Brazil prepares for cyber war

Brazil is taking it seriously: the Brazilian army recently announced the purchase of new software for security and prevention against cyber attacks.

The measures are part of a broader approach of the Brazilian government to establish a defense system against potential threats to government websites and institutional networks or protect sensitive data.

"Today we have minimal preparation for attack scenarios. We have a large network, Ebnet, meeting the barracks across the country, and is well shielded, but has points of vulnerability," he told BBC Brasil General Antonio Santos Guerra , director of the Center for Communications and Army Electronic Warfare (Ccomgex).

In January, the military completed tenders for the purchase of an antivirus and a program that simulates cyber attacks, for a total of about $ 3.3 million. Both programs will be developed by Brazilian companies.

A few days ago, a group of hackers attacked the site n Brazil Central Bank and the pages of BMG banks, Citibank and PanAmericano, which were temporarily malfunction.

The group also claimed responsibility for attacks on the sites of banks Itaú, Bradesco, Banco do Brasil and HSBC, which took place recently.


"The attacks we recorded so far are similar to those that happen in any company. Attempted theft of keys, denial of service, etc.. But the way in which you get a bank key is the same that can be used to obtain Confidential records of the Army. And since government sites had fallen, "said Guerra.

According to general cyber warfare simulator will train officers in at least 25 scenarios of various types of network attack similar to the Army.

The Ccomgex, which coordinates the purchase of antivirus and cyber attack simulator is part of the Army Defense Center (CDCiber), created in 2010 to concentrate the management of all virtual protective actions of the organization.

And the program, acquired for $ 2.8 million, will be developed by the company Rio Decatron and updated according to the needs of the organization, which should facilitate the maintenance of security system, the general explained Guerra.

The Antivirus, with a value of U.S. $ 442,000, is also under development and will be delivered by the company BluePex, Campinas (in the state of São Paulo), within 12 months.

Ccomgex director says the preference for domestic firms to the Army's protection program should stimulate competition and advancing technology companies security system in Brazil.
So, companies have won tenders for longer terms changes as the programs, according to the needs of the Armed Forces.

The budget for the CDCiber in 2012 is U.S. $ 45 million to be allocated to at least four other acquisitions that include equipment, software and training of at least 500 officers.

"We have external military courses of the three forces and in the college market for postgraduates. In the future, we want to hire people who know the area to work here, or they can service consulting," says Guerra.


The cyber security specialist Mikko Hypponen, the Finnish company F-Secure, said that Brazil is different from other countries by the frequency of cyber attacks related to the theft of money.

Meanwhile, the country is beginning to record attacks on sites of governmental institutions and private companies by activist groups like Anonymous and LulzSec, which have "divisions" nationals.

"In most countries, the attacks are done by outsiders. Brazil is different because much of the attack is targeted at banks and most of them are made by persons of the same country," says Hypponnen to BBC Brasil.

According to him, Brazil is considered the number one producer of "Trojans", a kind of malicious programs that are being used to attack banks.

"These programs do not try to break the security systems of banks, which are generally very good in Brazil. But infect personal computers of customers to enter their accounts when accessing online banking," explains .

For General Antonio Guerra, Brazil does not need to worry about attacks by other countries or by spying on its citizens. "We are a peaceful country, not that kind of problem we have here," he says.
Meanwhile, Hypponnen argues that the Brazilian government will require also deal with the security of private companies, in case you want to prevent possible crisis.


"Much of the critical infrastructure in Brazil is managed by the government and other private companies, such as cellular and nuclear plants.

To ensure that the country will get to operate during a crisis, we must ensure that such infrastructure will continue to work. The government must take a more active role in helping companies protect their networks, "he says.

In a statement to BBC Brasil, the Cabinet of Institutional Security of the Presidency (GSI) said that "the attacks of most concern are those who seek unauthorized access to sensitive information of the Federal Public Administration" and said that the preparation of the body against attacks has been "adequate".

According to the Center of Studies, Response and Treatment of Security Incidents (CERT), which collects reports of cyber attacks across the country, Brazil recorded nearly 400,000 attacks on computers in 2011.

About half of registered fraud, according to CERT, were fake pages, usually banks, created to steal money from users. The other half of the notifications is almost completely Trojans, giving access to bank accounts when they are accessed through the Internet.

The center, which receives data from companies, universities, ISPs and security groups, says that Mondays are the days with more incidents reported and more than 80% of attacks originate in Brazil.

According to the Brazilian Federation of Banks (Febraban), internet banking fraud cost U.S. $ 378 million to banks only in the first quarter of 2011, up 36% over the same period in 2010.