A group of Portuguese pirates and a Brazilian group acted together to gain access to the Brazilian electoral court system and steal data from the servers. Portuguese hacker confirms authorship of attack but denies tampering with voter data
The Brazilian Electoral Ministry (MPE) has accused Portuguese hacker Tomás Pedroso, also known as Zambrius, of invading the Brazilian Supreme Electoral Court (TSE) system during the Brazilian municipal elections. Along with three other computer pirates of Brazilian nationality, the group is accused of breaking into computers, violating electoral laws by hacking servers and stealing data from the electoral system and criminal association.
According to the accusation made by the Electoral Public Ministry, to which CNN Portugal had access, the hackers managed to access the TSE system, stole data from the servers and published it on the Internet.
A month later, according to the MPE, two of the hackers obstructed the functioning of the “e-Título” application and prevented voters from proving their identity with their mobile phones.
The authorities believe that the attacks were coordinated by two groups of hackers, Cyberteam, led by the Portuguese hacker, and a group called Noias do Amazonas (which used the acronym NDA), led by the hacker known as Sanninja and in which two other hackers participated, called VandaTheGod and Synchron1ze. The MPE accuses the group of promoting “disruption harmful to electoral work” and of interfering “with the proper provision of relevant services to voters”.
In addition to acting together to carry out “some cyber attacks”, the accusation accessed by CNN Portugal shows that the two groups formed a kind of cooperation “for the practice of cyber crimes, in which they help each other by sharing information, modus operandi for intruder systems and hacker knowledge for the practice of illegal acts”.
During the first round of the municipal elections. To CNN Portugal, the hacker admitted that he had access to the network, but rejected the accusation that he manipulated information that caused changes in the elections.
“I did not manipulate any information, despite having access to computers and databases of the multinational Oracle, responsible for election processing,” he wrote to CNN Portugal.
Even on the day that the election took place, the Federal Police of Brazil had already discovered that one of the invaders had originated in Portuguese territory. The authorities also monitored the group’s communications on the Discord social network, where the hacker Bky992 admitted to sending more than 20,000 requests for access to the TSE, causing restrictions in the system.
The young man would eventually be detained in November 2020 in a joint operation with the Brazilian authorities by the National Unit for the Fight against Cybercrime and Technological Crime of the Judicial Police, where the other three young people were identified and detained, one of them ‘ a teenager at the time of the facts, “for the continued practice of crimes of improper access, computer damage and computer sabotage”.
The name of Zambrius, who led the group of Portuguese pirates Cyberteam, has since gained visibility and become famous for hundreds of DDOS attacks, flooding the servers and rendering them unusable, violations of websiteswhich corrupts Internet pages, and SQL-Injection, where the vulnerabilities of websites are exploited to issue commands to them.
Tomás Pedroso is currently free and awaiting the appeal of his six-year prison sentence, with the obligation to present himself to the authorities twice a week and is prohibited from leaving the country. He was charged with 28 felonies of aggravated unlawful access, misuse of data and computer damage.
From Benfica to the Judicial Police: Zambrius found vulnerabilities in several Portuguese websites
Despite being only 22 years old, Zambrius already has an extensive cyber attack curriculum. The young man gained access to Benfica’s computer systems, obtained some of Altice’s most confidential data and attacked various systems of the three branches of the General Staff of the Armed Forces. However, the journey of this young man into the most hidden places of the Internet began years ago. At the age of 16, he already managed to gain access to some of the platforms of the highest structures of the state, such as the Judicial Police or the Attorney General’s office, together with other members of the CyberTeam. He would eventually be caught and detained by the authorities and interned in an educational center for two years.
In the court verdict that now convicted him of computer crimes, the hacker was accused of invading the website of the telecom operator MEO, which belongs to Altice. The Public Ministry believes that Tomás was able to access the company’s databases and “exfiltrated the data, including name and address, of customers contained in sales tables and door-to-door salesmen”. In total, Zambrius had access to more than 123,325 company data, including the name, address, mobile phone contact and companies they work for.
Another of the young Portuguese’s improper access occurred in March 2020 when he managed to enter the MyBenfica portal, which is used as a back office of the Benfica Foundation website, which was used by the site administrators for management and introducing content. Then the hacker made available the credentials of 114 club workers.
“Hacktivism”, a form of “political protest”
In the public prosecutor’s indictment, the practices carried out by the hacker are described as “illegal acts of a cybernetic nature” which the young man calls hacktivism, “as a form of political protest achieved through cybernetic invasion and incitement to civil disobedience”. So, together with “unidentified individuals”, the young man explored various public and private systems, “scaled privileges, and caused configuration changes in the databases associated with the respective websites or other functionalities”.
Could this have been the case in the attack on Jornal da Madeira, in which Zambrius caused a change in the image of the newspaper’s website, inserting the image of an individual with his face covered, wearing a hood and on a a computer works, accompanied by a message against politician André Ventura, president of Chega!: “Hacked by Cyberteam (…) CyberTeam was here! #antiventura What André Ventura f…! The system that f…! Ps: I’m out of patience to write a cute text with fancy words!”
In the history of attacks made by CyberTeam are hundreds of large-scale intrusions, including EDP. On April 13, 2020, the Portuguese electricity company was the target of a cyber attack that severely affected customer service systems. The claim came the next day, via Twitter, where the pirates threatened to attack Altice and carry out a large-scale attack on April 25 of that year.
At the time, they said in a publication on Facebook that about 80% of Portuguese websites could be changed by the group. The hacker collective also claimed to have “access to several important private and public sector systems, including some courts, clubs, private companies” and added that, “if necessary”, they would penetrate a television network.
To CNN Portugal, the young man guarantees that the group of hackers he helped find is inactive.
Last year, while awaiting the outcome of his appeal against the six-year prison sentence to which he was sentenced, the hacker showed that he had access to the Garcia de Orta Hospital (at least 16 days before that health unit was targeted by a ransomware attack), the ARS Centro Patient Transport Service, the platform that manages the financial resources of the SNS and the application that stores national exams.