On November 28, a Saturday, the Federal Police carried out three search and seizure warrants – in addition to three precautionary measures to prohibit contact between investigators – in the states of São Paulo and Minas Gerais. Portugal was also visited by the PF of Brazil, with an arrest warrant.
We are talking about people who were involved in the recent leak of data from the Superior Electoral Court during the first round of elections, which happened on November 15, a Sunday – a suspicious leak, something you can check in the previous link in this paragraph.
Zambrius, discredited by the community, achieved what he always sought: fame
The search in Portugal was for Zambrius, an old acquaintance of the cybersecurity community for his “dubious” attacks and not-so-brilliant capabilities. His team, called Cyberteam, has a modus operandi to claim attacks after facts that gain relevance on the internet. For example, in Google’s last service instability in September, Zambrius claimed it was his job that brought down the tech giant’s servers. Obviously, his disrepute has grown in the community. At this time, on December 1, Zambrius remains in prison.
In Minas Gerais, the Federal Police went to “talk” with Vanda. Recognized in the hacker community with the nickname “Vanda the God”, he is one of the biggest defacers in Brazil, graffiti on thousands of sites. Vanda was released the same day.
Another one that was taken in São Paulo is known as Sanninja. Sanninja is a young man who had his name circulating in the community recently. A member of Noias do Amazonas (NDAmazonas), the hacker saw his name involved in the TSE data leak, even though he denied active participation. Sanninja was “arrested” on Saturday (28) and also released the same day.
It is also worth noting that SynchrONize, another hacker on the same team, was also taken by the PF to talk about the case.
“I’m feeling good, but I’m unsure”
Through an intermediary who would not like to identify himself, we obtained some details of how the Federal Police performed in the case in São Paulo. A common sense among all is that the PF was extremely professional: “They did not come in evil to want to fuck us (…) Everything was part of the investigation”, was one of the comments. “At no time did they treat me badly, the PF is to be congratulated. Super calm attentive ”, adding that the releases happened because they are still underway. “I just woke up in a fright”, commenting on the fact that the police showed up before six in the morning at the door.
There was no aggression or threat from the authorities
One of the released also commented that he is feeling well, calmer after talking to the Federal Police, but obviously concerned since it is a national investigation.
The consensus that now exists among the released hackers is that Zambrius would have been the only culprit. The 19-year-old Portuguese man would have “put” the names of other hackers in the dump as a “save”. In other words: they have no connection, they were just remembered in the leak as a treat.
Finally, the Federal Police took statements and took photos. There was no aggression or threat from the authorities, according to those involved. The materials are yet to be analyzed – and this story probably doesn’t end here.
Focus, we need focus
What you read now refers to the leakage of information from the Superior Electoral Court’s databases. This has nothing to do with the DDoS attacks suffered by the TSE and confirmed by Minister Luís Roberto Barroso. These denial of service attacks have not yet been claimed by any group.
Urn has no relation
The report also does not touch the ransomware that hit the Superior Court of Justice: known as RansomExx, it still seems to be active and several institutions are down because of him. I had contact with the hackers behind the ransomware, it seems, it is an international group. They charge payment via bitcoin to release the files and this was probably not done.
Finally, the leakage of information from TSE databases has no relation to the security of the electronic ballot box. To date, no fraudulent operation or hacker invasion of the polls has ever been discovered. On the other hand, TSE transparency on vulnerabilities does not yet exist.
STJ: attackers communicate