Brazil aims to bring order to lawless cyberspace

SAO PAULO,  (Reuters) – Long seen as the Wild West of online fraud, Brazil is about to implement its first cyber-crimes law in an attempt to protect its rapidly expanding banking and e-commerce industries.

But online security experts warn that jail terms ranging from two months to three years may be insufficient to fight electronic fraud, a problem that cost the local financial industry $700 million in 2012, according to Brazil’s banking association Febraban.

Brazil ranks among the world’s top producers of spam, Trojan viruses and phishing, according to security firms, and until now Brazilian cyber criminals have operated in the open, trading stolen data in online forums and posting YouTube videos of themselves with wads of cash.

“The sense of impunity is huge,” says Fabio Assolini, a senior malware analyst with the online security company Kaspersky Lab in Sao Paulo. “Brazilian cyber criminals feel free to work.”

Online theft has not only hit the financial industry but is also casting a shadow over Brazil’s growing online retail market, a $12 billion industry that recently attracted heavyweights such as U.S. online retailer Amazon.com Inc .

Experts say Brazil is finally moving in the right direction. However, they warn not to expect an overnight fix for Latin America’s largest online marketplace. “We see an awakening phase in Brazil,” says Limor Kessem, a cyber crimes specialist in Tel Aviv with online security firm RSA, a division of EMC Corp.

“Things will really start changing once criminals see other people are being arrested and going to jail.”

The law that takes effect in April was hastily passed last year after Carolina Dieckmann, a Brazilian soap opera star, had dozens of intimate pictures stolen from her computer and leaked to the Internet.

Security experts say the “Carolina Dieckmann Computer Crimes Law” should, for instance, help improve Brazil’s dubious position as a global producer of phishing, a type of crime where hackers redirect users of financial services to fake sites to steal their passwords and other confidential data.