《经济学人·商论》2024-01-16Why is Brazil a hotspot for financial crime?黑客天堂Hacker heaven巴西为什么是金融犯罪的高发地? Why is Brazil a hotspot for financial crime?成功跻身金融科技中心是主要原因Its success as a fintech hub is mostly to blame 在采用金融科技方面,巴西人早就走在了前面。2017年,安永会计师事务所发现,五分之二的巴西人经常使用网上银行,这一比例在全球属于第一梯队。根据咨询公司埃森哲的一项调查,2020年,巴西44%的消费者拥有一个纯数字账户,而在美国和加拿大这一比例不到20%。同年,巴西央行推出了即时支付平台Pix并大获成功。如今,每月通过Pix进行的交易达30亿笔,是借记卡和信用卡交易总和的五倍。BRAZILLIANS HAVE long been early adopters of fintech. In 2017 EY, an accounting firm, found that two-fifths of Brazilians regularly used online banking, one of the highest rates worldwide. In 2020 44% of customers had a digital-only account, compared with less than 20% in the United States and Canada, according to a survey by Accenture, a consulting firm. That year the central bank released Pix, an instant-payments platform. It has been wildly successful. Today it has 3bn transactions a month. That is five times more than transactions by debit and credit cards combined. 这一富矿带吸引了众多网络犯罪分子。他们主要利用“银行木马”程序来窃取用户的账户信息。根据网络安全公司卡巴斯基实验室(Kaspersky Lab)的数据,巴西是遭受银行木马攻击最多的国家——从2022年6月到2023年7月(可获得的最新数据),未遂的银行木马攻击有180万次之多。全球最流行的13种银行木马中有八种是在巴西编写的。This bonanza has attracted cyber-criminals. Their main weapon has been the “banking trojan”, a programme that steals users’ account information. According to Kaspersky Lab, a cyber-security firm, Brazil is the top country for attacks by banking trojans, with 1.8m attempted infections from June 2022 to July 2023 (the latest data available). Globally eight of the 13 most popular types of trojans are made in Brazil. 网络犯罪分子最初主要利用木马,是因为使用它们不需要什么技能。但随着银行加强了防御,犯罪分子不得不转而采取更为复杂、也更能获利的攻击手段。卡巴斯基实验室称,巴西黑社会开发出了最先进的针对POS机的恶意软件,骗子利用该软件从读卡器窃取银行账户的详细信息。这款名为Prilex的应用程序可以通过中断信用卡与支付终端之间的短程连接来阻止非接触式支付。支付终端会显示:“错误。请插卡。”当顾客插入银行卡并输入密码时,这个恶意软件就会使用认证信息授权欺诈性交易。在2016年里约狂欢节期间,一名黑客使用该软件的基础版远程控制了1000多台自动取款机。Cyber-criminals initially focused on trojans as they require little skill to use. However, as banks developed better defences, criminals were forced to branch out into more complex and lucrative attacks. Brazil’s underworld has developed the most advanced “point of sale” malware, which scammers use to filch bank details from card readers, according to Kaspersky Lab. Known as Prilex, this application can block contactless payments by stopping the short-range connection between a credit card and the payment terminal. The terminal reads: “Error. Please Insert.” When a customer inserts her card and PIN, the malware uses the credentials to authorise a fraudulent transaction. During Rio’s carnival in 2016, a hacker used a basic version of this software to remotely take over 1,000 ATMs..……