Brazilian Logging Firms Hire Hackers to Modify Logging Limits

Interesting:

Some Brazilian states used a computerised allocation system to levy how much timber can be logged in each area. However, logging firms attempted to subvert these controls by hiring hackers to break systems and increase the companies' allocations.

Greenpeace reckons these types of computer swindles were responsible for the excess export of 1.7 million cubic metres of timber (or enough for 780 Olympic-sized swimming pools, as the group helpfully points out) before police broke up the scam last year. Brazilian authorities are suing logging firms for 2 billion reais (US$833m).

Posted on December 17, 2008 at 11:52 AM • 18 Comments

Comments

HJohnDecember 17, 2008 12:33 PM

@Article: "Federal authorities are due to release more details of the prosecution of 107 logging and charcoal firms later on Friday, Greenpeace reports. A total of 202 people are facing prosecution in the case, it adds."

I could believe the scam, but I'm boggled that 107 firms and 202 individuals were allegedly involved. Trying to involve 1 other party is dangerous best, let alone over 100.

AnonymousDecember 17, 2008 12:57 PM

@Davi Ottenheimer: "Wow. That brings the importance of log management to a whole new level."

I bet they had poor security at multiple tiers. There are so many layers where this could have/should have been prevented and detected.

LazloDecember 17, 2008 12:58 PM

That's weird. I've never even *heard* of an Olympic sized swimming pool made of Brazilian hardwood. Seems fairly impractical on the face of it. But I bet it'd be pretty expensive...

(note: This *is* sarcasm. I know what they meant.)

Adrian LopezDecember 17, 2008 1:13 PM

"Wow. That brings the importance of log management to a whole new level."

Once the loggers logs have been chopped apart by the hackers, there's really no way to tell whether the loggers have logged all the logs.

HJohnDecember 17, 2008 1:21 PM

@ Davi:

LOL. My mistake. "Log" Duh, I need more coffee.

It does beg the question: How much log could a logger log if a logger could log logs?

elizillaDecember 17, 2008 5:00 PM

You realize this is a modern version of something entirely traditional, right? If you read the accounts of the timber industry that deforested the Great lakes area of the USA in the 19th century, the historians note that 90% of the timber was illegally logged. The timber companies would acquire logging rights for one small plot, and use it as a staging area to cut everything within range.

Brazil also has the giant fires; you can see them on the satellite pictures. It's like the firestorm at Peshtigo down there.

JeremyDecember 17, 2008 6:53 PM

I am a little suspicious about the numbers. While I definitely believe it is possible the logging companies are involved in such an act, I also tend to disbelieve specific numbers attributed by a politically opposed organization. It works in Greenpeace's favor to overestimate the initial values that are likely to swarm through media reports before dying down and the actual numbers come out (which most likely will never get reported).

Tangerine BlueDecember 17, 2008 7:01 PM

@Jeremy
> I am a little suspicious about the numbers

I generally would be too, but how can you distrust anybody who measures timber in units of olympic-sized swimming pools?

fooDecember 17, 2008 8:51 PM

You might want to offer your services in improving the security of these systems and teaching their programmers some security principles.

wsindaDecember 18, 2008 2:41 AM

Apparently, hacking the system was cheaper than bribing government officials. The interesting question is whether the price of the former went down, or the price of the latter went up.

CalumDecember 18, 2008 3:36 AM

@Jeremy: I'd tend to agree that numbers should be treated with suspicion. However, on the other hand, having had some experience with Brazilian methods of commerce, I'm pretty sure it will have come as a huge surprise to all involved that their little scam was found out. When business people cite "official corruption" as a competitive advantage, you know something's not right.

Also, I doubt very much that any hacking was involved, unless it was of the open wireless and network share kind. More likely someone with access to the spreadsheet was bribed.

CalumDecember 19, 2008 6:49 AM

Errm, I did. What I am saying is that I don't believe the fine article. Hackers are a much more interesting bogeyman for Greenpeace than some dude who accepted baksheesh in exchange for altering a few figures.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..