Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] FW: Article: Brazil Becomes a Cybercrime Lab,
------------------------------------------------------------- Article
Brazil Becomes a Cybercrime Lab

October 27, 2003


S?O PAULO, Brazil, Oct. 26 - With a told-you-so grin,
Marcos Fl?vio Assun??o reads out four digits - an Internet
banking password - that he has just intercepted as a
reporter communicates via laptop with a bank's supposedly
secure Web site. 

"It wouldn't matter if you were on the other side of the
world in Malaysia," said Mr. Assun??o, a confident
22-year-old. "I could still steal your password."

While impressive, Mr. Assun??o's hacking talents are hardly
unique in Brazil, where organized crime is rife and laws to
prevent digital crime are few and largely ineffective. The
country is becoming a laboratory for cybercrime, with
hackers - able to collaborate with relative impunity -
specializing in identity and data theft, credit card fraud
and piracy, as well as online vandalism.

"Most of us are hackers, not crackers; good guys just doing
it for the challenge, not criminals," Mr. Assun??o said. He
insisted that he had never put his talents to criminal use,
although he acknowledged that at age 14 he once took down
an Internet service provider for a weekend after arguing
with its owner. 

Across the globe, hackers like to classify themselves as
white hats (the good guys) or black hats (the bad guys),
said one Brazilian expert, Alessio Fon Melozo, the
editorial director of Digerati, which publishes a hacker
magazine, H4ck3r: The Magazine of the Digital Underworld.
"Here in Brazil, though, there are just various shades of
gray," Mr. Melozo said.

Mr. Assun??o has created a security software program for
his employer, Defnet, a small Internet consultant in S?o

The software uses a honey-pot system that can lure and
monitor intruders in real time. It also uses techniques to
foil "man in the middle" imposters who try to disguise
their computers as those of banks or other secure sites. So
far, Mr. Assun??o has been unable to get an appointment
with his target customers: security executives at major

"They say they have their own security and prefer to turn a
blind eye," he said. "But Brazilian hackers are known for
our creativity. If things go on like this, there'll be no
more bank holdups with guns. All robberies will be done
over the Net." 

For the last two years at least, Brazil has been the most
active base for Internet ne'er-do-wells, according to mi2g
Intelligence Unit, a digital risk consulting firm in

Last year, the world's 10 most active groups of Internet
vandals and criminals were Brazilian, according to mi2g,
and included syndicates with names like Breaking Your
Security, Virtual Hell and Rooting Your Admin. So far this
year, nearly 96,000 overt Internet attacks - ones that are
reported, validated or witnessed - have been traced to
Brazil. That was more than six times the number of attacks
traced to the runner-up, Turkey, mi2g reported last month.

Already overburdened in their fight to contain violent
crime in cities like S?o Paulo, Rio de Janeiro and
Bras?lia, police officials are finding it difficult to keep
pace with hacker syndicates.

The 20 officers working for the electronic crime division
of the S?o Paulo police catch about 40 cybercrooks a month.
But those criminals account for but a fraction of the
"notorious and ever increasing" number of cybercrimes in
S?o Paulo, Brazil's economic capital, said Ronaldo
Tossunian, the department's deputy commissioner.

The S?o Paulo department's effort is not helped by vague
legislation dating back to 1988, well before most
Brazilians had even heard of the Internet. Under that law,
police officers cannot arrest a hacker merely for breaking
into a site, or even distributing a software virus, unless
they can prove the action resulted in the commission of a

So even after police investigators identified an
18-year-old hacker in Rio de Janeiro, they had to track him
for seven months and find evidence that he had actually
stolen money from several credit card companies before they
could pounce. 

"We don't have the specific legislation for these crimes
like they do in America and Europe," Mr. Tossunian said.
"Just breaking in isn't enough to make an arrest, which
means there's no deterrent."

In addition, analysts say many businesses, including banks,
have been slow to grasp, or refuse to acknowledge, how
serious the problem is. Banco Ita?, one of Brazil's largest
private banks and the institution from whose site Mr.
Assun??o filched the password during his demonstration,
declined to make someone available to comment.

Fabr?cio Martins, the chief security officer at Nexxy
Capital Group, a top provider of Web sites for e-commerce
companies, said, "Most businesses here don't take
precautions until something bad happens that obliges them
to take action." 

Mr. Martins, for example, first reinforced Nexxy's security
software after e-mail addresses of online clients were
stolen two years ago. Now his is one of 20 software
programs for credit card clearing approved by Visa
International in Brazil.

Why are Brazil's hackers so strong and resourceful? Because
they have little to fear legally, Mr. Assun??o said, adding
that hackers here are sociable and share more information
than hackers in developed countries. "It's a cultural
thing," he said. "I don't see American hackers as willing
to share information among themselves."

Though the expense of owning a computer is prohibitive for
most people in this country, where the average wage is less
than $300 a month, getting information about hacking is
simple. H4ck3r magazine, available at newsstands across the
country, sells about 20,000 copies a month.

Mr. Melozo, the editorial director, rejects any suggestion
that H4ck3r teaches Brazilians to commit cybercrime.

"It is a very fine line, I know," he said. "But what guides
us is the principle of informing, educating our readers in
a responsible way."

------ Ende der weitergeleiteten Nachricht

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.