The cyber attacks by the TSE (Superior Electoral Court) on Sunday (15) are of a type that occurs frequently on the Internet and was carried out by an already stamped hacker group.
At the time this report was published, the attacks were known to have involved the disclosure of old internal data and an attempt to cause instability on the websites of the TSE itself and the TREs (Regional Electoral Courts). All unrelated to slow vote counting, a problem other than the lack of testing in the pandemic.
At a press conference on Sunday evening, TSE President Luís Roberto Barroso said the attacks had left Portugal or were coordinated by a Portuguese citizen.
On Monday (16), the minister said he had asked the federal police to investigate the case, but had not provided any new data on the attackers. “At the moment there are only suspicions and indications,” he said. According to Barroso, the PF needs to analyze whether there was any orchestration “to discredit the system and the institutions”.
The attack was accepted by CyberTeam, already known in the midst of cybersecurity for hacktivism, that is, to hack in the form of protest with ideological motivation.
The group is led by the hacker known on the Internet as “Zambrius”. He was preventively arrested in Portugal in April this year for carrying out various cyber attacks in the country. Subsequently placed under house arrest.
According to the Diário de Notícias newspaper, the cybercriminal has been monitored by the authorities since he was 16 years old in 2017 and identified as a member of a group that attacked the judicial police and the Attorney General of the Republic of Portugal.
The hacker’s version differs from that of the Brazilian authorities in two respects: according to the young Portuguese, access to internal data remained vulnerable until at least Monday afternoon (16), and the published tables were extracted on Saturday (14). The TSE denies, saying the information was received weeks earlier.
According to the court itself, in addition to the leaked data, the hackers carried out a DDoS attack (acronym for “Denial of Service”).
This mode floods the target’s servers to cause instability or even shut down a system. It’s like what happens when a university entrance exam comes up: a lot of people are accessing the website at the same time and it’s slow but artificial.
Zambrius confirmed to Folha that later on Sunday afternoon, hours before the TSE president spoke, the group attempted to cause instability on the regional courts’ websites.
“Today’s attack [domingo] it was completely harmless. Suffering from attack is not a privilege of the TSE website, neither is the Supreme Court [Tribunal Federal]”Pentagon, Nasa,” said Barroso.
OVERLOAD
Typically, DDoS attacks are carried out by a network made up of multiple devices connected to the Internet around the world, known as a “botnet”.
Hackers search the network for vulnerable systems. And everything is possible: it can be computers or even intelligent lamps. This equipment is turned into “zombies”. They appear to be working normally, but are waiting for an attacker command to send information to the target in sync, causing an overload.
Such attacks are widespread and escalating around the world, according to a report released last year by Cisco, a company that specializes in Internet-connected services and devices. Worldwide, an increase from 7.9 million cases in 2018 to 15.4 million in 2023 is forecast.
The methods vary, but DDoS is often not very complex – you can even rent them over the internet. Since they are everywhere, there are already several defense mechanisms available to block what is considered to be artificial access.
One of the most popular attacks of this type occurred in 2016, when sites like Twitter, Netflix and Airbnb were removed. The vast network of zombie robots consisted mostly of surveillance cameras and routers.