Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Ed Felten on TSA Behavioral Screening | Main | DNS Dead Drop »
December 17, 2008
Brazilian Logging Firms Hire Hackers to Modify Logging Limits
Some Brazilian states used a computerised allocation system to levy how much timber can be logged in each area. However, logging firms attempted to subvert these controls by hiring hackers to break systems and increase the companies' allocations.Greenpeace reckons these types of computer swindles were responsible for the excess export of 1.7 million cubic metres of timber (or enough for 780 Olympic-sized swimming pools, as the group helpfully points out) before police broke up the scam last year. Brazilian authorities are suing logging firms for 2 billion reais (US$833m).
Posted on December 17, 2008 at 11:52 AM • 18 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
HJohn • December 17, 2008 12:33 PM
@Article: "Federal authorities are due to release more details of the prosecution of 107 logging and charcoal firms later on Friday, Greenpeace reports. A total of 202 people are facing prosecution in the case, it adds."
I could believe the scam, but I'm boggled that 107 firms and 202 individuals were allegedly involved. Trying to involve 1 other party is dangerous best, let alone over 100.
Davi Ottenheimer • December 17, 2008 12:48 PM
Wow. That brings the importance of log management to a whole new level.
Anonymous • December 17, 2008 12:57 PM
@Davi Ottenheimer: "Wow. That brings the importance of log management to a whole new level."
I bet they had poor security at multiple tiers. There are so many layers where this could have/should have been prevented and detected.
Lazlo • December 17, 2008 12:58 PM
That's weird. I've never even *heard* of an Olympic sized swimming pool made of Brazilian hardwood. Seems fairly impractical on the face of it. But I bet it'd be pretty expensive...
(note: This *is* sarcasm. I know what they meant.)
Adrian Lopez • December 17, 2008 1:13 PM
"Wow. That brings the importance of log management to a whole new level."
Once the loggers logs have been chopped apart by the hackers, there's really no way to tell whether the loggers have logged all the logs.
HJohn • December 17, 2008 1:21 PM
@ Davi:
LOL. My mistake. "Log" Duh, I need more coffee.
It does beg the question: How much log could a logger log if a logger could log logs?
Griskupar • December 17, 2008 3:11 PM
Then there's substantial illegal logging: http://www.newyorker.com/reporting/2008/10/06/...
elizilla • December 17, 2008 5:00 PM
You realize this is a modern version of something entirely traditional, right? If you read the accounts of the timber industry that deforested the Great lakes area of the USA in the 19th century, the historians note that 90% of the timber was illegally logged. The timber companies would acquire logging rights for one small plot, and use it as a staging area to cut everything within range.
Brazil also has the giant fires; you can see them on the satellite pictures. It's like the firestorm at Peshtigo down there.
Jeremy • December 17, 2008 6:53 PM
I am a little suspicious about the numbers. While I definitely believe it is possible the logging companies are involved in such an act, I also tend to disbelieve specific numbers attributed by a politically opposed organization. It works in Greenpeace's favor to overestimate the initial values that are likely to swarm through media reports before dying down and the actual numbers come out (which most likely will never get reported).
Tangerine Blue • December 17, 2008 7:01 PM
@Jeremy
> I am a little suspicious about the numbers
I generally would be too, but how can you distrust anybody who measures timber in units of olympic-sized swimming pools?
foo • December 17, 2008 8:51 PM
You might want to offer your services in improving the security of these systems and teaching their programmers some security principles.
wsinda • December 18, 2008 2:41 AM
Apparently, hacking the system was cheaper than bribing government officials. The interesting question is whether the price of the former went down, or the price of the latter went up.
Calum • December 18, 2008 3:36 AM
@Jeremy: I'd tend to agree that numbers should be treated with suspicion. However, on the other hand, having had some experience with Brazilian methods of commerce, I'm pretty sure it will have come as a huge surprise to all involved that their little scam was found out. When business people cite "official corruption" as a competitive advantage, you know something's not right.
Also, I doubt very much that any hacking was involved, unless it was of the open wireless and network share kind. More likely someone with access to the spreadsheet was bribed.
Calum • December 19, 2008 6:49 AM
Errm, I did. What I am saying is that I don't believe the fine article. Hackers are a much more interesting bogeyman for Greenpeace than some dude who accepted baksheesh in exchange for altering a few figures.
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments