The president of the Superior Electoral Court of Brazil, Luís Roberto Barroso, minimized, on Monday (11/16/2020), hacker attacks on the TSE website. But cybersecurity experts point to vulnerability in the system. The Portuguese hacker who took over the authorship told the news agency Sputnik Brazil that Barroso omits information.
Also on Sunday afternoon (15), the Federal Police informed the TSE that the leader of the attacks is a Portuguese hacker, as reported by Veja magazine. Then, at Estadão, the Portuguese group CyberTeam assumed responsibility for the TSE data leak, under the command of a hacker identified as Zambrius. He confirmed to be the author and said the intention was to demonstrate the vulnerability of the site.
“The only objective was to prove that the security of the TSE was possible to be penetrated after they announced that they had reinforced the security. We usually act for [amusement or protests]. Mr. Barroso omits information. He has come to affirm that the TSE is safe, that there was no security breach, but it is a lie, we have invaded 28 databases belonging to the domain [https://www.tse.jus.br]. I don't have a computer, all my activities, since I was arrested, are carried out by a 50/80 € cell phone. The impact could be much, but much greater if I had a computer, ”said Zambrius, who has already been arrested in Portugal for cyber attacks on several websites. (Read the full interview, below)
According to Barroso explained at a press conference on Monday afternoon (16), old information from TSE employees and retired ministers, referring to the period between 2001 and 2010, was leaked. Although the leak occurred on election day, according to with the minister, access to the data would have happened on a “past date”.
“The data had over ten years of seniority, and disclosure was also made on election day to give an idea of the system's vulnerability. Even so, the system resisted unscathed, ”he said after the TSE Information Technology Secretary (Giuseppe Janino) inform that 436 thousand connections were made per second to try to bring down the TSE system.
19/11 / Just four days later:
Cybersecurity experts point to TSE vulnerability
Excerpt from the interview with the hacker. The full text can be accessed at Sputniknews here.
Why do you say that Minister Barroso omitted or manipulated information? At what point would he have done this?
Zambrius: He has come to affirm that the TSE is safe, that there was no security breach, but it is a lie, we have invaded 28 databases belonging to the domain [https://www.tse.jus.br]. And [Barroso said] that all the problems were natural, but the truth is that they were affected by our attacks: an attack of penetration to the databases, one of data traffic overloads directly from the database [to harm instability in domains and systems], and a DDoS attack via Botnet device, these instabilities throughout the day have been harmed by our hackers, and everything he says is almost all wrong. It was all this month, after they announced that the TSE had strengthened computer security.
When were these invasions? Can you need me between which days happened? Was there a successful Sunday?
Access has been maintained for at least seven days, and continues accessible as it always has, and I just sent some command lines to reveal the databases so I can print in real time and send it to you.
Do you have any political motivation in your attacks like this on TSE? Are you affiliated with any party or are you partisan?
I have not left, I do not support these facades, I am totally ANTIGOVERNO, for personal and social reasons, I do not like them and they do not like me, we are in a 50/50 draw.
"The purpose of this alert is to denounce the lack of reliability of a computerized electoral system that uses closed computer programs, is based on electronic ballot boxes without materializing the vote, does not provide effective means of inspection and audit by political parties" - this is the most important point - “And identifies the voter by entering the number of his electoral title on the same machine in which he votes. Thus, the principle of inviolability of the vote, essential in a democracy, will be respected only insofar as the controllers of the electoral system allow, transforming the secret vote into a mere concession.
A true black box to challenge our faith, this system is inaudible, unreliable and susceptible to computerized fraud that is difficult to detect. As it stands, it would be rejected in the simplest battery of systems reliability tests, because, in computing, a system without supervision is an unsafe system. Many of the frauds that occurred when voting was manual were eliminated, but the Brazilian citizen was not alerted that, with computerization, the possibility of more sophisticated, broader and more difficult electronic frauds was introduced. ”