Computer Crime Research Center


Hackers help loggers illegally strip trees from the Amazon

Date: December 17, 2008

As the feds increase the amount of its business conducted online (ostensibly to save on the costs of paper and even help the environment), government information becomes more of a target for hackers. This is evident in Brazil, where the government's push to issue logging permits via the Web backfired, allowing logging companies to secure bogus work permits and illegally clear areas of the Amazon.

"Logging companies intent on plundering [the Amazon rainforest] for timber have been using hackers to break into the Brazilian government's sophisticated tracking system and fiddle the records," Greenpeace U.K. reported last week on its blog.

Brazil's government reports that 107 logging companies working in the Amazon hired hackers to break into its computer system and falsify online records to increase the timber transport allocations for certain areas of the forest, according to Greenpeace. As a result, nearly 60 million cubic feet (1.7 million cubic meters) of illegal logs have been smuggled out of the Amazon, "enough to fill 780 Olympic-sized swimming pools," Greenpeace says in a statement. Now the Brazilian federal prosecutor is suing those companies for about $833 million; 202 people are facing prosecution for these high-tech crimes.

It wouldn't be hard for the logging companies to find hackers willing and able to help them break into the Brazilian government's computers. "There's a burgeoning underground economy where people offer these services," says Zulfikar Ramzan, technical director at computer security company Symantec. While computer systems sold to government usually need to have a certain level of security, Ramzan says, in practice it's hard to protect these systems because there are so many end users and so many different ways to attack computers these days.

Although Ramzan could not speculate on how the hackers were able to access the Brazilian government computers, he says there are a few common ways that hackers sneak onto corporate and government networks. One way is to slip in through a wireless network (these are typically not as well guarded as wired networks). Another is to "socially engineer" an attack by sending an employee an e-mail that, when opened, infects their computer with a virus capable of stealing logins and passwords. Basic techniques, but still very effective, Ramzan says, adding, "you don't see many 'Ocean's Eleven' plans; they're more like 7-11."

The Brazilian environment ministry two years ago did away with paper dockets and introduced an online program that issues transport permits indicating how much land a company can legally log and tracking the amount of timber leaving the Amazon state of Para. Greenpeace points out that the same computer program is used in three different Brazilian states (including Para). Now law enforcement will need to check the computer systems in the two other Brazilian states for signs they may have been compromised, so this could be just a small part of the illegal logging taking place in the country.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo