|
|
Tony Smith NYT
Tuesday, October 28, 2003
SAO PAOLO With a told-you-so grin, Flávio Assunção read out four digits - an Internet banking password - that he had just intercepted as a reporter communicated via laptop with a bank's supposedly secure Web site.
It wouldn't matter if you were on the other side of the world in Malaysia, said Assunção, a confident 22-year-old. I could still steal your password.
While impressive, Assunção's hacking talents are hardly unique in Brazil, where organized crime is rife and laws to prevent digital crime are few and largely ineffective. The country is becoming a laboratory for cybercrime, with hackers - able to collaborate with relative impunity - specializing in identity and data theft, credit-card fraud and piracy, as well as online vandalism.
Most of us are hackers, not crackers; good guys just doing it for the challenge, not criminals, Assunção said. He insisted that he had never put his talents to criminal use, although he acknowledged that at age 14 he once took down an Internet service provider for a weekend after arguing with its owner.
Across the globe, hackers like to classify themselves as white hats (the good guys) or black hats (the bad guys), said a Brazilian expert, Alessio Fon Melozo, editorial director of Digerati, which publishes a hacker magazine, H4ck3r: The Magazine of the Digital Underworld.
Here in Brazil, though, there are just various shades of gray, Melozo said.
Assunção has created a security software program for his employer, Defnet, a small Internet consultancy in São Paulo.
The software uses a system that seeks to lure and monitor intruders in real time. It also uses techniques to try to foil man in the middle impostors attempting to disguise their computers as those of banks or other secure sites. So far, though, Assunção has been unable to get an appointment with his target customers: security executives at major banks.
They say they have their own security and prefer to turn a blind eye, he said. But Brazilian hackers are known for our creativity. If things go on like this, there'll be no more bank holdups with guns. All robberies will be done over the Net.
For at least the past two years, Brazil has been the most active base for shady Internet characters, according to mi2g Intelligence Unit, a digital risk consulting firm in London.
Last year, the world's 10 most active groups of Internet vandals and criminals were Brazilian, according to mi2g, and included syndicates with names like Breaking Your Security, Virtual Hell and Rooting Your Admin. So far this year, nearly 96,000 overt Internet attacks - ones that are reported, validated or witnessed - have been traced to Brazil. That was more than six times the number of attacks traced to the runner-up, Turkey, mi2g reported last month.
Already overburdened in their fight against violent crime in cities like São Paulo, Rio de Janeiro and Brasília, police officials are finding it difficult to keep pace with hacker syndicates.
The 20 officers working for the electronic crime division of the São Paulo police catch about 40 suspected cybercrooks a month. But those cases account for a small fraction of the notorious and ever increasing number of cybercrimes in São Paulo, Brazil's economic capital, said Ronaldo Tossunian, the deputy police commissioner.
The police effort is not helped by vague legislation dating from 1988, well before most Brazilians had even heard of the Internet. Under that law, police officers cannot arrest a hacker merely for breaking into a site, or even for distributing a software virus, unless they can prove that the action resulted in a crime.
So even after investigators identified an 18-year-old hacker in Rio de Janeiro, they had to track him for seven months and find evidence that he had actually stolen money from several credit-card companies before they could pounce.
We don't have the specific legislation for these crimes like they do in America and Europe, Tossunian said. Just breaking in isn't enough to make an arrest, which means there's no deterrent.
Analysts say many businesses, including banks, have been slow to grasp, or refuse to acknowledge, how serious the problem is. Banco Itau, one of Brazil's largest private banks and the institution from whose site Assunção had filched the password during his demonstration, declined to make anyone available for comment.
Fabrício Martins, chief security officer at Nexxy Capital Group, a top provider of Web sites for e-commerce, said, Most businesses here don't take precautions until something bad happens that obliges them to take action.
Martins, for example, first reinforced Nexxy's security software after e-mail addresses of online clients were stolen two years ago. Now his is one of 20 software programs for credit-card clearing approved by Visa International in Brazil.
Why are Brazil's hackers so strong and resourceful? Because they have little to fear legally, Assunção said, adding that hackers there share more information than hackers in developed countries.
Although the expense of owning a computer is prohibitive for most people in Brazil, where the average wage is less than $300 a month, getting information about hacking is simple. H4ck3r magazine, available at newsstands, sells about 20,000 copies a month.
The New York Times
Copyright © 2003 The International Herald Tribune
iht
|
|
|
 |
| "Security HeadLines: In Brazil, a fine line between 'good guy' hackers and cybercrooks" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
