[theme-my-login default_action="register" show_links="0"]

¿Perdiste tu contrseña? Ingresa tu correo electrónico. Recibirás un correo para crear una nueva contrseña.

[theme-my-login default_action="lostpassword" show_links="0"]





A Handbook to Silence The Russian Plot and Fail

Chronicle of a struggle in cyberspace to censor «uncomfortable» reports from a newspaper.


A series of unsubstantiated complaints and cyberattacks against elPeriódico take the news outlet’s cybersecurity team and a reporter to unsuspected depths: the Government’s Secretariat for Administrative and Security Affairs (SAAS), technology teams based in El Salvador, reporters with false identities and censored information related to the case of the Russian Plot – one of the thorns on Alejandro Giammattei’s government side.

The first time that Josefa Martínez interacted with the elPeriódico team was through an abuse report that she filed against the outlet through Amazon Web Services, LLC (AWS), an Amazon subsidiary that provides cloud computing platforms on demand to individuals, businesses, and governments. No one had heard of Martínez or the outlet she represented, Main Info News, but the supposed reporter accused the newsroom of having plagiarized articles written by her.

On October 11, 2021, Martínez signed a complaint against a note written by elPeriódico in which the following statements by President Alejandro Giammttei were given a context: “In recent days there have been false comments and we view with concern the misrepresentation of information, affirming situations to assume things that are not true. We will present all the information that the Attorney General’s Office considers pertinent to elucidate the truth,” the president wrote on his official Twitter account.

In the article, elPeriódico explained that the president’s response was due to the media explosion of a case that would become known as the «Russian Plot» that included allegations made by a protected source that, supposedly, several people of Russian nationality visited the president’s home in zone 15 of Guatemala City to give him money wrapped in a rug, as payment for alleged bribes for the concession of land in Izabal; an issue that had been negotiated during a trip full of luxuries made by businessmen of Russian nationality to the country and who were attended by public officials, including the former Minister of Economy, Antonio Malouf, and Pronacom authorities, among others.

AWS shared the complaint with elPeriódico. Quickly, the team responded with evidence. The article had been published exclusively by elPeriódico and the accusations were false.

The cybersecurity team detected that the article that Josefa Martínez claimed to be her author had been replicated by the Main Info News site and updated two days after (dated July 30, 2021) the original publication of elPeriódico (published on July 28, 2021). “Following Amazon’s complaint, I reviewed the source code of the note and found that it had indeed been created before ours but had been updated two or three days after we published our content. It seemed that an entry without information was created several months earlier and was left there and later, after the publication of elPeriódico, the text of that entry was changed (having been copied to the note of elPeriódico), so that it could be It looked like the content we had published”, explains Cristóbal*, a member of the Development and Technology team.

The Main Info News site had been created that same year, 2021, and had practically no news other than a couple of sports articles on basketball, baseball and tennis. Most of it was American news and written in English. Until elPeriódico began to delve into and reveal details of the Russian Plot on its website.

Josefa Martínez was not heard from again until a few weeks later. On October 26, a new complaint arrived in the mailbox. Once again, the Main Info News reporter claimed plagiarism from another piece of news written by elPeriódico. It was an article that curiously also narrated relevant details about the Russian Plot. In the note, elPeriódico explained how members of the Russian company Atlantic Bulk Cargo, S.A., had met virtually with the directors of the Santo Tomás de Castilla Port Company (Empornac), to make the formal request for the lease of land owned by the entity.

The article mentioned an investigation by elPeriódico, which revealed that the idea of ​​the Russians was to rent a 150,000-square-meter plot of land in the area known as “arenal”, which would serve to develop a specialized terminal to handle and transship thousands of tons of nickel that are extracted from the different mining projects granted to its subsidiaries in the country. This was a project like the one that Juan Carlos Monzón, former secretary of Roxana Baldetti, had closed at the time, and for which Baldetti, Otto Pérez and he received tens of millions of dollars in bribes in exchange for authorizing it.

This time, Josefa Martínez’s complaint was more threatening. “I am providing this notice in good faith and with reasonable assurance that rights in my possession are being infringed. Under penalty of perjury, I certify that the information contained in the notice is true and accurate. I am the owner of the copyright”, assured the reporter. But it was yet another lie and another sterile complaint, since elPeriódico once again verified that the article that appeared in Main Info News was rather a plagiarism of the one in elPeriódico.

As was discovered with the first complaint, the article on the site was dated October 12, 2021, while the original had been published two days earlier, on October 10, 2021. “After two complaints in a matter of days, we began to ask ourselves questions and began to investigate. What we found surprised us,” reveals Carlos**, another member of elPeriódico’s cybersecurity team.

Thus, it seemed that the modus operandi of Main Info News consisted of copying and pasting the texts of the news from elPeriódico related to the Russian Plot, in news previously created by Josefa Martínez and that was only edited with the information they collected from elPeriódico.

“It was about notes that talked about the Russians (Russian Plot). So we checked the domain that was reporting us and we found that it did not have an html index file or an htaccess file”, explains Cristóbal. Usually, websites use this type of files (index and htaccess) to identify the content of the site and that the different search engines identify them as the best possible answers to the queries made, allowing readers to reach the content they want. For example, search engines like Google use these files to be able to identify the content and divert traffic to the website that has them. “But the site, by not having those files, would not let the search algorithms identify them as possible answers, which means that to access that note, readers would have to know the specific URL to get to it. If not, they would find it.»

Who does this? A site that does not want to be read, with articles that do not want to be found by readers and, above all, a team with a strong interest in keeping certain information hidden from the public.

“The domain that reproted us belongs to the deep web and I am sure that this was done by a team of experts who know the tactics used to make domains that are in the deep web and that is where other types of content are already handled, with other information. It is a dark world, and the truth is that it is not recommended to enter that website”, explains Carlos, seriously.

“Attacks to prevent access to the digital media outlets occur especially when there are investigations related to possible acts of corruption or impact reports for illicit acts in the public administration, as happened in 2015 with the disclosure of the La Línea case,” explains Héctor Coloj, from the Observatory of Journalists of the Association of Journalists of Guatemala (APG). According to the Observatory, the months of electoral campaigns are also one of the periods where more of these acts occur, due to the interest of politicians or officials seeking re-election to censor news that affects their political aspirations.

The 2022 attacks against elPeriódico occur just after the revelation of the Russian Plot and a year prior to the 2023 General Elections, also being a key year for the election of Attorney General of the Public Ministry, Human Rights Attorney and Comptroller General of Accounts, among other key State positions.

More questions began to arise. Who was behind Main Info News? For what reason were they specifically attacking the news from elPeriódico related to the Russian Plot? What was it they were trying to censor? And above all: Who is Josefa Martínez?

The reporter identified herself in the complaints as a reporter from Valencia, Spain. There was no way to contact her, and AWS is not disclosing any more information out of «respect for customer privacy.» But on the internet, invisible traces do not exist.

There are other reporters who coincided with her name, Josefa Martínez, but not with the profile that she communicated: Spanish living in Valencia and reporter for Main Info News. “Even so, an approach was made with the three most likely profiles. One lives in Bogotá and is a radio journalist. Another in Venezuela and does not use the name Josefa, because she prefers her first name and the third is a sports journalist in Mexico, who does not even have the last name Martínez,” explains a reporter from the newsroom. All the interviewees denied knowing Main Info News and their profiles were discarded.

“We did a deeper search and found a phone number registered in the Main Info News domain configuration file. It is a telephone number from El Salvador”, reveals Carlos. It was then a website created in El Salvador, whose content was 95 percent American sports news written in English and for which an alleged Spanish reporter who lived in Valencia worked and who could not be contacted in any way. A digital ghost, a site of dubious intention generated by Salvadorans and a thematic objective: the Russian Plot.

November and December were quiet months. Especially after the complaint filed by elPeriódico against the series of attacks by Josefa Martínez and Main Info News. And it is that, despite proving time and again the falsity of the accusations, elPeriódico decides to undergo a long and arduous process with AWS to clarify – with evidence collected by the cybersecurity team – that the reported notes are their authorship, that the plaintiff is lying and, furthermore, verify that there are spurious interests behind the complaints.

There are quiet months in early 2022. But in March, the cyber chase resumes.

On March 11, 2022, elPeriódico once again receives another complaint. The plaintiff? Josepha Martinez. The place? Main Info News. The note in question? Related to the Russian Plot, again. And on this occasion, despite the complaint filed by elPeriódico and the evidence presented, AWS threatens to close the website.

“These were serious threats from Amazon to close the site and impose sanctions, which is why the decision was made to remove the notes reported by Main Info News from public circulation, as a momentary precautionary measure. And again, we filed a complaint with AWS”, explains Carlos*.

But the team decides to renew their efforts to investigate their attackers. And they discover the possible involvement of a Guatemalan government secretary. “When performing an analysis of the URL details of the plagiarized articles published by Main Info News, we discovered that the immediate references of the URLs were referenced with the monitoring page of the Secretariat for Administrative and Security Affairs (SAAS). Strange, right?”, the cybersecurity team asks.

Carlos explains that, despite the findings, nothing is conclusive. “I did a cross-reference search to try to identify who was best responding to the Main Info News URL and wow! The result was that SAAS was one of the domains that was responding best to that query”, says Cristóbal** but reiterates that he cannot do anything with that information. “I mean, there was no way I could prove anything other than that this was a domain that was having communication with the SAAS site, or that it was responding better to the words I was searching for. But hey, this is pure semantics. But it does attract attention, especially with the actions of the last governments and the SAAS”.

At the end of March, the complaints intensified. It seemed that Josefa Martínez was “very angry”. This time, the attacks are aimed at the series of reports that elPeriódico publishes on the complete history of the alliance between the State of Guatemala and the Russian mining companies based in Izabal and Alta Verapaz. The publication is made with all the permissions of The Store Project, Forbidden Stories and Scarlet Macaw, authors of the investigations.

The reports did sit well with Main Info News. Even less because of the success they had and because they reminded citizen of the case of the Russian Plot. There are things that the population hardly forgets. Despite the complaints registered as of March 25 against the reports of the Гватемала saga (titled Guatemala is written in Russian, The lords of red dust and the lords of white dust and The Caribbean version of a criminal network between Russians, Swiss and chapines in Guatemala), Josefa Martínez and her team are not successful. Armed with new arguments, elPeriódico once again asked AWS to review their case and publicly denounced the harassment.


The next day, AWS responds that it will review the case again. Almost a month later, on April 22, the company closed our case number 18090872904 after receiving no response or defense from Josefa Martínez or Main Info News. “They never answered. So, Amazon closed the case, which gives me the certainty that this was an attempt to silence the press,” says Cristóbal.

Interestingly, that same date, the website disappears for a few weeks. Then, in mid-May, it reactivates.

Since 2012, the entity has documented 40 cases. The first one he registered, on September 22, 2012, was a complaint from elPeriódico about a hacking of his website.


During the government of Otto Pérez Molina and Roxana Baldetti, the elPeriódico website suffered more than 14 distributed denial of service attacks, which increased the media’s cybersecurity costs and kept the media offline for several days. 

In addition to that, during these attacks, a virus is infiltrated in the website’s servers that erases the media’s historical file. To date, not all notes prior to 2013 have been recovered.

According to the data compiled by the Observatory, media such as elPeriódico, Article 35 and Vox Populi accumulate the majority of cyber attacks reported in the last 10 years.

Although it should be noted that, as in most cases, many complaints are not documented because they are never made public.

“Unfortunately, there is little level of knowledge to understand the type of attacks that usually take place against the media and there are not many mechanisms to denounce, evidence or even manage to mitigate attacks when they occur,” explains Kont.

Thus, while a few years ago it was common to learn of complaints about the massive purchases of newspapers or magazines in certain municipalities or departments, to prevent the population from knowing about investigations that affected public authorities, with the increase in Internet access by the population, these acts of censorship moved into the digital spectrum. And the attacks and attackers, as well as the platforms used, are usually very diverse. “When we hear of attacks on the media, we usually imagine that they are attempts to make the website inaccessible, but there are many other attack mechanisms such as blocking social networks for false reports through botnets, identity theft to spread disinformation, injections of malicious content using brute force, among others”, explains Kont.

The APG assures that in the government of Alejandro Giammattei (2020 – 2023), the known cases of cyber-attacks on the pages “decreased, but censorship on social networks increased through the suspension of accounts.”

But this does not mean that there are no attacks. According to experts consulted by elPeriódico, the attacks continue to exist. “Anyone with an internet connection is exposed to a digital attack and even more so if it is a media outlet or a journalist who is uncomfortable for power,” says Carlos.

Thus, the decrease in attacks on the pages could be due in part to the strengthening of the protection used by the media and «not precisely because these practices were eliminated within the State,» explains Coloj and Kont seconded it. “It is not about becoming experts on the subject of digital security, but it is about having good common-sense practices, how to activate double authentication in our credentials, have a backup system, an updated antivirus, not use public networks of Wi-Fi, among others”, clarifies the expert.

Various human rights organizations, activists, and journalists consulted agree that the acts described above are part of «the actions of the State, mainly the Presidency,» to limit the access citizen have to information sources and news from various.

«Good luck,» a source says after the interview. «The attacks will fade, you’ll see.»

What does not fade is the Russian Plot. Nor the information obtained, verified, and published by elPeriódico. “We will live to fight another day,” says Carlos, laughing nervously, although he then wipes his smile: censorship in a country that claims to be democratic and free is unacceptable.


Esto te puede interesar

noticia AFP
A salvo: Mario Vargas Llosa sale del hospital
noticia AFP
Corte de Birmania rechaza apelación de la condena de Aung San Suu Kyi
noticia AFP
¡Histórica remontada del Real Madrid!

Más en esta sección

El cobre cae a mínimo de nueve meses por el temor a una recesión


Francisco: América aún «es víctima de imperialismos explotadores»


Xi defiende su modelo de Hong Kong en el 25 aniversario de su regreso a China