Opinion – Ronaldo Lemos: Was the Brazilian government hacked?

Last week, the news circulated that the notorious cybercriminal group called Everest had invaded the Brazilian government systems, specifically, the Gov.br website, used by millions of people. This gang is known for applying the double extortion method.

First, it applies the attack modality called ransomware, which hijacks the victim’s data (encrypting it) and demands payment in cryptocurrencies to return access. This situation often paralyzes the activities of the organization that was attacked, especially if it doesn’t have a good backup.

In the second extortion, the attacker then starts to demand a new value, this time not to disclose the data he obtained on the internet, especially on the so-called deep web. It is a method as profitable as it is desperate for those who are affected.

In the case of Gov.br, the information circulating is that the platform was hit on Tuesday (30) with the ramsonware attack. The group then posted an online statement selling a massive volume of data (3 terabytes) worth $85,000 in cryptocurrencies. Criminals claim that the captured data contains access passwords and system credentials.

It also draws attention in the message of the criminals that they say that “the information is exclusive and of great value, especially before the upcoming elections”. It is difficult to interpret the gang’s intent. However, it is worth remembering that in the United States, an attack and data leak by candidate Hilary Clinton in 2016 had a significant impact on electoral debates.

In Brazil, the use of cyberattacks for political purposes has become increasingly common. It can even be said that they are the new strategy that succeeds fake news, working to spread fear, uncertainty and doubt in electoral contexts.

So far the attack has not been confirmed by the government. Serpro, which processes federal government data, said it “has no evidence of cybercrime in our databases.” It’s good that we cross all our fingers that Serpro is correct.

After all, Gov.br houses an overwhelming amount of data from the country’s citizens. The portal is responsible today for facilitating access to services such as income tax refund, work card, passport, registration in ProUni, Covid-19 vaccination certificate and so on.

The site was born with a noble and welcome intention, to unify public services on a single platform. This is the model adopted by countries like Estonia, which are at the forefront of digital public services.

The point is that in Estonia the services are unified, but the data is decentralized. They are stored in small, watertight compartments. If one is compromised, it does not compromise the others. This, by the way, would be the correct path for the digitization of government services: unify services, decentralize data.

Furthermore, in Estonia there is a unique and true digital identity, which allows the citizen (and not the government) to control access to their data. It is he who decides with whom and when he wants to share them. While we await further clarification on the alleged attack, it is worth remembering that adopting cybersecurity measures within the federal government remains a good and urgent idea.

It’s over – fear of advertising on the internet

Already – internet advertisements

It’s coming – In-game advertising