* New law will target cyber fraud for the first time ever
* Banking industry says penalties are too soft
* Crackdown may push attacks to other Latin American targets
By Esteban Israel
SAO PAULO, Feb 26 Long seen as the Wild West of
online fraud, Brazil is about to implement its first
cyber-crimes law in an attempt to protect its rapidly expanding
banking and e-commerce industries.
But online security experts warn that jail terms ranging
from two months to three years may be insufficient to fight
electronic fraud, a problem that cost the local financial
industry $700 million in 2012, according to Brazil's banking
Brazil ranks among the world's top producers of spam, Trojan
viruses and phishing, according to security firms, and until now
Brazilian cyber criminals have operated in the open, trading
stolen data in online forums and posting YouTube videos of
themselves with wads of cash.
"The sense of impunity is huge," says Fabio Assolini, a
senior malware analyst with the online security company
Kaspersky Lab in Sao Paulo. "Brazilian cyber criminals feel free
Online theft has not only hit the financial industry but is
also casting a shadow over Brazil's growing online retail
market, a $12 billion industry that recently attracted
heavyweights such as U.S. online retailer Amazon.com Inc
Experts say Brazil is finally moving in the right direction.
However, they warn not to expect an overnight fix for Latin
America's largest online marketplace.
"We see an awakening phase in Brazil," says Limor Kessem, a
cyber crimes specialist in Tel Aviv with online security firm
RSA, a division of EMC Corp.
"Things will really start changing once criminals see other
people are being arrested and going to jail."
NAMED FOR A SOAP STAR
The law that takes effect in April was hastily passed last
year after Carolina Dieckmann, a Brazilian soap opera star, had
dozens of intimate pictures stolen from her computer and leaked
to the Internet.
Security experts say the "Carolina Dieckmann Computer Crimes
Law" should, for instance, help improve Brazil's dubious
position as a global producer of phishing, a type of crime where
hackers redirect users of financial services to fake sites to
steal their passwords and other confidential data.
Reported phishing attacks in Brazil jumped 95 percent last
year, according to official figures. RSA says Brazil is the
world's fourth-biggest host of such attacks after the United
States, Britain and Germany.
What makes Brazil so attractive? Lack of regulation on the
one hand coupled with a fast-growing base of new Internet users.
With just 48 percent of its population online and a swelling
middle class, Brazil is seen as one of the new frontiers for
Internet services and e-commerce.
"As digital inclusion increases so does the number of
potential victims of fraud," says Demi Getschko, director of
Brazil's Internet regulator, NIC.br.
Brazilians also use Internet banking at rates comparable to
more developed markets. Almost 50 percent of the country's bank
accounts are accessible online, similar to U.S. levels and twice
the Latin American average.
Brazil's banking industry says it was able to stem losses
from electronic fraud by 7 percent in 2012, mainly through
stronger authentication protocols.
Febraban welcomed the law but says it wants more.
"I am sure the penalties will have to be revised in the
future because these crimes are much more dangerous than they
are made out to be in the law," said Marcelo Câmara, Febraban's
director of fraud prevention.
SQUEEZING THE BALLOON
Brazil's phishing boom is in part the consequence of recent
success in fighting credit card cloning, which typically
involves a store employee swiping a card through a device that
steals the information stored on its magnetic band. Almost all
new cards issued by Brazilian banks have chips embedded, which
makes them harder to clone.
"When you close their door to the physical world, criminals
move to other channels such as e-commerce," says Jacinto Cofiño,
head of payment system risk for Latin America and the Caribbean
But Visa, the world's largest electronic payments
network, says the losses due to electronic fraud average only
five cents for every $100 in transactions.
A tighter security environment could also force Brazilian
hackers to cover their electronic tracks and start targeting
banks elsewhere in Latin America, said Kaspersky Lab specialist
"Until now they were stealing here," he said. "But once the
law kicks in they will start attacking other countries."
Earlier this month Kaspersky reported a barrage of attacks
involving Brazilian Trojans - a type of virus designed to
monitor and steal users data - against the Web sites of 60 banks
in Argentina, Bolivia, Chile, Colombia, Ecuador, Mexico,
Paraguay, Perú, Uruguay and Venezuela.
Brazilian cyber crime, the security firm said, is becoming a
"The fact that there isn't cross border cooperation or legal
hurdles means that unfortunately cyber criminals will enjoy easy
money and impunity for some time," Kaspersky said in a recent