Since early June, when news website The Intercept began publishing leaked private messages exchanged by members of Operation Car Wash, Brazil has been confronted with the issue of cyber security. According to the Federal Police, roughly 1,000 Brazilian authorities have been victims of some sort of hacking or phone identity theft—including Economy Minister Paulo Guedes, House Speaker Rodrigo Maia and even President Jair Bolsonaro.
The apparent ease with which a gang of hackers apparently managed to access private information of top state figures raises serious doubts about how prepared the Brazilian government is when it comes to cyber security.
After confirming that at least two of his cell phones were accessed by hackers (four of which have been arrested), President Bolsonaro said that “nothing sensitive” would leak, as he doesn’t discuss state matters on messaging apps. The same can’t be said for his Justice Minister. As The Intercept reports show, he discussed several key issues regarding Operation Car Wash—including practices that were outside his remit as a judge. The leaks sparked a political crisis within the administration, and led many to believe that Operation Car Wash, the largest anti-corruption effort in Brazilian history, was severely biased, in particular against former President Lula.
After Mr. Moro’s messages became public, government officials began using phones encrypted by the National Intelligence Agency—although it seems like too little, too late.
Data breaches: an old problem in Brazil
The Car Wash leaks were not the first major data breach affecting public officials. During the 2010 presidential campaign, a 21-year-old hacker accessed then-President Dilma Rousseff’s email and unsuccessfully tried to sell a batch of 600 messages to opposition parties.
Ms. Rousseff was also spied on by the U.S. National Security Agency, according to information leaked by now infamous whistleblower Edward Snowden—and published by journalist Glenn Greenwald (The Intercept‘s co-founder).
In 2011, hackers performed multiple attacks on government agencies, successfully obtaining passwords from IBGE, Brazil’s official statistics agency. Later in 2014, the Ministry of Foreign Affairs was attacked and several cables, email lists, passwords and official data were stolen. Last year, the group Anonymous Brazil hacked then-President Michel Temer’s website; his wife, Marcela Temer, also had her phone attacked.
However, things will have to change, one way or another. The General Law of Data Protection (LGDP), Brazil’s first legislation on data privacy, will come into effect next year, aiming to increase the protection of private data and holding both the government and private companies accountable.
In order to understand the deep impact this case will have on Brazil’s privacy landscape, we talked to the executive director of ITS, Fabro Steibel, and Marcelo Lau, coordinator of the Cybersecurity masters’ program at the Paulista University of Computing and Administration. See below for their views on Brazil’s ability to protect important information and develop legislation that can effectively target hackers and prevent cyber attacks.
Note: This interview has been condensed and edited for clarity.
How has Brazil been handling cybersecurity issues?
Mr. Steibel: Brazil does have an advanced legislation concerning online protection. The Marco Civil da Internet (Civil Rights Framework of the Internet) contains an article about storing data and that’s why it was possible to track the hackers. They used VOIP (Voice over Internet Protocol) and, because of the law, this data must be kept for 6 months, so that’s how they tracked the hackers’ IP. The GSI (the president’s internal security agency) is responsible for security and they have an advanced plan...
Search
