The Brazilian cyber-criminal underground is not as ‘under' as one might imagine, according to a new report by Trend Micro.
In sunny Rio, cyber-criminals need not inhabit the figurative sewers, alleys and dark corners of the city, but can bathe brazenly in the sun with the rest.
The police force, beleaguered with what might otherwise be considered ‘real crime', just cannot keep up with the nebulous new frontier that is cyber-crime, the report says. Cyber-criminals and hackers are free to advertise their services, and gains, not just on the surface web but also social media.
Trend Micro's report profiles one brash young man calling himself Lord Fenix. Trend's researchers believe he is 20 years old and that he has already built more than 100 banking trojans, all while taking the Brazilian version of A-level exams.
This surprisingly detailed info was not hard to find. In fact, it was plastered all over Lord Fenix's social media accounts.
Young hackers like him are not afraid of the legal repercussions that they might face in other countries. Nor, it seems, do they have much reason to be.
Trend's report notes: “Brazilian law enforcement agencies already have a lot on their plate; budding criminals online are only additions to their list of challenges.”
It's not just this report that has noted the fearless attitude with which Brazil's hackers publicly applaud themselves, Kaspersky Lab released its own evaluation: “There is a widespread sense of impunity, especially because, until recently cyber-crime was not legally defined as criminal activity under Brazilian law.”
This culture may stem from the fact, as in so many countries, cyber-crime wasn't actually established under law until very recently. In Brazil, it was only in 2013, when a Brazilian actress had nude pictures stolen from her computer that a law defining the problem was approved.
Named the Carolina Dieckmann Law for its unlucky muse, efforts to prosecute or deter cyber-crime do not seem to have worked. Kaspersky's report notes, “The law is not very effective in punishing cyber-criminals as the penalties are too lenient and the judicial system is very slow. It is very common for attackers to be arrested three or four times only to be released again without charge.”
In 2014, the year after it was enacted, official sources state that cyber-crime rose nearly 200 percent.
Brazil is one of the world's major sources of cyber-crime. In 2014, it was ranked by Kaspersky as the most dangerous country for financial cyber-attacks. This is the sector where, according to Trend's report, Brazilian cyber-crime thrives.
While perhaps the unique thing about cyber-crime is that it is not constrained by borders – and Brazil has no shortage of international operators – local crime is still popular amongst the ranks.
“The Brazilian underground is still heavily congested with banking malware, which could be largely attributed to the continued popularity of online banking in the country,” Trend's report reads. According to one source, nearly half of Brazil's population banked online as of 2014, leaving hackers with a wide net.
It's not hard to get into cyber-crime in Brazil – the barriers to entry are rather low. Considering the country's lacklustre economy, poor policing and the ready availability of training, Trend believes the racket will only grow.
“It only takes guts and know-how for any newbie to make it big.”