This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
As the feds increase the amount of its business conducted online (ostensibly to save on the costs of paper and even help the environment), government information becomes more of a target for hackers. This is evident in Brazil, where the government's push to issue logging permits via the Web backfired, allowing logging companies to secure bogus work permits and illegally clear areas of the Amazon.
"Logging companies intent on plundering [the Amazon rainforest] for timber have been using hackers to break into the Brazilian government's sophisticated tracking system and fiddle the records," Greenpeace U.K. reported last week on its blog.
Brazil's government reports that 107 logging companies working in the Amazon hired hackers to break into its computer system and falsify online records to increase the timber transport allocations for certain areas of the forest, according to Greenpeace. As a result, nearly 60 million cubic feet (1.7 million cubic meters) of illegal logs have been smuggled out of the Amazon, "enough to fill 780 Olympic-sized swimming pools," Greenpeace says in a statement. Now the Brazilian federal prosecutor is suing those companies for about $833 million; 202 people are facing prosecution for these high-tech crimes.
It wouldn't be hard for the logging companies to find hackers willing and able to help them break into the Brazilian government's computers. "There's a burgeoning underground economy where people offer these services," says Zulfikar Ramzan, technical director at computer security company Symantec. While computer systems sold to government usually need to have a certain level of security, Ramzan says, in practice it's hard to protect these systems because there are so many end users and so many different ways to attack computers these days.
Although Ramzan could not speculate on how the hackers were able to access the Brazilian government computers, he says there are a few common ways that hackers sneak onto corporate and government networks. One way is to slip in through a wireless network (these are typically not as well guarded as wired networks). Another is to "socially engineer" an attack by sending an employee an e-mail that, when opened, infects their computer with a virus capable of stealing logins and passwords. Basic techniques, but still very effective, Ramzan says, adding, "you don't see many 'Ocean's Eleven' plans; they're more like 7-11."
The Brazilian environment ministry two years ago did away with paper dockets and introduced an online program that issues transport permits indicating how much land a company can legally log and tracking the amount of timber leaving the Amazon state of Para. Greenpeace points out that the same computer program is used in three different Brazilian states (including Para). Now law enforcement will need to check the computer systems in the two other Brazilian states for signs they may have been compromised, so this could be just a small part of the illegal logging taking place in the country.
Late last month, Brazil's environment minister shut down two saw mills in Para and impounded 105,900 cubic feet (3,000 cubic meters) of tropical wood after loggers torched the environmental agency's garage, stole trucks with confiscated logs, and used a tractor to break down the entrance of the hotel where the government agents were staying, Reuters reported. The minister ordered the owner of one of the sawmills to pay a fine of about $545,000 for having bought tree trunks from a nearby native Indian reservation, where logging is prohibited.
Computer hacking isn't new to Brazil. In 2000, police in Sao Paulo arrested a 22-year-old member of the "Inferno.br" gang of cyber criminals, who have been accused of hacking NASA and NATO sites, as well as those belonging to the local Brazilian government, according to ComputerWorld.
News of Brazil's hacker crackdown comes as the city of San Francisco is scheduled this week to begin the trial of a hacker who in July tried to crash the city government's computer system, KCBS radio reported Monday. Terry Childs, a 43-year-old computer network administrator from Pittsburg, broke into the city's FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored, the San Francisco Chronicle reported in July.
©iStockphoto.com