Brazil has a great reputation for being “good at cybercrime” Why does this happen?
Look, it has that reputation. I think it comes a little from this scenario with a lot of technology, little protection and little law.
But there is a curious thing: even in a country with a lot of socioeconomic problems and a lot of inequality in education, there are always good hackers. I think that every country like this, with a minimum of access to technology or formal education, has a critical mass to generate [criminosos desse tipo].
The best mindset I’ve ever seen was from a guy who didn’t make the eighth grade. He couldn’t write without Portuguese mistakes, but he was a genius. It also shows how dramatic and fantastic a business this is.
In this job of monitoring the cybercrime forum, there was a post that we got from a boy from Pará, in one of the fraud groups, thanking another fraudster, a more experienced guy, for the opportunity of “a new profession”. He said: “I am a fraudster, I thank so-and-so, who trained me”. Before, this boy was a rubber tapper. I never forget that.
What is the difference between the socio-economic profile of the cybercriminal and that of the “common” criminal, who is on the street? Is it just the specialization and the way of acting?
I think the main characteristic of cybercrime is that it is an ecosystem. It’s a supply chain. The best way to describe it is like a pyramid. At the top, you have the technical experts. It’s the guy who will assemble the hardware that makes the “chupacabra” in the card machine. What creates the malware, to steal information from your PC, from your cell phone, identify the failure on the bank’s website. That’s 1% of the people in that environment.
In the body of the pyramid, you have the phishing guys, the ones who send fake emails all day. He’s not the same guy who made the malware. He just sends e-mails all day, and when a new leak comes out in Santa Efigênia, he buys it, and gets more people to send it.
At the base, it begins to approach the stereotype of the traditional profile. For the financial movement, you already have the “orange”, or the “mule”, which goes to the ATM to withdraw the money from the Pix that they stole from your account. They don’t even know whose account that money came from.
How do they operate? In scale. Even to earn more. And that’s one of the characteristics of digital crime: you replicate the method. If I create malware to steal your bank account, and then copy it to 50,000 other people, they have the same ability to steal. And they don’t have to be as technically skilled as I am.
This business model is the same one used by ransomware gangs [extorsão por sequestro de dados] out there. Interestingly, Brazil does not tend to have such a gang here, with international targets, but it is very victimized by them. Because?
I don’t know if there’s an accurate answer, but I can speculate that the ecosystem in Brazil has developed in association with the financial sector, with credit card theft, or a Pix scam.
Here, you have some extortion cases over time, but they were more artisanal. There was one in 2016, for example, with a company that was going to do an IPO (IPO). She was hacked and the data was leaked to jeopardize her entry into the exchange.
Traditional ransomware operators have found a loophole that is: “I’m going to go in, steal a lot of data and then I’m going to encrypt everything. And then, if you don’t pay me, you don’t have your data anymore. And I’m still going to leak this, to generate noise.”
This works in every type of business, from a meat maker to a clothing store. The guys took that niche and scaled the business worldwide. They are very professional.