This is probably the nightmare of every civil protection authority: unknown actors have managed to send false warning messages via Brazil’s state warning system. Authorities suspect cyber criminals are behind the incident. Meanwhile, the government is investigating how this could have happened.
Read more after the ad
On Saturday night (local time), a number of smartphones lit up in several regions of Brazil. They displayed a warning of the highest category “extreme alert” and a message from civil defense with the cryptic content “misantropi4”. The cryptic part is generally interpreted as the Brazilian word for misantropia, with an a replaced by a 4, typical of the so-called “leet speak” in the hacker scene. The Brazilian government said the warnings were received in the states of São Paulo, Mato Grosso do Sul, Rio de Janeiro, Paraná and the Brazilian Federal District – it counted a total of ten of the dubious warning messages on a number of devices.
Fake warning via cell broadcast
The messages were sent via cell broadcast, a technology that has also been used in Germany since 2022. It makes it possible to send warnings about extreme weather or dangerous situations to cell phones in the affected regions – without having to install an app specifically for this purpose. You can hear it every year on nationwide warning day, when all cell phones in this country ring for testing purposes.
Following the current incident, the Brazilian government’s cell broadcast platform is temporarily out of service. The government assumes a cyber attack and has launched a forensic investigation. How many devices the attackers were ultimately able to reach cannot currently be determined because it is an “unofficial” warning, explained Wolnei Wolff, responsible secretary at the Ministry for Integration and Regional Development. He referred to the ongoing investigation, which will deliver results very soon and should also make the platform safer.
The operator of the warning system is Brazil’s national communications agency Anatel; it apparently does not see the cause as being with the telecommunications providers through whose infrastructure the warnings are ultimately sent. Instead, she also refers to the civil defense warning platform in her press release.
New findings about the course of the attack should also be of interest to other countries that also use a cell broadcast system – such as Germany. Here, too, there has been misuse of national warning systems, but no cyber attack. Last summer, the district administration of Bad Dürkheim in Rhineland-Palatinate called on thousands of people to sing the Palatinate Song using the warning app Katwarn. The background was the ongoing Dürkheim sausage market, where a television team was on site. The authority admitted the incident and said it was a mistake.
Read more after the ad
(nen)
