Millions of individuals in various parts of Brazil received at least ten misleading emergency communications from Civil Defense, as reported by the National Secretariat for Civil Defense and Protection. The incidents occurred between Friday night and Saturday morning, and national secretary Wolnei Wolff detailed what happened at a press conference on Saturday. An exact survey of the number of people affected and the impacted regions is still underway.
The first false notification was registered in Paraná, but the problem spread to other locations, including Rio de Janeiro, São Paulo, Distrito Federal, Mato Grosso do Sul and Acre. Given the situation, the system was preventively deactivated at 1:30 am on Saturday to contain further shots.
The federal government suspects that the Defense Civil Alert platform has suffered a cyber attack. The fraudulent communication, classified as “Extreme Alert”, featured the word “misanthropy”, which means aversion to humanity, or the variation “misantropi4” on some devices.
“Since last night and during the early hours of today, the system was the target of an attack that, it seems, came from hackers, representing a disservice to the nation. The Information Technology team acted promptly, deactivating the system, but the repercussions are visible, with the issuing of nine to ten alerts”, declared Secretary Wolff.
Triggering of false alerts occurred via Cell Broadcast and SMS
As the secretary explained, nine of the messages were sent using Cell Broadcast technology, which reaches cell phones manufactured from 2020 onwards with 4G or 5G coverage in the risk region. An additional alert was sent via the SMS system, which requires prior user registration.
Wollf highlighted the difficulty in determining the exact number of phones that received the warnings, given that multiple states were simultaneously affected by the incident. He detailed that the credentials to authorize alerts are specific to each state, which, theoretically, would prevent a single access key from triggering messages to different regions.
“Each alert should be directed to a single state, and an employee should never be able to issue a warning to another federative unit”, explained the secretary. “We are not yet sure whether the alerts were triggered by a single person or multiple individuals.”
The “Extreme Alert” classification is intended for scenarios of immediate danger to life, such as floods, landslides and intense storms. The content of the false messages, however, had no connection with established emergency protocols, raising instant doubts about the veracity of the warnings.
Immediate measures after identifying a cyber attack
The system was deactivated at 1:30 am on Saturday morning, and the National Secretariat for Civil Protection and Defense is working to restore its operation as soon as possible, as soon as security guarantees are fully reestablished. The Ministry of Regional Integration and Development has already requested the intervention of the Federal Police to investigate the facts.
“The investigations will have the ability to evaluate and understand the dynamics of what happened, including how an external individual managed to gain access to the system,” said Wolff.
The secretary, however, reiterated that all evidence points to an incident of external origin, characterized as a cyber attack, and not to a shot carried out by an internal Civil Defense server.
In an official statement, the Secretariat detailed that it blocked all external access to the Public Alert Disclosure Interface, where the “cybersecurity incident” was detected. User accounts associated with the event were suspended, with their records and logins duly preserved for expert analysis. Additionally, the Government Cyber Incident Prevention, Treatment and Response Center has been informed to monitor developments.
“Apparently, there were registrations in the system, and alerts were issued from Curitiba, in Paraná. We blocked it. Later, another person accessed it with a different credential and triggered a new alert”, he explained. “With the inclusion of the Federal Police in the investigations, we hope to move forward to obtain more detailed information.”
Government plans to strengthen platform security
The secretary mentioned that, although there is no date for the complete reestablishment of the platform, its normalization is a high government priority. Wollf admitted that incidents of this type compromise public trust in the system, whose purpose is to protect lives, but assured that the secretariat has been committed since the beginning of the year to improving the solidity of the platform, aiming to launch an updated version as soon as possible.
The ongoing improvements, according to him, focus mainly on system access permissions. He added that once investigations into the current incident are completed, the secretariat will analyze the need to implement additional modifications to optimize the platform.
“We need to understand in depth how this attack occurred, checking whether the problem is already being addressed by the ongoing development. It is an absolute priority to launch, in the shortest possible time, this new version that ensures greater security for the system”, promised the secretary. The IT team worked throughout the night to assess the invasion and understand how the group managed to access the platform.
Reactions and measures taken by state governments in the face of the shootings
The incident motivated the mobilization of several state Civil Defenses. In São Paulo, the state management clarified that it was not responsible for sending the messages and emphasized the absence of any scenario that would require an extreme alert in the region. The São Paulo government also informed that it activated the National Telecommunications Agency (Anatel) and other partner bodies in the operation of the tool to investigate the occurrence.
Similarly, the Civil Defense of Rio de Janeiro reported that the notification did not originate from its own systems, attributing the failure to the platform at a national level. The body highlighted the lack of risks of natural disasters that would justify emergency communication for the population of Rio de Janeiro.
A similar circumstance was observed in Paraná, where multiple citizens reported having received the message. The local government clarified that it was not responsible for issuing the alert and that there was no forecast of serious meteorological phenomena that would justify the activation of the tool.
Designed to optimize preparedness in emergencies, Defesa Civil Alerta uses Cell Broadcast technology to transmit warnings directly to cell phones in risk areas, without requiring prior registration. Such notifications are issued with an audible signal and aim to guide citizens in the face of events that may pose imminent danger.
The meaning of “misanthropy” and its appearance in alerts
Misanthropy is the term used to describe a feeling of aversion, disdain or even hatred towards humanity. This term caught attention in the early hours of Saturday when it appeared in a false alert sent to cell phones in various parts of Brazil by the Defesa Civil Alerta platform, motivating countless Brazilians to search for its meaning.
According to the Michaelis dictionary, misanthropy refers to the characteristic of individuals who express repulsion or distrust towards the human essence. The word can also be applied to people who avoid social interactions or choose a more isolated life.