This content has been translated using DeepL

Administration

The market for crimes and the rehearsal of war

Felipe Buchbinder

In my time, committing a crime was not so easy. It required talent to forge a document, and only a true hacker could bring down a website to extort its owner. Those days are gone!

Today's criminals have everything handed to them: hacking a website to steal its data, imitating a child's voice to demand a ransom from parents, or creating an avatar of a deceased person to impersonate them in a proof of life test – all these can be purchased in the markets of Fraud as a Service (FaaS) and Cybercrime as a Service (CaaS). Crime has been democratized and is within reach of everyone who can afford it.

Far from being mere pocket change of kids in the attic of an abandoned house, cybercrimes will cost the world US$ 10.5 trillion in 2025, according to the World Economic Fund. That's about half of China's GDP and a third of America's. If cybercrimes were a country, they would be the third-largest economy in the world.

Photos, passwords, deep fakes, and kits that allow even a layperson to hack a website: all these are for sale. Let's be clear about what this means. You know the photo you take holding your ID to identify yourself on the bank's app? The interview with a government agent for proof of life? The voice message from your mom or facial recognition at your child's school? Well, there is a market where all of this can be bought. We saw an example of this when the CFO of a British multinational asked an employee based in Hong Kong to make a US$25 million transfer. The employee complied. He didn't realize that the CFO and everyone else present at the meeting were fake people, generated by AI.

Now, let's play a game. Prove to me that you are you. You can't use documents, photos, voice, or videos, since all of those can be accurately forged. How do you prove to me that you are indeed João, the holder of bank account 1234, the owner of house number 5 on Sixth Street, and the father of the child accompanying you at the airport? How do insurance companies fare if an AI can transform a photo of a new car into a photo of the same car crumpled? How does the financial system, which sees in the practices of Know Your Customer (KYC) the foundation of systems for preventing fraud, money laundering, and terrorism financing, fare? If we can't trust what we see or hear, what becomes of society?

You see, this is why CaaS isn't just a prank of punks, but a tournament of countries. The same skills used for crime can also be used for espionage and war. The same group that, in times of peace, hacks a bank's website to steal its sensitive data can, in times of war, bring down a country's electricity (as happened in Ukraine as early as 2015) or silently poison its water system by infiltrating the water company's systems. In 2024, for example, the American secret service warned that China and Iran had managed to hack the White House. This led some of Biden's government officials to intensify communication via an unofficial app, where sharing classified information was not authorized by the government and where, under the Trump administration, a reporter who should not have been in the group gained access to war plans.

War. If your drums rumble far from the land where the thrush sings, cybercrimes twitter very close to us. According to Data Senado institute of the Brazilian Senate, digital scams victimized about 24% of Brazilians over the age of 16 between June 2023 and 2024: 40.85 million people lost money due to some type of cybercrime, such as card cloning, internet fraud, or account hacking.

Moreover, Brazil has already been the scene of large-scale attacks, such as the invasion of the STJ (Superior Court of Justice) website in 2020, or the ransomware attack on the Ministry of Health that brought down Conecte SUS, in 2021. In 2022, the TCU (Court of Audit) identified that about 75% of public organizations do not have backup policies, and among those that do, 66% do not use encryption. In a report, the Court classified cybersecurity as a high-risk vulnerability in Brazilian public administration, motivating the enactment of the National Cybersecurity Policy (PNCiber) in 2023.

Policies are necessary, but not sufficient. To combat cybercriminals, Brazil must master two groups of technology.

The first group brings together the technologies that underpin citizen identification systems, such as Aadhaar, which collects biometric data from 99.9% of India's adult population and measures their access to all kinds of public and private services. In Brazil, we have had the National Identity Card (CIN) since 2022, which includes biometric validation and a digital QR Code.

The second group (this being the most important) concerns Artificial Intelligence (AI) technologies. Skilled in detecting suspicious patterns and capable of adapting to continuously evolving enemy tactics, AI is an indispensable tool for combatting the seemingly infinite creativity of criminal minds – which, it must be said, also make use of AI to perpetrate increasingly sophisticated crimes.

In this regard, the use of proprietary AIs from other countries is a double-edged sword. On one hand, there is much to learn from cutting-edge technology. On the other, employing these AIs means handing over our data (potentially strategic) to companies that we scarcely know, to use as they wish. This issue was the subject of a recent article in Forbes, and there is no shortage of examples of companies that agree: Amazon, Apple, Citigroup, Deutsche Bank, JPMorgan Chase, Samsung, Verizon, and Walmart, all have restricted (to varying degrees) the use of AIs for their employees, fearing the leakage of confidential information.

Numerous reasons have been provided for developing a Brazilian AI industry: to develop Brazil socially and economically, to address the issue of brain drain, to reduce our dependency on other countries in an increasingly individualistic geopolitical landscape, and to use our clean energy matrix in tackling climate changes... here is yet another: to protect us from crimes that, once sophisticated, have now become commonplace.

Felipe Buchbinder is a professor at Fundação Getulio Vargas (FGV), holds a PhD in Administration from FGV, a Master’s in Artificial Intelligence from Duke University in the USA, and is a member of the Network for Artificial Intelligence and Quantum Technologies.
 

*Article originally published in the newspaper Valor Econômico on 12/05/2025

Share:

Autores

As opiniões expressas neste artigo são de responsabilidade exclusiva do(a) autor(a), não refletindo necessariamente a opinião institucional da FGV.