TIME Security

UPS: We’ve Been Hacked

The United Parcel Service logo on the side of a delivery truck on April 23, 2009 in New York City.
The United Parcel Service logo on the side of a delivery truck on April 23, 2009 in New York City. Chris Hondros—Getty Images

Malware that impacted 51 franchises in 24 states may have compromised customers' credit and debit card information

The United Parcel Service announced Wednesday that customers’ credit and debit card information at 51 franchises in 24 states may have been compromised. There are 4,470 franchised center locations throughout the U.S., according to UPS.

The malware began to infiltrate the system as early as January 20, but the majority of the attacks began after March 26. UPS says the threat was eliminated as of August 11 and that customers can shop safely at all locations.

“The customer information that may have been exposed includes names, postal addresses, email addresses and payment card information,” wrote the company in a public statement. “Not all of this information may have been exposed for each customer. Based on the current assessment, The UPS Store has no evidence of fraud arising from this incident. The UPS Store is providing an information website, identity protection and credit monitoring services to customers whose information may have been compromised.”

A list of impacted franchises can be found here.

TIME Security

Report: Devastating Heartbleed Flaw Was Used in Hospital Hack

It marks the first case of Heartbleed actually being used to hack companies

The infamous Heartbleed Internet security flaw that exposed half a million secure servers to password theft was used by Chinese hackers to steal data from American hospitals, according to a report.

Citing anonymous sources, the data security company TrustedSec told TIME Wednesday that the Heartbleed vulnerability allowed hackers to steal secret keys used to encrypt user names, passwords and other information from Community Health Systems, the second-biggest for-profit U.S. hospital chain. They then used the keys to swipe 4.5 million patients’ data. The attack marks the first known breach of a company by hackers using Heartbleed.

Community Health Systems, which operates 206 hospitals in 29 states, said in an SEC filing Monday that the attackers bypassed its security systems and stole data that included birth dates, names, social security numbers and addresses for 4.5 million patients.

“The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information,” TrustedSec said in a blog post. TrustedSec cited three “trusted” and anonymous sources close to the Community Health investigation.

Though the recent attack on Community Health Systems is the first that’s known to have used the Heartbleed vulnerability, it is likely just one of many instances that did, security experts said. Hackers had a wide window for mischief in the period between Heartbleed’s disclosure in early April and companies’ installation of patches to defense against the exploit, which in some cases took days or weeks.

“You had a lag time of a week to several weeks before patches were implemented, so if attackers were scanning companies, there must have been countless situations where hackers used Heartbleed to gain access,” TrustedSec CEO David Kennedy said. “This is just the beginning of many that have either not been discovered, or cases in which companies are working on responding and disclosing now.”

Kennedy said the hospital incursion happened about a week after Heartbleed was first made public.

Most of the well-known attacks attributed to Chinese hackers have targeted valuable intellectual property, particularly telecommunications or defense companies, or large industrial companies. But the recent attack against Community Health instead targeted social security numbers and customer data, signifying a different approach by Chinese cyber criminals, if the attacks indeed came from China.

“The attack against Community Health Systems might not have been for espionage or industrial espionage,” said Nir Polak, the co-founder of security company Exabeam. “The attackers might have just wanted to monetize on cybercrime,” Polak said, which is often the goal of non-governmental cybercrime groups.

TIME National Security

Study: Passport Officers Struggle to Spot Fake Photo IDs

Officers failed to recognize faces were different from ID photos 15% of the time in a test situation

Officials charged with issuing passports mistakenly accepted photo identification displaying a different person 14% of the time, according to the results of a study published Monday.

The study asked officials to accept or reject someone based on whether a displayed photo matched the person before them. They mistakenly accepted someone with a different photo displayed almost 15% of the time and mistakenly rejected someone whose real photo was displayed 6% of the time.

“At Heathrow Airport alone, millions of people attempt to enter the UK every year. At this scale, an error rate of 15% would correspond to the admittance of several thousand travellers bearing fake passports,” said Rob Jenkins, a psychology researcher at the University of York and study co-author.

Officers fared even worse on a separate test that asked them to match a current photo with identification photos taken two years prior. They matched the photos incorrectly 20% of the time, a figure equivalent to the performance of an untrained control group.

The study, which tested 27 Australian passport officers, found that training had little influence on officers’ ability to identify faces on passports correctly. The best way to address faulty identification is to hire people who are innately better at identifying faces, researchers concluded.

“This study has importantly highlighted that the ability to be good at matching a face to an image is not necessarily something that can be trained,” said University of Aberdeen professor Mike Burton, a study co-author. “It seems that it is a fundamental brain process and that some people are simple more adept at it than others.”

TIME Security

Apple to Store User Data in China

China said to exclude Apple from procurement list
Young Chinese customers try out iPad 4 tablet computers at a branch of China Mobile in Chongqing, China, 31 December 2012. Chen jianhua— Imaginechina

For Chinese users

Apple confirmed Friday that is has begun storing user data in servers located in China, a first for the company and a shift from the recent trend of tech firms moving servers out of China due to censorship and other concerns.

The data belongs to Chinese users and is being stored in encrypted form on servers provided by China Telecom Corp, which will not have access to password keys needed to decrypt the information, the Wall Street Journal reports. User data will include pictures, email and other information stored in Apple’s iCloud service—the company says servers located closer to users will make service faster.

The move stands in contrast to Google’s decision in 2010 to move all its services out of mainland China and into Hong Kong after the company declined to comply with a Chinese government censorship order.

“Apple takes user security and privacy very seriously,” the company said in a statement to the Journal. “We have added China Telecom to our list of data center providers to increase bandwidth and improve performance for our customers in mainland China.”

The move has raised concerns about Apple’s ability, or commitment, to keep user data secure. The country has a history of playing rough with tech firms, including firms based in the United States. In 2005, Yahoo drew fire for complying with a Chinese data request that landed a Chinese journalist in prison. In July, Chinese authorities raided the offices of Microsoft in four cities across China in an anti-monopoly investigation.

[WSJ]

TIME Security

Snowden Claims NSA Knocked All of Syria’s Internet Offline

Wired Snowden
Edward Snowden on the cover of Wired magazine. Platon/WIRED

Former NSA contractor also says the U.S. was working on an automated cyberattack response system in WIRED interview

National Security Agency leaker Edward Snowden has claimed a team of NSA hackers was responsible for effectively knocking the entire country of Syria offline two years ago during a period of intense fighting in its still-ongoing civil war.

Snowden’s claim is significant because many observers believed one of several other parties to be responsible for the outage, including Syrian President Bashar Assad’s government, hackers aligned with but perhaps not a part of Assad’s government, or Israel.

Snowden’s story, as revealed in an interview with Snowden published Wednesday in WIRED, goes like this: The NSA team essentially tried to get access to a primary component of Syria’s main Internet Service Provider. Syria only has one big ISP, making it a particularly inviting target for electronic snooping; setting up that backdoor would have given the U.S. unparalleled access to nearly all digital communications within Syria, a major intelligence advantage.

But the plan backfired as the NSA team accidentally fried the very equipment it was trying to tap. The hardware was so vital to Syria’s Internet infrastructure that its loss essentially plunged the country into digital darkness — ironic, because other parts of the U.S. government were trying to keep Syria connected. Writer James Bamford describes Snowden’s claim:

“One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the U.S. government was responsible.”

WIRED‘s Snowden story has another cybersecurity scoop: The former NSA contractor claims for the first time that the U.S. government was (or still is) working on a cybersecurity response program that automatically detects and blocks incoming cyberattacks. However, the program — dubbed “MonsterMind” — isn’t just defensive: Once it blocks an attack, it then automatically carries out a counter-attack against what it thinks was the source, Snowden says.

That could be an issue, says Snowden, as good hackers can — and typically do — make their online attacks look like they’re coming from somewhere else. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital,” he explains.

The NSA did not comment to WIRED on Snowden’s claims about Syria’s Internet outage or MonsterMind, but it’s possible that MonsterMind or programs like it would be designed to circumvent such spoofing by detecting a rerouted address and either standing down or switching targets.

[WIRED]

TIME Security

The Government Is Trying To Explain Bitcoin to Normal People

US Government Issues Bitcoin Warning
A customer purchases bitcoins from the BMEX bitcoin exchange's Robocoin-branded ATM in Tokyo, Japan, on Wednesday, June 18, 2014. Bloomberg via Getty Images

Stepping into the Bitcoin market is like "stepping into the Wild West"

An independent government agency issued an exhaustive warning Monday about the risks of virtual currencies like bitcoin in an attempt to explain cryptocurrencies to the uninitiated.

The 6-page walkthrough from the U.S. Consumer Financial Protection Bureau outlined several of bitcoin’s potential dangers, including vulnerability to hackers, limited security, excessive costs and scams. It also announced a system that accepts virtual currency complaints. Though virtual currencies have become increasingly integrated into society, with states, companies, political organizations and even schools approving their use, the Internal Revenue Service has not granted it legal tender status in any U.S. jurisdiction.

“Virtual currencies are not backed by any government or central bank, and at this point consumers are stepping into the Wild West when they engage in the market,” CFPB Director Richard Cordray said in the statement.

Bitcoin risks, the CFPB said, include hackers who steal users’ private keys—the password to your digital wallet—using viruses and other malware. Unlike banks or credit unions, in which deposits are protected by federal agencies in case of failure, bitcoin isn’t insured by any government agency. If you lose your bitcoin stash, then “you are own your own,” the CFPB warns, and “there is no other party to help you.” Some digital wallet companies promise reimbursements for fraudulent transactions, but if there’s a widespread fraud event, it would probably be hard for most of these firms to come through on that promise. So what’s a bitcoin user to do?

“Read your agreement with your wallet provider carefully,” the report states. “Really, read your agreement with your wallet provider carefully.”

The report also tries to clarify bitcoin ATMs, which the CFPB points out don’t actually spew out bitcoin. Rather, the ATMs allow you to insert cash to be transferred into bitcoin to be moved into your digital wallet. The ATMs’ transaction fees may run as high as 7% and exchange fees $50 more than what you’d get elsewhere — and perhaps even more given bitcoin’s high volatility, the warning said.

The CFPB additionally warned customers of scams enticing users to invest bitcoin on the promise of high interest rates and no risk. In actuality, their bitcoin may be funneled into something else entirely, like someone’s food, shopping and gambling habits. The U.S. Securities and Exchange Commission previously warned of these so-called Ponzi schemes involving virtual currencies, and noted that such “fraudsters are not beyond the reach of the SEC just because they use bitcoin or another virtual currency.” And while the SEC’s authority provides some comfort, there’s generally few safeguards for average folks who step into the so-called Wild West without their guns and bugles.

Moral of the story? Using bitcoin may have its benefits, but don’t let it be your fool’s gold. Because “if it’s too good to be true,” the report said, “it just may be.”

 

TIME Security

Here’s How the Feds Are Teaming Up With Hackers to Save Us All from Robocalls

Hacking Conference
Hackers participating at the 2011 Defcon conference in Las Vegas, Aug. 5, 2011. Isaac Brekken—AP

The FTC wants hackers to build "honeypots" to defeat a robocaller named Rachel

The Federal Trade Commission is at one of the world’s biggest hacker conferences this weekend, where hackers are competing to help save us all from robocalls.

No one has ever seen her, but she may have the most infamous voice in America. “Rachel” is the most prolific robocall bot in the United States, and the FTC has turned to some of the best hackers in the world to try to stop her. At Defcon—one of (if not the) biggest hacker conferences on earth—the agency is hosting a three-phase competition to build a “honeypot” to lure and catch robocallers in the act. The “Zapping Rachel” competition is handing out $17,000 in cash prizes to winners of three competitions: one to build a honeypot, one to attack a honeypot to find its vulnerabilities, and one to analyze data a honeypot collects on robocalls.

A honeypot is essentially an information system that can collect information about robocalls,” said Patti Hsue, a staff attorney representing the FTC at Defcon. “How it’s designed, how it operates is completely up to the designer.”

As with many happenings at a conference of hackers, the technical details can get complex fast. But the basic idea is familiar to any fan of spy fiction—in espionage a honeypot is a trap in which a mark, like a secret agent, is lured into a trap by sexual seduction (think of about half the vixens who show up in James Bond flicks). In this case, hackers are building and testing the honeypot. Rachel and her ilk are the mark.

“It’s ‘Rachel from Cardholder Services.’” Hsue said. “She is one of the most, I think, hated voices in the U.S. We get so many complaints against Rachel and her clones or her minions or whatever you want to call them. There are a lot of companies that try to perpetrate the same scam using the same, you know, pickup line.”

The Robocall problem has become markedly worse in the last decade, as the Internet has matured and become increasingly intertwined with a digitized phone system. Under FTC regulations, all robocalls to cell phones are illegal, as are unsolicited robocalls to any phone number on the federal Do Not Call registry. The FTC does have its own honeypot already, but the agency won’t comment on it beyond the fact of its existence.

Just how many illegal robocalls are made in the U.S. is difficult to pin down. The best data the FTC has on robocalls comes from complaints the agency receives regarding violations of the Do Not Call registry. In 2009, the FTC received 1.8 million complaints for violations of the registry; in 2011, 2.3 million complaints. In 2013, with about 223.4 million phone numbers on the registry, the FTC received 3.75 million complaints. And that only represents people who take the time to file a formal complaint. Many others surely just let out a disgusted huff and hang up the phone.

From among all those millions of illegal robocalls made to Americans, the FTC has brought a little over 100 enforcement actions against violators. It’s not that regulators aren’t trying, but making a robocall these days is extremely easy from a technical perspective, while busting a robocaller—not to mention bringing legal action against one—is quite difficult.

Which is why the FTC has turned to a community of hackers at a conference notorious—somewhat unfairly—for activity that stretches the bounds of legality. The top competitors will be announced Sunday, though final winners won’t be announced until a later date.

E1nstein—a.k.a. Hugo Dominguez, Jr. to people outside of the hacker scene, a naval reservist who works in IT—is competing in phase 2 of the competition, testing a honeypot for flaws by trying to circumvent the technology, place an undetected call to a honeypot, or provide false information about the origin of the call.

“That’s something I’m good at,” he said. “I’m able to find flaws in things whether it’s physical security or technology. Anything.”

TIME Security

Yahoo Is Making It Harder for the NSA to Read Your Emails

Encryption will help your messages stay private

Yahoo announced Thursday it will encrypt its email service by early next year, joining Google and Microsoft in an effort to create an email system that prevents government officials and hackers from reading users’ messages. It’s a major step for Yahoo in the wake of the Edward Snowden leaks, and it reflects the commitment of the major technology companies to securing users’ data.

With Yahoo’s announcement, first reported by the Wall Street Journal, email encryption will protect nearly one billion email users. There are 110 million Yahoo email users and over 425 million unique users of Google’s Gmail service. Microsoft says there are over 400 million active Outlook.com and Hotmail accounts. Widespread email encryption of the kind Yahoo is announcing is a huge blow to government surveillance techniques, like those employed by the National Security Agency.

“For Internet users, this is a huge deal,” said Jeremy Gillula, staff technologist at the Electronic Frontier Foundation. “Before, the NSA was able to easily gather up tons and tons of email.” But, with Yahoo’s planned encryption service, “the NSA can’t read and analyze everyone’s emails without discernment,” Gillula said.

Yahoo will base its encryption on what’s known as PGP (Pretty Good Privacy) encryption, which relies on every user having both a public and private encryption key. The public encryption key, to which any other email user will have access, encrypts plain email text into a complicated code. Then a user’s private code decrypts the code back into plain text when it arrives in their inbox. Each of the keys act almost like x and y variables in an equation: even though you know the public key x, you won’t be able to break the equation, because you still need the private key y. Essentially, the only people who can read your emails become you and the person to whom you’re sending them.

The tech titans’ steps towards encryption means that email users can be confident the only people reading their emails are the intended recipients. But for major tech companies, it also means regaining customers’ trust — particularly abroad, where intense scrutiny over American companies’ vulnerability to National Security Agency snooping could lead firms like Oracle, IBM and Hewlett-Packard to lose billions of dollars in contracts.

There are holes in the big technology companies’ encryption plans, however. Encryption doesn’t protect subject lines, or the data about who sends and receives messages, the Wall Street Journal reports. That leaves your email about as vulnerable as your phone records under the NSA’s mass collection of calling metadata—most of the content of your messages is safe, but who you called is not.

On top of that, the NSA is working on ways to circumvent different kinds of encryption used to protect emails and financial transactions, according to documents that Snowden leaked last year. U.S. and British intelligence agencies have already cracked some of the online encryption methods hundreds of millions of people use to protect their data, the Guardian and others reported last year. And the NSA is quietly working on a super powerful quantum computer intended to break encryption codes.

However, says the Electronic Frontier Foundation’s Gillula, Yahoo is likely to be clever about what kind of encryption it uses, and PGP encryption is still thought to prevent mass sweeps of large volumes of email — even if the NSA can already crack PGP encryption, as some commentators believe, using it will almost certainly slow the agency down, while protecting emails from lesser-equipped would-be snoopers.

“Now the NSA has to think about what they want to collect, as opposed to searching through everyone’s email and doing it in a mass way,” said Gillula.

Yahoo still has to figure out the details of its planned encryption program. Will it store the private keys on its own servers, making them vulnerable to internal theft and sweeping government warrants? Or will it allow each email user to store the private keys locally, adding a level of inconvenience for users? Whatever Yahoo decides to do, its announcement is a major step forward for Internet privacy, and likely unwelcome news for the intelligence community.

TIME Security

Off the Battlefield, Hackers Are Waging Cyberwar Against Israel and Palestine

Hacktivist attacks against Israel quintupled as violence swept across Gaza, but are the hackers doing any damage?

Fighting in the Gaza Strip hit a lull this week as a 72-hour cease-fire ends its third and final day Thursday — but a digital war has still been raging as hackers pay little mind to the temporary truce. Cyberattacks directed against Israel have increased dramatically since it invaded Gaza in early July, intensifying last month as the violence peaked, according to a report released this week by the security research firm Arbor Networks.

Websites of Israeli civilian governmental agencies, financial services and military agencies—including the legendary intelligence agency Mossad and the Prime Minister’s office—were targeted as part of the sharp uptick in attacks that began in July, when the total number of strikes increased by 500%.

Whether those online attacks had much of an impact, however, is a subject of debate. U.S. House Intelligence Committee Chairman Mike Rogers Mike Rogers (R-Mich.) warned in an interview on CBS News’ Face the Nation late last month that cyberattacks against Israeli websites could present a risk to the country’s security. “So far I think Israel has done a great job of defending from these cyberattacks, but the sheer volume and intensity as it grows could spread from what is a conflict between Israel and Gaza to some cybereffort to try to shut these operations down, and that’s always a concern,” Rogers said.

But some experts said the attacks were doing little substantial harm against the Israeli government. The attacks are primarily targeting external, user-facing websites, perhaps increasing the time it takes to load a webpage or temporarily shutting the page down altogether by jamming up the works with bogus traffic. But the attacks have not yet affected the Israeli agencies’ internal operations, researchers said.

“To be able to do something effective against the [Israeli] government you have to be a very sophisticated hacker,” said Giora Engel, vice president of LightCyber, a security firm that provides security for Israeli government agencies. “A group of activists can’t do any damage.”

Most of the the recent and mostly harmless attacks against prominent Israeli websites are known as Distributed Denial of Service (DDoS) attacks. Carrying out a DDoS involves flooding websites or servers with traffic to deny other, legitimate users access to those websites. Hackers that conduct such attacks usually control a wide array of third-party computers which they instruct to do their bidding; the owners of those machines rarely know their devices are even involved.

The number of denial of service attacks against Israel increased from an average of 30 per day in June, before the violence began, to 150 per day in July, while the armed conflict raged on. The number of attacks peaked on July 21, with a total of 429 attacks. Researchers haven’t been able to definitively track the attacks back to any particular groups, but the timing of the incidents correlate with rising violence.

“There’s a clear increase not only in number of attacks but in the size of attacks and how long they’re lasting,” said Kirk Soluk, manager of threat intelligence and response at Arbor. “Interestingly enough, when there’s a cease-fire, the attacks seem to drop off.”

Cyber attacks have increasingly accompanied political conflicts in recent years, with actors like the Syrian Electronic Army notoriously hacking BBC News, eBay and other sites. There has also been an increase in attacks associated with recent disputes over the South China Sea.

In the case of the recent attacks against Israel, Arbor said the third-party computers used to strike Israeli government sites are scattered across the globe in countries including the U.S., Myanmar, Russia, Mexico, Great Britain, and others. However, that does not mean the attacks originated in those countries—it just means those are the locations of computers hackers have commandeered to stage attacks against Israel.

So where are the attacks coming from? One clue could be that the structure of the attacks bears a resemblance to a certain kind of attack that targeted U.S. banks en masse in 2012, Arbor said. U.S. security forces later linked those attacks to Iranian hackers. Meanwhile, the hacking group Anonymous claimed to have attacked Israeli sites, but it’s unclear if the organization is just taking credit for others’ work.

The attacks appear not just to be one-sided, however, as an Israeli civilian group called the Israeli Elite Force (IEF) has said that it’s attacking Palestinian websites. In the early days of the figthing, the IEF regularly updated its Twitter with reports of attacks on Palestinian websites, posting email addresses of what it said were login codes at the Palestinian Ministry of Health.

If a cease-fire holds and violence ends, cyberattacks may dwindle in the short term, but hacking has become a permanent feature in conflicts. “Cyber has joined land, air, sea, and space as the fifth domain of modern warfare,” said Chris Petersen, the co-founder of security firm LogRhythm.

TIME technology

The World’s Top 5 Cybercrime Hotspots

"More cyber criminals are entering into the game at a quicker pace than quite honestly we can keep up with."

+ READ ARTICLE

A Russian crime ring is suspected of obtaining access to a record 1.2 billion username and password combinations, shedding renewed light on how vulnerable online personal information can be. Cybersecurity firm Hold Security said the gang of hackers was based in a city in south central Russia and comprised roughly ten men in their twenties who were all personally acquainted with each other, the New York Times reported.
Cybersecurity experts say this enormous data breach is just the latest evidence that cybercrime has become a global business—one that, including all types of cybercrime, costs the world economy an estimated $400 billion a year. Complex malicious software, or malware, is finding its way into the hands of hackers not just in known cybercrime hubs like Russia and China but also in Nigeria and Brazil, while expanding Internet access around the world means that there are more potential cybercriminals who can easily acquire online the skills and know-how to join the craft.
“It appears more cybercriminals are entering into the game at a quicker pace than quite honestly we can keep up with [in the US] to defend our networks from these malicious hackers,” says JD Sherry, the vice president of technology and solutions at Trend Micro, a Tokyo-based cyber-security firm.
Here’s a look at the global hotspots for these cyber criminals:
Russia

Crime syndicates in Russia use some of the most technologically advanced tools in the trade, according to Sherry. “The Russians are at the top of the food chain when it comes to elite cyberskill hacking capabilities,” he says. Even before the latest revelations of stolen online records, the United States charged a Russian man, Evgeniy Bogachev, of participating in a large-scale operation to infect hundreds of thousands of computers around the world. The massive data breach of the retailer Target last year has also been traced to Eastern Europe.
But why Russia, and its smaller neighbors? Trained computer engineers and skilled techies in Russia and countries like Ukraine and Romania may be opting for lucrative underground work instead of the often low-paying I.T. jobs available there. But the Russian government has in the past also been less than helpful in helping U.S. authorities track down wanted cybercriminals. “The key really is the lack of law enforcement environment, the feeling that you can do almost anything and get away with it,” says Dmitri Alperovitch, a Russia-born U.S. citizen and co-founder and CTO of security firm CrowdStrike. “They were able to grow and evolve into organized enterprises.”
China

China is considered to be another stalwart hotbed for hackers, though the spotlight has primarily fallen not on gangs of criminals, but on the Chinese government, which has been linked to economic and political espionage against the U.S. In May, the Justice Department moved to charge five Chinese government officials with orchestrating cyberattacks against six major U.S. companies. Unaffiliated Chinese hackers have also posed a problem inside and outside the country, but according to Alperovitch there’s a surprisingly low presence relative to the size of the country. “We can speculate as to why, but the most likely reason is that the people that are identified doing this activity by the Chinese government get recruited to do this full time for the government,” he says.

Brazil

Sherry calls Brazil “an emerging cybercrime economy.” Cybercriminals there and across South America are increasingly learning from their counterparts in Eastern Europe via underground forums. They’ll also pay for Eastern European tools to use in their own attacks, using highly complex Russian-made software that Sherry says can include millions of lines of code. That black market has become so sophisticated that Eastern European hackers now provide I.T. support for customers buying their malware, according to Sherry. So far, most of the attacks that originate in Brazil target local individuals and firms, including the recently reported cybertheft of billions of dollars from an online payment system. “The question is, when will that change?” says Jim Lewis, a senior fellow at the Strategic Technologies Program at the Center for Strategic and International Studies.

Nigeria

The original home of low-tech scam emails remains a key player in underground cyber activity and has become a destination for international cybercrime syndicates, according to Sherry. Authorities in Nigeria and other African countries have been slow to crackdown on scammers and hackers, even as more people connect to the Internet. “It’s proving to be a very comfortable environment for cybercriminals to set up shop, operate, and carry out their illegal activities,” Sherry says. Recent efforts by President Jonathan Goodluck to legislate cybercrime in Nigeria have served to push some of the activity into other countries in the region, such as Ghana.

Vietnam

Tech firms in Southeast Asia have a long history of working with Western software firms and other tech companies, Sherry says, meaning there is a broad base of tech expertise there. “People who are really good software engineers, those people are going to be naturals when it comes to taking off the ‘white hat’ and putting on the ‘black hat,’ Sherry says. In Vietnam, where the I.T. industry has expanded at a rapid rate in the last decade, a hacker allegedly masterminded the theft of up to 200 million personal records in the U.S. and Europe that included Social Security numbers, credit card data and bank account information. The communist government there has also been recruiting local hackers to spy on journalists, dissidents, and activists, according to the Electronic Frontier Foundation.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser
Follow

Get every new post delivered to your Inbox.

Join 45,138 other followers