Cyber Incident Victim: Brazilian Army
Date:
Nov 2015
Location:
Brazil
Summary
A Brazilian military institution experienced a server breach resulting in the exposure of personal data, including national insurance numbers and passwords, for approximately 7,000 personnel. Attackers claimed retaliation for alleged unethical tactics—specifically WiFi deauthentication attacks—used by the organization's team during cybersecurity competitions. The compromise involved databases, email servers, and domain controllers, with hackers publishing system vulnerabilities and inviting further exploitation of the leaked credentials. They issued a public challenge to target additional government systems, aligning its deadline with a major international sporting event. The organization acknowledged the incident but emphasized that core defense infrastructure remained unaffected, with investigations ongoing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In November 2015, the Brazilian Army experienced a significant cybersecurity breach when hackers compromised its servers, leading to the exposure of sensitive personal information belonging to approximately 7,000 military officers. The attack, which occurred earlier that week, resulted in the public release of national insurance numbers and personal passwords used by officers to access Army websites. Hackers published this data on November 9 alongside a manifesto explaining their motivations. The intrusion was framed as retaliation against the Army's conduct during "capture the flag" cybersecurity competitions hosted at Brazil's Center for Cyber Defence. According to the attackers, Army personnel had employed prohibited WiFi deauthentication techniques during these events—a method that disrupts network connectivity through denial-of-service tactics. The hackers characterized this as unethical competitive behavior that violated the spirit of the exercises designed to test legitimate cybersecurity skills.
The attackers gained extensive access to Army systems, compromising databases, email servers, multiple online platforms, and ultimately the domain controller infrastructure. They publicly criticized the Army's security posture as "shameful," highlighting numerous critical vulnerabilities across different operating systems. Beyond data theft, the hackers issued a broader challenge to the cybersecurity community by publishing technical details about 10 identified vulnerabilities in Army networks. They invited others to exploit the leaked credentials for further intrusions into government systems, framing this as "homework" for ethical hackers. A specific "Capture the Backdoor" challenge was announced with an August 5, 2016 deadline—coinciding with the opening of the Rio Olympic Games—though no further details about this secondary challenge were provided in the disclosure. The Brazilian Army officially acknowledged the breach while emphasizing that core strategic defense systems remained unaffected. Military authorities confirmed an ongoing investigation into the incident but did not disclose specific containment measures or forensic findings. The attackers concluded their statement with a warning about governmental surveillance ambitions, declaring "the game board is ours" in a direct challenge to the Army's cybersecurity capabilities.