Mobile Edition
Print
Get the Mag
Weekly UpdatesBrazil quicky embraces new technology, yet the country is becoming a haven for cybercrooks who rob hanks. And the loot is adding up.
A 23-year-old Brazilian hacker from the east-central city of Goiania claims to have set up a 15-member hacking ring that earns US$7 million a year by robbing unsuspecting bank clients. Recent statistics suggest that this band of thieves is only one of many that exist here.
The gang--made up of six hackers, four bank officials who are needed to authorize illicit bank withdrawals, and five federal policemen who act as lookouts for electronic law enforcement on their trail--illicitly wires funds from Brazilian bank accounts to phantom accounts, where money is withdrawn to buy anything from cars to computer equipment. The method leaves no paper trail.
Gangs gain access to bank accounts by sending bogus emails to people who unwittingly download programs that secretly transmit financial information from their computers. The victims think they are downloading harmless files such as invitations to appear on local television programs, but in reality they are installing a program that digitally records every stroke on a client's keyboard, including bank account and password data that the gang uses to steal money.
"Many banks whose clients we electronically rob reimburse them but don't tell the police because they worry that the press could get word about these thefts, which would be very bad publicity," says the head of the gang, who goes by the alias Osvaldo Oliveira. Brazil police have begun to crack down, making arrests.
Nevertheless, tech-savvy Brazil has been the No. 1 originating country of Internet attacks since 2002, according to mi2g Intelligence Unit, a risk-consulting company. In 2003, 145,987 overt Internet attacks originated in Brazil, eight times more than in No. 2 ranked Turkey. Overt attacks are those that are witnessed, reported or validated by a reliable third-party source. Brazilian hackers often target people in industrial countries, such as the United States, as well as wealthy marks in their own country.
"Brazil has become a haven for hackers because Brazil's cybercrime laws are so lax and because of Brazil's large organized crime base, one increasingly turning to cybercrime," says DK Matai, executive chairman at mi2g. Internet thieves will grow in number if the job market fails to absorb computer savvy students, predicts Matai.
Vague legislation and infrequent incarceration worsen the problem, say law enforcement officials. Currently hackers who invade computer networks to steal money or perpetrate credit-card fraud can be charged with crimes punishable by maximum prison sentences of two years.
Legal loopholes. Hacking-related crimes are not classified a serious offenses, those that bring mandatory jail time. And since Brazil's prisons are so overcrowded, many hackers see no jail time at all as more serious offenders quickly fill up available prison space. Cybercrooks who are repeat offenders are the only ones to do any real time, says Jorilson Rodrigues, a Brazilian federal police computer crime specialist.
"There is currently legislation in Congress that makes for-profit and nonprofit Internet attacks serious offenses, punishable by jail terms, but Congress still hasn't passed it," says Rodrigues. Nevertheless, increased cooperation between banks and law enforcement helped police in November arrest a gang of 28 Internet hackers in four states that had stolen more than $10 million since 2002 by breaking into computers, Rodrigues says.
The Brazilian Computer Emergency Response Team (NBSO), a nationwide service organization that responds to computer security incident reports and activity related to networks linked to the Brazilian Internet, backs up mi2g claims that for-profit Internet crimes (as opposed to not-for-profit crimes such as those designed to damage computer systems) are on the rise in Brazil. In 2003, the NBSO received 593 notifications of such Internet fraud in Brazil, nearly six times as many as during 2002.
The number of successful cybercrimes is linked to "the large number of vulnerable computers and their users lacking the knowledge needed to prevent such attacks," says Cristine Hoepers, a senior security analyst with the NBSO.
Private companies in Brazil have begun specializing in cyber-security, such as Modulo Security. In August 2003, Modulo was hired by Ingresso.com, a Rio de Janeiro company that sells electronic tickets to movies and plays on the Internet, to break up a gang that was using credit cards to steal movie tickets online. Credit-card companies had been complaining that clients, many of whom lived in the United States, weren't making a ticket purchases to see movies in Brazil.
New measures require those who buy e-tickets on Ingresso's site to provide not only credit-card numbers but also identification and social-security numbers for cross checking. "Now to fraudulently buy an e-ticket from us, the thief needs more than just a stolen credit card, but a series of identity theft information which hackers almost never have," says lngresso.com owner Jorge Alberto Beis.
For now, banks can deal with traditional and Internet thieves on separate fronts, says Modulo's founder, Alvaro Lima. But in the next five years conventional robbers will begin to work with cybercrooks to facilitate their committing conventional robberies, he says. "When that happens, the size of their hauls will increase and could put a real drain on this economy," says Lima.
MICHAEL KEPP * RIO DE JANEIRO
FEED