In a global market for hacking talent, Argentina stands out
In a global market for hacking talent, Argentina stands out
Within Latin America, Brazil has become known in recent years as the world leader in Internet banking fraud. But Argentina’s hackers have a reputation for creativity. In particular, they are known for their ability to find so-called zero-day flaws, which are unpatched holes in widely used technology that can be used to spy on or even destroy adversaries’ computer networks.
Technology companies like Apple, Facebook and Google have encrypted their products and services so that in many cases the only way to monitor a target’s communications is to hack directly into its device. As a result, there is a new urgency among governments in acquiring zero-day exploits.
A mix of executives from around the world, government officials, contractors and — or so it was rumored — spies gathered here in October in an industrial building converted into a cultural center to watch hacking done the Argentine way at the 11th annual EkoParty, the largest hacking conference in Latin America.
It is impossible to say how many hackers live in Argentina, since breaking into computers is not generally a skill that Argentines like to advertise. But EkoParty, which drew 1,600 people this year, is widely known as the best place to find them.
“Argentina put itself on the map as the country to produce the best hackers,” said Sinan Eren, an executive at Avast Software, a security company based in Prague, who has been attending the conference for years.
Long before foreign companies came calling, hacking things was a life skill in Argentina, a way to get by through decades of repressive military rule and a volatile economy.
Argentines have a saying, “atado con alambre,” which translates roughly as “held together with wire,” to describe the inventive nature of so many here who learned to do much with little.
“Those of us who came of age under a military junta — who were told which books to read, which movies to watch, which God to worship — had to learn to move around the laws,” Norma Morandini, a senator from Córdoba province, told a crowd at the conference. “For us, hacking became a way of life.”
The country still has one foot in the tech industry’s past because of stringent import rules. Amazon will not ship to your door here. BlackBerry has more market share here than Apple. A new iPhone costs $2,000 or more on MercadoLibre, an online auction site, but many iPhone owners said they had been able to persuade a friend traveling from abroad to sneak one through customs.
To get their hands on the latest, greatest devices, Argentines often have to think like a hacker — or even become one.
“You make do without resources, without high-end technology, with poor Wi-Fi connections,” said Sergio Berensztein, an Argentine political analyst. “We improvise creative solutions, for lack of other options, and many have applied these same procedures to the technical industry.”
EkoParty began as a small gathering of Argentine hackers who exchanged their discoveries over the Web. Today, hundreds of Argentine hackers, ranging from 14 to 45 years old, line up around the block to show off their skills to executives from Silicon Valley startups like Synack, a security company, as well as more established consulting firms like Deloitte, and a growing list of government officials and contractors looking to acquire zero-days for their arsenals.
Among EkoParty’s panelists were hackers like Alfredo Ortega, a sweet-natured man from rural Patagonia who calls himself a “cybergaucho” and was able to break into a new e-voting system in 20 minutes. Later, over tea and cookies, he demonstrated how to hide malicious code in computer chips.
Ortega, who works for Avast Software, is best known for breaking into a computer operating system thought to be invulnerable. His latest work in progress is an X-ray-emitting device that can break into systems that are not even online.
“Almost anything you give him, he will break,” said Federico Kirschbaum, who started the EkoParty conference with a fellow Argentine, Francisco Amato. They are also the co-founders of the security company Infobyte.
Other presenters included Juliano Rizzo, an Argentine security researcher who demonstrated a zero-day flaw onstage that some here estimated would have sold for six figures on the black market.
Rizzo is among many Argentine security researchers who got their start at Core Security, a company founded 20 years ago by six hackers.
In 1996, Core started working with companies and government agencies to find security holes in their networks. Later, they created one of the first automated attack tools designed to penetrate clients’ systems by exploiting software vulnerabilities.
“It was a bold proposition, especially coming from ‘some guys in Argentina,’ ” said Ivan Arce, one of Core’s founders. Analysts initially said the tool was unethical, but one of Core’s first customers, NASA, helped change minds.
As Core grew, its founders trained the next generation of exploit coders. But those hackers now have far more lucrative options than their predecessors did back in 1996.
Exploits that 20 years ago were discovered out of curiosity, or to defend against criminals, are valuable to an increasing number of governments — 40 at last count — that are developing offensive digital weapon programs.
Governments have already started repurposing Argentine exploit tools as spy tools. Last December, two researchers discovered that an Iranian hacking group was using Core’s penetration testing tool against Iranian dissidents.
“This started out as hobbyists sharing exploits as a game,” Arce said. “Now exploits are hoarded for profit.”
Sale of a single exploit can make some hackers rich. Zerodium, a zero-day-exploit broker that sells to governments, said it paid hackers $1 million for an Apple exploit in October. In mid-November, the brokerage firm said it would pay hackers $50,000 for an attack that could take over a victim’s machine through a Safari or Internet Explorer browser, and $80,000 for a similar attack through Google’s Chrome browser.