According to Mexican authorities, at least four organized crime groups are involved in fuel theft in Pemex’s main oil pipelines: the Northeast Cartel, the Gulf Cartel, the Santa Rosa de Lima Cartel, and Sombra (Shadow), a branch of the Gulf Cartel.
During a news conference, Pemex official Manuel García Morcillo announced the Northeast Cartel operates in Tamaulipas; the Santa Rosa de Lima Cartel operates in Guanajuato; the Gulf Cartel in northeast Mexico, while Sombra operates in northern Veracruz.
Regarding the Jalisco Nueva Generación Cartel, García Morcillo said that their main crime is not fuel theft, not even in “Guanajuato, where they have a dispute with the Santa de Rosa de Lima Cartel.”
In the case of Hidalgo and Puebla, the two states with the highest number of illegal fuel taps, the inhabitants are the ones who steal the fuel.
Recommended:
García Morcillo revealed that authorities have found 5,171 illegal taps in 2020. This represents a loss of 4,500 barrels per day for Pemex.
The Pemex official added that the critical locations are Hidalgo, Puebla, State of Mexico, Guanajuato, and Veracruz.
Inside job
Pemex hasn’t ruled out the possibility of inside jobs regarding fuel theft and cyber attacks.
In a report filed by the state-owned company before the U.S. Securities and Exchange Commission, it acknowledges that in recent years, “Mexico has experimented a period of increasing criminal activity, mainly by the operation of drug cartels and other crimes.”
One of these crimes in the illegal fuel market, which could have a “negative impact on (Pemex’s) finances and operations.”
The document adds that Pemex’s “operations are endangered by criminal acts to divert crude oil, gas, or refined products from our pipeline networks. Including the theft and manipulation of our products.”
In 2017, Pemex reported 10,363 illegal fuel taps, and a year later, it reported 14,910 taps.
In 2019, the oil company found 10,316 illegal taps. It also raised the possibility of Pemex workers participating in the illegal fuel market.
Recommended:
Increase in illegal fuel taps
Between January and May 2020, authorities found 4,276 illegal taps; this means criminals perforate around 855 oil pipelines per month.
Pemex’s legal department recognized that it arrested 228 for fuel theft between 2016 and 2019; 44 suspects were current or former Pemex employees.
Despite the arrests made, authorities only sentenced 35 detainees to prison.
Furthermore, Pemex’s legal team filed 25,769 lawsuits for fuel theft in the last four years; however, 20,407 cases are now closed; authorities launched 5,216 investigations, and 146 are still open.
Cyberattacks
In recent months, hackers have attacked Pemex. Cybersecurity is key for the company’s operations, but cyber attacks and threats are becoming increasingly sophisticated, more coordinated, and expensive.
The state-owned company explains that although it has established an IT security policy to prevent, detect, and correct weaknesses, hackers could compromise the company’s system once again, as a result of “cyber attacks or the negligent or misbehavior of our employees.”
A year before Pemex suffered a cyber attack in November 2019, the Superior Audit Office had detected and warned the oil company about the vulnerability of this area.
In November 2019, hackers demanded about $5 million in bitcoin from Pemex.
The hack forced the company to shut down computers across Mexico, freezing systems such as payments, according to five employees and internal emails.
Hackers have increasingly targeted companies with malicious programs that can cripple systems overseeing everything from supply chains to manufacturing, removing them only after receiving substantial payments.
A ransom note that appeared on Pemex computers pointed to a darknet website affiliated with“DoppelPaymer,” a type of ransomware.
The website demanded 565 bitcoins, nearly USD 5 million, and threatened Pemex with a 48-hour deadline, listing an email address to contact.
There was some confusion about which form of ransomware was used in the attack. One Pemex official said in an internal email the company was targeted by “Ryuk,” a strain of ransomware that experts say typically targets companies with annual revenue between USD 500 million and USD 1 billion, far below Pemex’s levels.
DoppelPaymer is a relatively new breed of ransomware that cybersecurity firm CrowdStrike said was behind recent attacks on Chile’s Agriculture Ministry and the town of Edcouch in Texas.
gm