be killed in Mexico in 2020, as opposed to 13 times more likely, which was the statistic the year prior in 2019.

By looking at the context in which Caballero’s assassination took place, we can begin to pull out salient factors that might affect the assassination of mayoral politicians throughout all of Mexico.

The city of Aguililla was one of many in the region that have served as the focal points of a battle between Carteles Unidos (CU) and CJNG. The fighting between these groups has seen the State of Michoacan become the state with the fifth-highest homicide rate (59.3/100,000) in the country from June 2021 to May 2022. This was an increase of approximately 8.7/100,000 compared to one year ago.

Unlike the CJNG, which resembles a more traditional cartel, the CU started as a loose affiliation of cartels and gangs native to the Michoacan who had once come together in 2010 to fight off the encroachment of the Los Zetas cartel. As the original cartels of the region began to fall from power, what replaced them was a series of localized gangs, coalitions of smaller cartels, and self-defense forces. Most of these armed groups are made from the remnants of those former groups and often fight amongst each other or against external threats to seize control of the territory they inhabited.

This fragmentation process, the process through which large national cartels are reduced to smaller localized regional cartels and criminal cells, is not only underway in the state of Michoacan. A look at the series of maps (Figures 3, 4, and 5) shows an increasingly fragmented cartel landscape. According to the International Crisis Group, there were roughly 205 in 2020, a sharp increase from the 76 present in 2010.

As a result of this fragmentation, criminal actors, necessity, and a desire for profit have increasingly turned their sights inward to domestic sources of profit. As early as 2014, it was reported that the Zeta and the Knights Templar cartels were no longer making most of their earnings through drug trafficking but through iron ore. However, diversified illicit profit streams extend outside the extortion of mining companies and illegal mining operations. They include the extortion of avocado farmers, the extortion of local businesses, oil and gas theft, endangered wildlife trafficking, kidnapping, and smuggling.

The prevalence of these forms of extortion and looting of the local population by criminal actors in Mexico can be seen in the worries of the residents of Aguililla. After the end of their occupation by the CJNG, they are not celebrating. They are described as being worried about possible reprisal killings and the continuation of the CU “War Tax,” an extortion method in which the CU targets lucrative agricultural resources grown in and exported out of the area, such as avocados, limes, and mineral wealth.

The overall fate of the town of Aguililla and the region remains to be seen. Still, from the events described, we begin to get a picture of an evolving landscape of cartel violence in Mexico, especially compared to the 2006-2014 period of the conflict. Two key features mark this ongoing situation. First, the number and type of actors in this conflict have shifted, and second, the revenue streams these actors draw from have diversified. These and some control variables will be the main characteristics tested in the model below to understand local political violence.

To understand what factors are significantly contributing to this type of violence, Overwatch will use a method of quantitative analysis. This information places environmental factors derived from open-source state-level data[1], such as cartel fragmentation, political pluralization, the killing or arrest of cartel leaders, mining output, avocado output, and the number of illegal pipeline taps against the event of a mayoral assassination, allowing us to see what factors are statistically significant in predicting incidents of mayoral assassination in a State. The model will control for several factors, including election years, the number of municipalities in a state, the homicide rate of a state, the estimated population of a state, the end of Mexico’s gas subsidy, and the Human Development Index (HDI), an aggregated measure of prosperity in the area. The model will be run twice, first from the time of 2006-2019 and then from the period of 2012-2019, to consider the roles that fuel theft is playing when it comes to mayoral assassinations.

[1] Sources used for the quantitative models

Mayoral Assassinations: Justice in Mexico Project Memoria Dataset. Supplemented through advanced queries for missed assassination events.

Cartel Fragmentation, Political Pluralization, Arrest/Death of Cartel Leaders 2006-2015: Laura Blume’s academic article The Old Rules No Longer Apply: Explaining Narco-Assassinations of Mexican Politicians – Laura Ross Blume, 2017 (sagepub.com)

Cartel Fragmentation, Political Pluralization, Arrest/Death of Cartel Leaders 2016-2019: supplemented through open-source research queries.

Mining Output: The Mexican Geology Service

Illegal Pipeline Taps: IGAVIM (NGO charting fuel theft in Mexico)

Avocado Output: Secretary of Agriculture and Rural Development

Number of Municipalities, Estimated Population, Violent Homicide Rate: National Institute of Statistics

Human Development Index: Global Data Lab

 

  Model 1 (2006-2019) Model 2 (2012-2019)
Dependent: Mayoral Assassinations ZINB ZIP ZINB ZIP
Avocado Production Value (100,000s of pesos) 3.25e-06***

(8.24e-07)

 3.10e-06***

(7.65e-07)

 3.09e-06*** (9.66e-07) 3.09e-06***

(9.66e-07)
Designated Red Triangle Area .3440403 (.293146) .3776276 (.3067098) .1315405 (.2806082) .131554

(.2806048)
Number of Illegal Pipeline Taps Detected .0004163** (.00014) .0004163** (.00014)
Total Value of Mined Lootable Resources (100,000s of pesos) -3.34e-07 (8.46e-07) -3.18e-07 (8.39e-07) 6.49e-07 (8.54e-07) 6.49e-07

(8.55e-07)
Gas Shock 1.644253* (.6910199) 1.711019* (.6824836) .5952097 (.3603463) .595184

(.360356)
Total Cartels .1492155 (.0783382) .1459798 (.0777265) .0086074 (.0920103) .0085645

(.0920157)
Kingpin .1536357 (.2005211) .122137 (.199723) -.0923125 (.1881991) -.0923967

(.1882025)
Lagged Political Pluralization 1.172203 (.9245133) 1.1806 (.9493756) .6671332 (.9917837) .6671474

(.9918213)
Human Development Index -8.823877** (3.138733) -9.3168***

(3.331301)

 -16.481*** (3.742241) -16.4833***

(3.742202)
Homicides/100,000 people .0173533*** (.002475) .0170105*** (.0022406) .0158983** (.0048266) .0158989***

(.0048268)
Population Estimates 1.03e-07*** (1.78e-08) 1.01e-07***

(1.66e-08)

 9.74e-08*** (2.08e-08) 9.75e-08***

(2.08e-08)
Number of Municipalities .0032946*** (.0005619) .0031435*** (.000582) .0025737*** (.0005316) .0025733***

(.0005316)
Inflated Total Cartels -1.014295* (.4326191) -.3714208 (.873021) -1.631413** (.5462995) -.8482871*

(.4216407)
# of observations (N) 434 434 248 248
Wald chi^2 302.97 *** 304.31 *** 277.79 *** 277.79 ***

Standard errors in parenthesis, p-value *=.05 **=.01 ***=.001

After running these models, it was determined that for every unit, 100,000-peso (~$5,000), increase in estimated value from avocado farming, there is an expected increase in the mayoral assassinations rate of .000003, all else being equal. Additionally, for every additional illegal tap detected, we expect the number of mayoral assassinations in a region to be a .000416 increase in mayoral assassinations. Though these numbers may seem insignificant, they have a statistically significant effect, meaning that when predicting incidents of mayoral assassinations, these two variables are better indicators than factors that focus on the fragmentation of cartels.

Notably, the control variable HDI is also significant, meaning states with lower HDI scores are more likely to suffer from mayoral assassinations. This is possibly because fragmented criminal groups cannot easily target affluent and well-secured regions in Mexico and prefer to prey on lower socio-economic areas.

In both models, factors such as the extradition or death of a cartel boss, the number of cartels in an area, and political polarization were insignificant, meaning they do not act as statistical predictors of mayoral assassinations. The insignificance of these three variables could be due to the changing environment in Mexico. As seen in Figure 6 above, most states house multiple armed groups. At the same time, the process of leadership decapitation that started in 2006 has turned the criminal landscape into several independent cells and loose affiliations that are becoming more immune to the arrest of leaders. These two factors, present throughout most of Mexico in the last few years, do not go nearly as far in predicting mayoral assassinations as a state’s natural resource wealth.

Overall, what this model shows is that a mayoral politician of a town experiencing inter- or intra-cartel conflict but whose municipality is not rich in lootable natural resources, or sources of extortion, is in a relatively safer position than a mayoral politician suffering from the same predicament, but also finding themselves in charge of an area with high amounts of lootable natural resource wealth and points of extortion. In addition, it reveals that the assassination of these mayors is concentrated in states that rank lower in terms of socio-economic status. In other words, the criminal and socio-economic environment may lead to initial vulnerabilities, but the economic incentives provide the drivers for political violence.

Our Assessment:

Using the above findings, Overwatch analysts assess that if trends in criminal fragmentation and diversification of illicit revenue streams continue, there will be a surge in political violence in Mexico starting in late 2023 and culminating around Mexico’s 2024 election. This would follow trends seen during the 2018 and 2021 election seasons. If the above model is correct, political violence in 2024 will likely concentrate in states and municipalities that are rich in lootable natural resources and targets for extortion. In addition, political violence will likely concentrate lower socio-economic areas surrounding the 2024 election.

Additionally, Overwatch analysts assess that much of business surrounding local resources in Mexico will continue to involve cartels and criminal actors moving forward, likely leading to the fluctuation in prices of key natural resource markets and previously agreed upon business contracts.

These problems will likely be exacerbated as the Mexican government attempts to “decapitate” the Jalisco Cartel or other large cartels still operating in Mexico. This will probably increase the violence aimed at local citizens and politicians, as groups like the CU disintegrate without an external enemy to fight against. In addition, splinter cells of the now headless cartels turn towards their local economies and surrounding territories to supplement their affected revenue streams.