SANTIAGO – PacoLeaks is one of the most popular hacking consortia in Chile. PacoLeaks independent hackers try to access and publish confidential information regarding Chilean police forces. Although surrounded by mystery and controversy, PacoLeaks has become a pillar of the Chilean social movement, uncovering and publicly denouncing injustices in ways that authorities can’t or won’t.
PacoLeaks is an anonymous project dedicated to hacking institutional police sites and uncovering confidential information. Its apparent purpose is to publish and denounce repression and misbehavior by Chilean police.
The project is now feared by institutions as much as it is respected by citizens, because of the danger it represents to the institutions’ cybersecurity, and the potential it has to reveal some ugly truths at this tense time in Chile.
As reported by Interferencia, hackers revealed information that Chilean police forces have been monitoring various social movements, such as “No a Ciclo” movement members. “No a Ciclo” is a citizen movement organized by Rungue inhabitants, who aim to stop the installation of the Ciclo company’s Integrated Center for Industrial Waste Management inTil Til. The center is slated to receive 3 million cubic meters of waste from all over the country.
PacoLeaks showed that police followed protesters, both physically and online. They also revealed that police had infiltrated the movement and had reports on the movement’s activists.
This is not the first time PacoLeaks has pulled back the curtain on the police. On Nov. 1, PacoLeaks also made public nearly 21,000 private records of many Chilean activists and leaders, created by the police as part of their surveillance operations.
Among the monitored citizens, nine social activists were highlighted as “detected interest targets,” which include “No + AFP” social leader Carolina Espinoza, anarchist photographer Byron Andrade, and leaders and presidents from the University of Chile Student Federation, National Confederation of Municipal Health, and the Worker Unit Center. The reports include their pictures (individual and during protests), ID numbers, marital status, legal data and background, and even known nicknames.
Other hacking revealed similar surveillance operations. On Nov. 1, Interferencia reported a case in which, among others, Rodrigo Mundaca, environmental leader of international renown, was followed by the police. The compiled information included his arrival in the country, his attendance at different meetings and activities, and his relations with different groups and families.
After the leak, Mundaca declared to Interferencia: “This is a situation we have denounced long ago: there is a coordinated action by governmental intelligence groups that have monitored every step we take … which affects our fundamental human rights: the right to freedom, opinion and disagreement.”
PacoLeaks investigations have become more relevant than ever today because of accusations of human rights violations and other misconduct during protests in recent days. PacoLeaks information is so powerful because it purportedly comes from the police themselves.
The initial PacoLeaks release made public on Oct. 25 was a link with access to a police database and documents shared by hackers through an anonymous Twitter account (no longer available). The first leaked database showed specific information about each official, such as name, ID number, and work zone. The second leak exposed a database with Chilean citizens’ legal processes, and came with a message from the hackers to the police, asking if this was how they planned on protecting the country.
Thereafter, PacoLeaks initiated a massive unveiling of information about the police and their operations, including civic and social leaders and organizations monitored by the police and labeled “interest targets,” clandestine operations, and even police suicide rates previously denied by the government. By Oct. 29, over 10,500 documents had been released.
According to Interferencia, one of the monitored social leaders is University of Chile Student Federation president Emilia Schneider. “It is worrisome that [police forces] are labeling us as ‘interest targets,’ even more now that we have seen leaders killed, like Macarena Valdés or Camilo Catrillanca,” she says, making reference to environmental activist Valdés whose body was found in 2016 in suspicious circumstances, and Mapuche man Catrillanca who was shot by police in 2018—two cases that shook the country and eroded the public’s trust in the police.
After the first database leak, the police said they had overcome the attack, even though their websites were immediately shut down after the sensitive information was exposed. According to CIPER, the police officially declared, “[we detected] the presence of malicious code that performed transactions within [our platforms], from which database and attached files were extracted.” They also said that the web applications were physically isolated soon after that, shielding the affected devices from the malicious efforts. Nevertheless, the cyberattacks continue.
After the first leak on Oct. 29, the general comptroller of the republic (CGR) demanded that the police report on their cybersecurity protocols and the exposed information. The police have 10 days from that date to present their reports to the CGR, according to CGR’s website.