Computer education in public schools, lightly enforced computer crime laws, and a deep divide between the haves and the have-nots have resulted in a vibrant cyber-criminal underground in Brazil, causing significant troubles for Latin American law enforcement agencies, according to research published on Jan. 5 by security firm Trend Micro.
The report, part of a series profiling criminal undergrounds in different countries, placed Brazilian cyber-criminals just behind those in Russia and China in terms of technical expertise. And, because of their focus on financial crimes, Brazilian cyber-criminals are second only to those from Russia in their ability to attack banks and other financial institutions, Tom Kellermann, chief cyber-security officer at Trend Micro, told eWEEK.
The cultures are different, however. Where both Russian and Chinese cyber-criminals have a complex relationship with their governments, Brazilian cyber-criminals are more likely to thumb their noses at officials, he said.
“The Brazilians are much more brazen and they act like Robin Hood, stealing from the rich and giving to themselves, with minimal operation security,” Kellermann said.
The report on the Brazilian cyber-criminal underground is the sixth study that Trend Micro has released on the developing technical capabilities of criminals in different countries.
While many of the basic skills developed in each country are the same, there are regional differences. Japan’s hackers are focused on forging documents and access to and exchanging information, while Germany’s underground is strong in encryption and operation security. The U.S. underground focuses more on providing illicit goods, and while Russia and China are known for their espionage attacks against U.S. systems, their cyber-criminals are more focused on financial crimes and the creation of criminals tools, such as credit-card skimmers, respectively.
“The Russians have essentially created an alliance with the government,” Kellermann said. “You need to act patriotic with your activities. If you do have a footprint on a system that is worthwhile, the understanding is that you will share that with the regime.”
In many ways, Brazilian operators mimic the techniques and methods of Russian hackers, because they have a lot of shared history, Kellermann said.
“Brazilian operators used to be the consumers of the developers from Russian underground cyber syndicates until three or four years ago, when they started using more homegrown tools,” he said.
Brazilian developers—those who make the malware—and operators—the people who use the tools—still emulate the tactics of the Russian underground. Russia has the most sophisticated attacks on financial systems, with Brazil taking second, Kellermann said. In the third quarter of 2015, about 5 percent of banking trojans were detected in Brazil.
The improvement in their techniques has led to an uptick in cyber-crime in the Latin American region, Kellermann said.
“We were told by the major Latin law enforcement agencies and CERTs [computer emergency response teams] that the most trouble was coming from the Brazilian underground, but [in addition] the Brazilian developer community was enabling the criminal syndicates in their own countries,” he said.
A popular service in the underground are training videos and courses to teach would-be hackers the techniques and technologies necessary to conduct crimes. Brazil’s cyber-criminals are also focused on using ransomware and creating Android malware, according to the report.