Meet the Environmental Hacktivists Trying to ‘Sabotage’ Mining Companies

A group of environmental hacktivists are targeting mining and oil companies in Central and South America, leaking their internal emails.
An illustration made by the hacktivist group called Guacamaya.
Image: Guacamaya
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

A hacktivist group claims to have hacked several mining and oil companies, as well as government agencies in Central and South America in an attempt to “sabotage” western companies and corporations that exploit the region's natural resources.  

The group, which calls itself Guacamaya, the Mayan name for a macaw parrot, claims to have hacked a Colombian government agency that administers and regulates hydrocarbon materials, the Guatemalan Ministry of Environment and Natural Resources, the Colombian oil company New Granada Energy Corporation, the Brazilian mining company Tejucana, the Venezuelan oil company Oryx Resources, the Ecuadorian state-owned mining company ENAMI EP, Quiborax, the third largest boric acid producer in the world based in Chile.  


None of these companies and government agencies responded to a request for comment. 

The group published thousands of emails from the hacking victims through the group Distributed Denial of Secrets and Enlace Hacktivista, a site that has the goal of documenting hacker history and publishing “educational resources for hackers.” 

“You can bring down big things with the snap of your fingers.”

“It is a matter of exposing the companies and government entities, so that everyone knows their way of operating, their actions, their profits and the interest that is clearly to profit no matter the damage they cause to the territory, to the sources of support for communities and peoples. Their trick is to ally with other private and public corporations to impose laws in their favor,” the hackers told Motherboard in an email. “These hacks are another form of struggle and resistance, they are the continuation of an ancestral legacy; taking care of life. We hope to cause more people to join, to leak, sabotage, and hack these sources of oppression and injustice, so that the truth be known and that it is the people who decide to end it.” 

The hackers also said that they scanned the internet looking for anything interesting and important to hack and leak among targets that were “easily vulnerable.” 


“We spent little time, we downloaded their emails and that was it,” the hackers told Motherboard, while remarking that their previous hack against Pronico, a mining company in Guatemala, took them more than six months.

Screen Shot 2022-08-15 at 11.11.59 AM.png

A screenshot of the video the hacktivists published.

The hacktivist group published a manifesto in Spanish in which they decry how countries such as the United States, and western corporations, have taken advantage of the natural resources of Central America, which the group refers to as Abya Yala, the original indigenous name of the region between northern Colombia and Panama. 

“Five centuries (529 years) of genocide, terricide, pillage, and violations of our territory of Abya Yala, five centuries or fighting and resistance. We have been alive for 500 years, defending life with life itself. We have spirit and love, we dream of going back to clear days and following paths with harmony and balance with our mother: earth,” the hackers wrote in their manifesto. “Enough with so much impunity! We all are Guacamaya. From the north to the south of our land of vital blood. We are in schools, universities, in houses, in the mountains, and in the jungles.”

It’s unclear if the breaches had any other effect than the theft and leak of internal emails. 


The hackers also published a video that shows how they hacked Pronico, which the hackers broke into earlier this year. Publishing a video and a manifesto shows that the hackers are clearly inspired by the notorious hacking vigilante Phineas Fisher, who hacked the spyware vendors FinFisher and Hacking Team years ago, and then published detailed guides on how they did it. 

“ Just leak and sabotage with joyous rebellion!”

The hackers told Motherboard that the famous hacktivist was “a source of inspiration.” In fact, when Motherboard asked for an interview, the hackers initially asked to do it on camera through a puppet of a macaw parrot, a request inspired by an interview with Phineas Fisher for the VICE documentary series CYBERWAR, which was conducted with a puppet representing the hacker.


Phineas Fisher told Motherboard that Guacamaya are continuing the “Hack Back” style, but that “they seem more inspired by indigenous resistance than by any hacks.”

“The video was great, they seem like a serious APT (Artistic Persistent Threat),” Phineas Fisher joked, with a play on the cybersecurity term Advanced Persistent Threat. 

Just like Phineas Fisher did in the manifesto the hacker wrote a few years ago, Guacamaya challenged people to take on the fight themselves, and hack away.

“As you can see in the video, hacking is not magic nor does it require a lot of tools nor advanced technical knowledge. It was all made with free open source tools, which anyone can learn to use. Just leak and sabotage with joyous rebellion!” the hackers proclaimed. 

“Learning to hack is figuring out that ‘power’ is subjective,” the hackers told Motherboard, “that you can bring down big things with the snap of your fingers.” 

Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.