bool(false)

Justice system hack exposes Brazil’s worrying cybersecurity flaws

. Nov 12, 2020
cybersecurity brazil Image: André Chiavassa/TBR

Just as scientists spent years warning of the dangers of a potential pandemic caused by an airborne virus, experts are now ringing the bell for the next great threat: cyber warfare. Last week’s hack of the systems running Brazil’s Superior Court of Justice — the country’s second-highest judicial body — is the worst ever against a national government network, and served as a reminder of how Latin America’s biggest nation is ill-equipped to face cyberattacks.

While backups allowed the court’s IT department to salvage information on over 250,000 active cases, trials continue to be canceled over a week after the attack

Employees of the court tell The Brazilian Report that the perpetrators of the hack have asked for a ransom in exchange for returning data.

So far, experts have yet to determine whether the hacker (or hackers) managed to access sealed information on interested parties in lawsuits and civil servants — a risk information security consultants deem to be &#8220;heightened.&#8221;</p> <p>On the same day the court was hacked, other <a href="https://brazilian.report/tech/2017/11/21/sensitive-personal-data-protection-brazil/">government systems</a> — including that of the Health Ministry&nbsp;— also suffered attacks, but it remains unclear whether it was part of a coordinated action.</p> <p>The case raised red flags about an often overlooked deficiency of Brazil&#8217;s public administration. Brazil currently ranks 70th in the <a href="https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx">United Nations&#8217; Global Cybersecurity Index</a> — and is only the sixth-best equipped Latin American country against hackers, behind much poorer countries such as Paraguay.&nbsp;</p> <p>Companies continue to be sloppy with the protection of their networks. Forty percent of Brazilian websites don’t have SSL protocols — which allow secure connections from a web server to a browser.</p> <h2>Closing the stable door after the horse has bolted</h2> <p>Brazilian Supreme Court Chief Justice Luiz Fux announced this week the creation of a cybersecurity committee within the National Council of Justice — the watchdog overseeing the country&#8217;s judicial system. A group of experts will monitor <a href="https://brazilian.report/newsletters/brazil-weekly/2019/06/15/sensitive-data-breaches-brazil/">system vulnerabilities</a> and discuss how to protect courts against attacks.</p> <p>The move comes as the Brazilian justice system migrates to online servers. In October, a bill was approved to make all legal decisions 100-percent online — instead of using physical documents. Hearings and trials may also be held via video calls instead of in-person proceedings.</p> <p>The chief justice believes the move will reduce procedural costs and make courts more accessible to lower-income people —&nbsp;for whom court dates can be problematic with their work schedules. But it can only be fully implemented in a safe online environment, something Brazil still lacks.</p> <p>And cybersecurity is not only about having powerful firewalls and antivirus software. User literacy is a major aspect, as 95 percent of hacker attacks are enabled by human errors. As an example, back in the 2000s the <a href="https://www.wired.com/2011/12/worm-pentagon/#:~:text=The%20Agent.,offensive%20tools%22%20to%20fight%20it.">Agent.btz worm</a> — dubbed &#8220;the most serious breach of the U.S. military’s classified computer systems&#8221; — infected computers in the U.S. Department of Defense after an ill-advised use of a USB flash drive.</p> <p>According to consultancy Oliver Wyman Forum, Brazil is among the countries where the <a href="https://www.oliverwymanforum.com/content/dam/oliver-wyman/ow-forum/cyber/index/Oliver-Wyman-Forum-CLE-Index-Methodology-Oct-2020.pdf">very notion of cybersecurity remains obscure</a>. The country remains well below the global average when it comes to digital inclusion, public policymaking, and cultural proclivity towards the reduction of security risks.</p> <div class="flourish-embed flourish-radar" data-src="visualisation/4318037"><script src="https://public.flourish.studio/resources/embed.js"></script></div> <p>Experts say cybersecurity should be taught in schools as a way to improve Brazil&#8217;s readiness against attacks.</p> <p>One positive step was the enactment of the <a href="https://brazilian.report/newsletters/brazil-daily/2020/08/07/pandemic-fuels-confusion-around-brazil-data-protection-law/">General Data Protection Law</a>. Starting in 2021, it will impose hefty fines on companies which handle personal data of users — forcing them to protect their systems against breaches, even if only to avoid losing money.

Read the full story NOW!

 
Renato Alves

Renato Alves is a Brazilian journalist who has worked for Correio Braziliense and Crusoé.

Our content is protected by copyright. Want to republish The Brazilian Report? Email us at contact@brazilian.report