Last week, Brazil’s emergency alert system was taken offline after a suspected cyberattack sent fake warnings to phones across several regions.
People in several parts of Brazil woke up on Saturday morning to a strange emergency text message on their mobile phones. The message appeared as an Extreme Alert containing the word “misantropi4,” a version of the Portuguese word “misantropia,” meaning hatred toward humanity.
It is suspected that hackers replaced the letter “a” in “misantropia” with the number “4,” creating “misantropi4,” a leetspeak style often used in hacker culture.
This false alarm caused a lot of confusion, mainly because no natural disasters or emergencies were occurring. The message first appeared on phones in the southern state of Paraná. However, within minutes, it reached people in major cities such as São Paulo and Rio de Janeiro. Some residents also received the text via normal SMS messages.
Turning Off the System
In Brazil, a tool called Cellbroadcast is used to send out urgent public warnings. It is managed by the country’s National Telecommunications Agency (known as Anatel), and it works just like any other emergency alert system used in other countries, with the basic purpose being to warn citizens about dangerous weather.
Because the text came from someone outside the government network, officials had to take the National Civil Defense warning platform offline at around 1:30 a.m. local time. The system will stay disabled until authorities finish checking its security.
How the Attack Happened
According to an X (formerly Twitter) post from the online malware repository administrator vx-underground, the fake alarm was the work of an individual using the name “mizanthropiaz” who managed to compromise the system because of weak security measures.
The post further revealed that a government employee accidentally infected their computer with infostealer malware back in 2016. The malicious software exposed the employee’s username and password. It is shocking that this password was never changed over the last ten years, and was the same as the username.
The government network lacked basic security settings. It didn’t require a secure private connection or extra login codes like a text message verification. There was a security puzzle to stop automatic guessing attacks, but it always asked the simple question “2+2=” and never changed.
Local civil defense teams across the country confirmed that none of their agents sent the text. Local authorities are now working with Anatel to investigate how the system was breached.
