NEWSLETTER
Subscribe now to receive FPJ's free weekly news digest

Brazil’s Next Battlefield: Cyberspace

A few days after it was revealed that blackouts in Brazil in 2005 and 2007 may have been caused by cyber attacks, Brazil experienced the worst power outage in over a decade, leaving more than half of the country in the dark. In a scene that appeared to be out of a science-fiction film: subway trains came to a halt, elevators stopped, traffic lights went out, and the Itaipu dam, the world’s second-largest hydroelectric power producer, was completely shut down. The Brazilian government was quick to deny that the blackouts were caused by cyber attacks, blaming the outages on the weather. However, Brazil’s National Space Research Institute quickly reputed this claim with evidence that suggested the weather during the outage was “not capable of producing” this kind disruption. Regardless of the cause, the economic damage and security risk of future blackouts raise doubts about the security of Brazil’s critical energy infrastructure as the country is preparing to host the 2014 World Cup and the 2016 Olympic Games

power_outage_brazilThe blackouts, which affected over 60 million people, came just two days after CBS, a popular American news channel, reported that cyber attacks caused blackouts in Espirito Santo State in 2007 and Rio de Janeiro in January 2005. The program “60 Minutes,” mentioned that: “Several prominent intelligence sources confirmed the cyber attacks [were] in Brazil,” but did not mention “who did it or what the motive was.” The first public mention of these cyber attacks appears to be by Tom Donahue, a top CIA official at a SANS security conference in 2007. He revealed that hackers “Caused a power outage affecting multiple cities,” without naming Brazil. President Obama echoed this warning with a similar elusiveness in a recent address on cyber security, saying “In other countries cyber attacks have plunged entire cities into darkness.”

The first public mention that Brazil’s electrical grid was targeted by hackers was made by John Grines, U.S. Assistant Secretary of Defense, at a conference in Paris in June 2007: “Not long ago, there was an attack to the power system in Brazil [to their] SCADA network, which caused major disruptions.” Then, again, a few days before the recent blackouts by Richard Clarke, former special adviser to President George W. Bush on cybersecurity and chairman of the Good Harbor security consulting firm. “Given the degree of seriousness that the Obama administration is applying to cybersecurity and the smart grid, we can look forward to the kind of things happening here that happened to Brazil, where hackers successfully brought down the power,” Clarke said in an interview with Wired magazine.

“The government might have denied that these blackouts were attributed to a cyber attack because they didn’t know or didn’t want others to know that their electric grid was vulnerable to such attacks” explained, John Bumgarner, Research Director for Security Technology for the U.S. Cyber Consequences Unit (US-CCU). “Most electric grids are so interconnected to the internet that an attacker with the right expertise can easily penetrate these networks from anywhere. Once an attacker has breached the simplistic security measures that commonly protect these critical networks they can than enter a few simple commands, which could physical destroy a multiple-million dollar component (e.g. generator), thus plunging cities into darkness and chaos for weeks or even months. Many of these critical components are produced using just-in-time manufacturing processes, which means an order submitted today will be delivered in approximately 18 months or longer.”

Unlike a physical crime, it’s very hard to find a smoking gun in a cyber crime. For that reason it’s very plausible that government regulators were not trying to cover up that the blackouts in Brazil were caused by cyber attacks. Maybe they didn’t know. Admist contradictory government reports, Brazilian President Lula demanded an internal investigation. Regardless of what they find, cyber crime presents a major threat to Brazil and other countries where critical infrastructures (health system, defense, emergency response, banking, telecom, etc.) rely on the grid to power its operations and control systems, which are increasingly connected to the internet, and therefore vulnerable to a cyber attack.

Brazil is home to more cyber-criminals than any other nation and Portuguese is becoming increasingly popular in the hacker underworld. In fact, of the top 50 website defacement groups about 30% are Brazilian, according to a report released by Safemode.org. The world financial crisis has exacerbated this problem and there is a risk that layoffs among Brazil’s large highly skilled IT workforce will make things worse. Certainly, the large divide between social economic classes in Brazil has contributed to its large network of organized crime syndicates.

Cyberspace has evolved into an ungoverned territory that is marked by anonymity and ease of carrying out a lucrative cyber crimes. This has attracted a diverse group of malicious characters, from spies to extremist groups. Brazil’s high rate of internet connectivity and lack of investment in securing and maintaining their critical infrastructure make it a prime target for malicious attacks in cyber space. Despite this threat, there are very few laws against hacking in Brazil. This puts the burden of proof on prosecutors to prove there was fraud involved, which is a crime in Brazil. There are very few incidents of hackers being caught and prosecuted in Brazil.

In June 2008, hackers broke into a government Web site in Brazil. Over 3,000 employees lost access to the system for over 24 hours, valuable data was compromised and the hacker demanded $350 million dollars ransom. The money was not paid and there was a backup of the information, but it took over a week to crack the code and regain control from the hacker. In recent years, U.S. software company Microsoft and military computers have also been targets of high profile Brazilian hacking groups, such as Prime Suspectz and BHS.

To prevent future threats targeting Brazil’s critical infrastructure, especially its electrical grid, it must quickly adapt its defenses to cyberspace and pass legislation to go after hackers. Security must be part of the design and operational criteria of its critical infrastructure; especially the electrical grid. These assets must be continually monitored and tested for cyber and physical threats. In addition, significant investment needs to be made towards transmission upgrades and load management of its grid. Until these improvements are made Brazil’s electrical grid will continue to operate at an abysmal state of disrepair fraught with operational inefficiencies; physical and cyber vulnerabilities that could potentially cripple Brazil’s grid and economy along with it.

Print Friendly

About the Author

Michael Mylrea

Michael Mylrea is a Security Consultant that has worked on cyber issues for Good Harbor Consulting, The U.S. Cyber Consequences Unit, MIT Lincoln Lab, Harvard Berkman Center, and various U.S. Government agencies. You can contact him at michaelmylrea@gmail.com. 
  • Madhumita

    Very impressive story Michael ! Got to know many thing about cyber attack in Brazil. Thanks indeed!

  • http://www.senki.org Barry Greene

    “Brazil is home to more cyber-criminals than any other nation and Portuguese is becoming increasingly popular in the hacker underworld. In fact, of the top 50 website defacement groups about 30% are Brazilian, according to a report released by Safemode.org.”

    I’m not sure you can use this data from Safemode to extrapolate that Brazil has more cyber-criminals than any other nation.

    Please support that assertion with more data. In conflicts with other reports which are based on data analysis or observational analysis.

    Also, your “chain of support” which says the power outages were from a cyber attack are not backed up from validated data. They are backed up from a chain of “hearsay.”

    In fact, the publicly available data dispute you assertion. I point to Brazilian Blackout Traced to Sooty Insulators, Not Hackers

    I think it is time for all the people ranting about “cyberwar” to be held the a minimum of academic standards of supporting their assertions with fact, not hearsay.

  • Michael Mylrea

    Thanks Barry–Thought you would be interested that: the Brazilian government opened an official investigation into the cause of the blackout a couple of days after the article you sited came out: http://www.france24.com/en/node/4925711
    A day after my article was published the report above mentioned: “After initially claiming transmission lines were at fault, then deciding that a storm must have caused a short-circuit in supplies from Brazil’s largest power plant, officials have been forced to backtrack from efforts to declare the incident closed.” So you were right there was a lot “hearsay” ….and that was one of my points.

    You concluded that the evidence I provided or “chain of support” pointed to a cyberattack. I appreciate your comments, but think you missed the point of the article: “Regardless of the cause, the economic damage and security risk of future blackouts raise doubts about the security of Brazil’s critical energy infrastructure as the country is preparing to host the 2014 World Cup and the 2016 Olympic Games.”

    More specifically, I mention: “Regardless of what they find, cyber crime presents a major threat to Brazil and other countries where critical infrastructures (health system, defense, emergency response, banking, telecom, etc.) rely on the grid to power its operations and control systems, which are increasingly connected to the internet, and therefore vulnerable to a cyber attack.”

    I hope this helpful and would be happy to follow up with you via email: michaelmylrea@gmail.com Thank you.

  • Denise Rocha

    I am from Brazil and this is the first report that connects the dots. If you take the time to read what is going on- you’ll notice that the Brazilian gov is scrambling for answers- and stumbling. It sadly does not surprise me…………I would like to see another follow up as things develop!

  • http://trent11hammo.diaryland.com/100520_88.html Alpha Mattingley

    I really liked your blog. Fantastic.