The Valley News has been selected to add two journalists — a photojournalist and a climate and environment reporter — to our newsroom through Report for America, a national service program that boosts local news by harnessing community support.

Please consider donating to this effort.

Brazil Leads Cyber Hacks

McClatchy Washington Bureau
Published: 8/6/2016 11:13:10 PM
Modified: 8/6/2016 11:13:11 PM
Rio De Janeiro — Forget about Olympic medals. The gold and silver sought this year in Rio de Janeiro are the colors of credit and debit cards.

Brazil is arguably Latin America’s most digitally savvy nation, with more than half its 204 million population regularly using the internet.

As many arriving tourists have quickly discovered, Brazil also is a leader in the use of digital technologies for the hacking of credit and debit cards.

“When you have ... something like the Olympic Games you have such a target-rich environment of rich targets,” said Alan Brill, senior managing director of the cybersecurity practice for Kroll Inc. in New York. They are “people in many cases with far higher limits on accounts than otherwise ... with more accounts, and more likely to use ATMs.”

The U.S. cybersecurity research firm Fortinet, in a global report issued last Tuesday, warned that criminals have been ramping up for the Olympics, which run through Aug. 21. That means they’ve been setting up malicious websites that unwary users will click on and unknowingly deliver their passwords and PIN numbers to criminals who will then use them to hack into the users’ credit and bank accounts.

“The volume of malicious and phishing artifacts (i.e. domain names and URLs) in Brazil is on the rise,” the company said, noting that the rate of increase in Brazil was several times higher than the rest of the world. “The highest percentage growth was in the malicious URL category, at 83 percent, compared to 16 percent for the rest of the world.”

URL fraud involves webpages that look like legitimate online-payment sites but that steal the money consumers think they are directing to purchases or payments. In an appendix, Fortinet warned that combating cybercrime is low on the list of Olympic security issues for Brazilian authorities.

Two McClatchy journalists covering the Olympics in Rio had their cards hacked and cloned soon after arrival, and a third was informed after making a remote purchase in Brazil even before arriving there that his card had been flagged as compromised.

Leila Lak, a British documentary filmmaker who works in Rio and depends on her debit card to withdraw cash for daily expenses, has been hacked repeatedly.

“Mine has been cloned several times, and my bank (in London) told me it’s very common in Brazil. They expect it,” Lak said in a telephone interview from England, adding that she had been hacked just three weeks ago.

Hacking has become such a problem in Brazil that the State Department’s Bureau of Diplomatic Security warns about it on its website.

“The use of credit card cloning devices and radio frequency interception at restaurants, bars and public areas is epidemic in Rio,” the department’s Overseas Security Advisory Council warned in a February report published on its website.

Trend Micro, a Dallas-based IT security firm, has studied the underworld market of cybertheft in Brazil and concluded that much of it happens when hackers succeed in compromising the portable point-of-sale machines popular in restaurants and stores here.

The card-reading machines are brought to a diner’s table when the bill is paid, and after reading the chip, the cardholder must enter a four-digit personal identification number. This chip-and-PIN technology, long used in Europe, has been held out as foolproof but quickly has proved otherwise.

“The actual merchant may be wholly unaware of what’s going on,” said Christopher Budd, a global threat communications manager for Trend Micro.

The card-reading machines may be infected with malware or the malware may be operating further up the information chain, causing a theft of information, Budd said, noting that even internet servers have been compromised.

A common scheme in Brazil involves so-called Chupa Cabras, the name for plastic skimmers here placed inside the card slots of ATMs. These go unrecognized by consumers and pass all their card and log-in information to criminals.

Another scheme involves a card fitted with a doctored chip that attaches malware to the card reader. When unsuspecting cardholders later use the card reader, it transmits their card information and personal data — like expiration dates and security codes — to thieves, who quickly clone the cards.

“The bad guys are able to cause malware to be downloaded onto the point-of-sale device so that every time the card is run an unencrypted version of the data is transferred to the bad guys,” Brill said. “The good news, if there is any good news, is that banks have been using more and more sophisticated systems to ... identify suspicious transactions.”

Valley News

24 Interchange Drive
West Lebanon, NH 03784


© 2021 Valley News
Terms & Conditions - Privacy Policy