Security Experts:

Connect with us

Hi, what are you looking for?



Hired ‘Hackers’ Try, and Fail, to Invade Brazil Vote System

More than 20 would-be hackers gathered in the Brazilian electoral authority’s headquarters in the capital this week. Their mission: infiltrate the nation’s voting system ahead of a hotly anticipated race in October.

More than 20 would-be hackers gathered in the Brazilian electoral authority’s headquarters in the capital this week. Their mission: infiltrate the nation’s voting system ahead of a hotly anticipated race in October.

Their 3-day battery of attempted assaults ended Friday and was part of planned testing that happens every election year, usually proceeding without incident or, for that matter, drawing any attention. But with President Jair Bolsonaro continuously sowing doubt about the system’s reliability, the test took on an outsized significance as the electoral authority, known as the TSE, seeks to shore up confidence in the upcoming general elections.

Analysts and members of the TSE said the test’s results were more encouraging than ever. All the experts attempting to disrupt the system — among whom were Federal Police agents and university professors in engineering, information technology, data security and computer science — had failed.

“No attack managed to alter the destination of a vote in the electronic ballot,” Julio Valente da Costa, the TSE’s secretary of information technology, told The Associated Press in an interview afterward. “The importance of this test is for us to rest assured, at least about all the technology and computing components for the elections.”

When Bolsonaro won the presidential race four years ago, he claimed he had actually secured victory in the first round, not the runoff weeks later. The former army captain has repeatedly made accusations the voting system used for three decades is vulnerable, and at times said he possesses proof fraud occurred, but has never presented any evidence.

Last year, Bolsonaro suggested the election could be canceled unless a voting reform was passed in Congress. But the proposed constitutional change did not garner enough votes.

Analysts and politicians have expressed worry that far-right Bolsonaro, who is trailing leftist former President Luiz Inácio Lula da Silva in all early polls, is laying the groundwork to follow the lead of his ally, former U.S. President Donald Trump, and reject election results.

The TSE has gone to great lengths to bring more openness to the electoral process, even inviting the armed forces to sit on its transparency commission, though the military’s role in elections is traditionally limited to carrying ballots to isolated communities and beefing up security in violent regions.

{ Read: Vulnerabilities in Swiss E-Voting System Earn Researchers Big Bounties }

Some political and military analysts have argued the TSE’s olive branch proved to be a mistake as tensions have since escalated.

An army general who is part of a commission submitted dozens of questions to the TSE earlier this year.

“(The armed forces) are being guided to attack the process and try to discredit it,” Supreme Court Justice Luis Roberto Barroso, who presided over the TSE until February, said during a conference with a German university on March 24. His comments drew backlash from Bolsonaro’s Defense Ministry, which issued a statement saying the accusation was “a serious insult.”

Barroso’s successor at the TSE, Supreme Court Justice Luiz Edson Fachin, said Thursday the elections will be taken care of by “unarmed forces,” adding that the TSE’s declaration of voting results will be final.

Still, some analysts remain concerned.

“The armed forces today are part of Bolsonaro’s government, from a political standpoint, and they are helping the president’s efforts to corrode the institutions from the inside,” João Martins Filho, a military expert who used to lead the Brazilian Association of Defense Studies, said by phone. “That’s no small thing. It’s very dangerous.”

Last week, as the TSE prepared for its test, Bolsonaro pledged that his party will seek an external audit of the system before the first round of voting.

The TSE’s test has its origins in November, when experts selected 29 methods to hack into the voting system. Five managed to cause some interference, which was minor and didn’t affect results, the TSE said at the time. Those five plots were assessed over the three-day test this week, which showed all issues had been resolved, Sandro Nunes Vieira, a TSE member, told journalists after its completion. A commission will evaluate the results and publish an official report at the end of May.

Carlos Alberto da Silva, a professor of data security at the Federal University of Mato Grosso do Sul, was part of the group that tried to break into the system. He and a pupil had discovered a loophole in the audio output that could violate the vote’s confidentiality. On Friday, he told the AP the issue had been resolved by the TSE.

More tests will follow in August, when the TSE conducts something of an election day simulation. That’s when Brazil’s presidential campaign will be officially getting underway, although both Bolsonaro and da Silva are already holding rallies and events.

The TSE will continue conducting security tests until 15 days before the election. Since 1996, it has never once turned up evidence of mass vote fraud.

Wilson Vicente Ruggiero, a computer engineering professor at the University of Sao Paulo who is collaborating with the TSE, told the AP that “today’s process is much safer than the one of the past.”

“There’s no reason to fear the ballot or the process itself could be rigged,” Ruggiero said.

Related: Experts Warn of Dangers From Breach of Voter System Software

Related: Report Highlights Cyber Risks to US Election Systems


Related: False Claims on Voting Machines Obscure Real Flaws

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.