Brazil: Logging Firms Hire Hackers to Change Lumber Quotas

By Matthew Harwood

Brazilian logging companies hired hackers to break into their government's Web-based permit system to allow them to harvest many more trees than allowed, according to Greenpeace UK's blog.

Here's how the system was supposed to work:

To monitor the amount of timber leaving the Amazon state of Pará, the Brazilian environment ministry did away with paper dockets and two years ago introduced an online system. Companies logging the rainforest for timber or charcoal production are only allowed to fell a certain amount of timber every year and this is controlled by the use of transport permits issued by the state government's computer system.

To be exported from Pará, each shipment of timber requires one of these transport permits, and the volume of timber in each shipment is deducted from the total amount allowed under the company's forest management plan. Once that amount is reduced to zero, no more transport permits are issued so there's no profit in felling more trees.

But a syndicate of 107 timber and charcoal companies had other plans. Hackers hired by the companies broke into the environmental ministry and falsified online records to supply the companies with a neverending supply of transportation permits. The cyber sleight of hand has done real damage to the Amazon's ecosystem. Approximately 1.7 million cubic meters of illegal timber was felled and funneled out of the rainforest. That amount of timber could fill 780 Olympic swimming pools.

Interviewed by Scientific American, Zulfikar Ramzan, technical director at computer security company Symantec, speculated on how hackers broke into the government computer system. The hackers probably did it one of two ways: they broke in through a wireless network, which are normally less secure than wired networks. Or they sent a malware ridden e-mail to an employee of the environmental ministry that when opened, infected the computer and recorded the employee's user name and password.

The Brazilian government has responded by suing the companies for $833 million—the price of the illegal lumber— while 202 people associated with the crime face prosecution. And this isn't the first time these companies have run into the law.

Via Wired's Threat Level Blog:

"Almost half of the companies involved in this scam have other lawsuits pending for environmental crimes or the use of slave labor," federal prosecutor Daniel Avelino said in a statement.

Andre Muggiati, a Greenpeace campaigner in Manaus, told the BBC that "We've pointed out before that this method of controlling the transport of timber was subject to fraud." He added, "And this is only the tip of the iceberg, because the same computer system is also used in two other Brazilian states."


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.