He entered the system that controls Brazilian elections and was sentenced to six years in 2020 for hacking Benfica and Altis. Portuguese State
“There is always something going on in the suburbs of the Internet,” says the hacker, who at 19 had already hacked into several of the largest companies and public infrastructures in Portugal and Brazil.
Together with a group of hackers led by him Cyberteam, Tomás Pedroso, known in the internet world as Zambrius, gained access to Benfica’s computer systems, obtained some of Altis’s most sensitive data, as well as the network supporting the Brazilian electoral system and the three branches electoral system. General Staff of the Armed Forces. Now, at the age of 21, while awaiting the outcome of an appeal he filed against the six-year prison term to which he was sentenced, the hacker revealed that he gained access to the Garcia de Orta Hospital (at least 16 days before the program ransomware attack), ARS Centro Patient Transport Service, a platform that manages SNS financial resources, and an application that stores national exam data.
Hackers Hack Critical Government Services: Armed Forces, Healthcare and Education Are Vulnerable
However, this young man’s journey into the most hidden corners of the Internet began many years ago. At just 16 years old, he dominated the computer world to such an extent that he had already managed to gain access to some platforms of the highest state structures, such as the Judicial Police or the Prosecutor General’s Office, along with other members of CyberTeam. Eventually, he was caught and detained by the authorities and placed in an educational center for two years.
Attack on the Brazilian elections
Together with other hackers, the young man, who the criminal indictment says will have communication difficulties and attention deficits, took advantage of being under house arrest from May to November to access the Oracle network that was managing the data of the Supreme Electoral Court of Justice of Brazil (TSE) during the first round of municipal elections. In a report by CNN Portugal, the hacker admitted to gaining access to the network, but denied accusations of manipulating information that led to electoral changes.
“I did not manipulate any information despite having access to computers and databases from Oracle, a multinational corporation in charge of processing the election results,” he wrote to CNN Portugal.
He was arrested by the Judicial Police in November 2020 in a joint operation with the Brazilian authorities that identified and detained three youths “for the ongoing crime of unauthorized access, computer damage and computer sabotage.”
Since then, the Zambrius name has become known for hundreds of DDOS attacks that flood servers and render them inoperable, website corruption that corrupts web pages, and SQL injections where it exploits website vulnerabilities to issue commands.
Tomas Pedroso is currently at large, pending an appeal from a six-year prison sentence with a twice-weekly obligation to appear and a travel ban. He was charged with 28 crimes of aggravated access, misuse of data and damage to computers.
Attack on Benfica and Altis
The court, which now found him guilty of computer crimes, charged the hacker with breaking into the website of telecom operator MEO Altice. The State Department believes that Thomas was able to access the company’s databases and “filter data, including names and addresses, customers contained in sales tables, and employees of the sales department.” In total, Zambrius had access to over 123,325 company data, including name, address, mobile phone number, and the companies they work for.
Another abusive access by a young Portuguese occurred in March 2020 when he managed to log into the MyBenfica portal, which was used as a back office for the Fundação Benfica website, which was used by the site administrators to manage and present content. The hacker then provided the credentials of 114 club employees.
Hacktivism or cybercrime
The Defense Ministry’s criminal case file describes the hacker’s actions as “illegal acts of a cybernetic nature,” which the young man calls hacktivism, “as a form of political protest achieved through cybernetic intrusion and incitement to civil disobedience.” “. Thus, along with “unidentified persons”, the young man explored various public and private systems, “scaling privileges and causing database configuration changes associated with the respective sites or other functions.”
This was the case in the case of the attack on Jornal da Madeira, when Zambrius caused a change in the image of the newspaper’s website, inserting an image of a man with a covered face, in a hood and working at a computer, accompanied by a message against politician Andre Ventura, president of Chega!: “Cyberteam hacked (… ) Cyberteam was here!#antiventura Andre Ventura who f…! A system that e…! Ps: I ran out of patience to write cute text with fancy words!”
CyberTeam also did not pass by the Portuguese Association of Football Referees (APAF). The hacker successfully altered the image of the website, which now featured a photo of Rui Pinto, with a message in which the group questioned an investigation by the Portuguese authorities that did not take into account information posted on the Football Leaks website. “What is Portugal doing to fight corruption in football?” the group wrote.
Prosecutors say that when the young man successfully attacked the target, he proceeded to copy and “extract the information contained in the databases”, eventually claiming responsibility for the social media attacks.
In the history of attacks carried out by CyberTeam, there are hundreds of large-scale intrusions, including EDP. On April 13, 2020, a Portuguese electricity company was the target of a cyberattack that severely affected customer service systems. The announcement came the next day via Twitter, where the pirates threatened to attack Altice and carry out a large-scale attack on April 25 of that year.
At the time, they stated in a Facebook post that around 80% of Portuguese websites could be changed by the group. The hacker collective also claimed to have “access to several important systems in the private and public sector, including some courts, clubs, private companies” and added that “if necessary” they would hack into the television network.
CNN Portugal, a young man assures that the group of computer pirates he helped found is inactive.
All you need is a smartphone and with time and patience you can find vulnerabilities and exploit them. This is what happened to the shortcomings that he discovered in April of this year when he tweeted a series of appeals to various critical platforms of the Portuguese state, including the García de Orta hospital page, the ARS Centro patient transport platform and the National Examination Jury.
In a written response to CNN Portugal, which asked him about the motives for what justice has already deemed crimes, the hacker says that these attacks serve “only to notify” the authorities of the weaknesses that exist in the networks, claiming that they are willing to share with the network administrator the vulnerabilities of these systems. The hacker justifies the focus on health care, education, and defense by saying that they serve to demonstrate that these areas, “which hackers usually seek out for profit,” are not safe.
When asked if he is ready to work with the authorities to find and correct flaws in the most important systems of the Portuguese state, Thomas Pedroso answers with the question: “Why not?”.
Another target of the hacker was dozens of servers of the three directorates of the General Staff of the Armed Forces (EMGFA). Two years after he was able to infiltrate these platforms and be convicted for it, the hacker claims he was able to access the same servers again through the same vulnerabilities that were discovered in the past. CNN Portugal, an official source from the EMGFA, told CNN Portugal that the 2020 vulnerabilities “have been analyzed and actions deemed appropriate have been taken.”
“There are many types of attacks on servers. An attacker can steal information from users and use it for sale or own use, such as accessing ATMs or even bank accounts, can use phishing scams, inject ransomware to obtain ransom, use the victim’s server for future attacks, or mine bitcoins, the attacker locks onto the target as if it were the owner; In short, the attacker can completely manipulate the network and do whatever they want with it,” explains the hacker.