The method that would have been used to access Telegram accounts of various authorities will be a public civil inquiry center of the Federal Public Ministry in Brasília. The agency intends to investigate possible failures committed by operators.
The Federal Police say the suspects used VoIP to simulate cell phone numbers used by the Minister of Justice and Public Security, Sergio Moro, as well as prosecutors, judges, federal delegates and journalists.
Then, they would have “called themselves” via VoIP to access their mailbox and listen to the Telegram Web activation code for each number. The invaders reportedly used the same strategy to try to hack into accounts of President Jair Bolsonaro and Economy Minister Paulo Guedes.
This vulnerability will be the main target of the MPF investigation. The investigation, however, can be broader and lead to the identification of other flaws. To TeleSynthesis, SindiTelebrasil, which represents the operators, stated that the companies have guidelines aimed at the security of their customers’ data.
“The providers also warn of the importance of the customer choosing the most rigorous security standards”, says SindiTelebrasil. “Operators also report that they have disabled the service that allowed them to access their mailbox by calling the number itself.”
The MPF investigation will also assess Anatel’s actions to protect consumer privacy. To G1, the agency reported that it is collaborating with the Federal Police and employing the instruments and technical teams available. “In order to guarantee the necessary secrecy to the operation, no more information will be released at the present time,” said Anatel.
After the alleged method used in the invasion was revealed, operators blocked calls from a handset to their own number. The measure was taken by Anatel’s own determination as an attempt to end the vulnerability exposed by the investigation.