The Superior Court of Justice reported on Friday (6/11) that the backup of the court’s technology systems is “100% complete, as well as the data of the approximately 255 thousand cases that are being processed”. The court was targeted by hackers on Tuesday and has since stalled its activities. Ministers and servants are unable to access their own files and emails.
In a note, the president of the court, Minister Humberto Martins, assured that the system will be available on November 9, as planned. The system brings together the main functionalities of the electronic process and collegiate judgments.
The situation is considered serious among the ministers. Some expressed concern about a change made to the court’s system last year that could have opened up the site’s vulnerabilities.
A court minister heard by ConJur said that the hacker did not have access to files and processes that are stored in the cloud. With this, the hacker managed to block and encrypt only the data that is stored on the computers. Preliminary information indicates that the attack was located by a private foreign company and had been scheduled for three months.
So far, the extent of what was attacked, whether there was a copy of the data and, consequently, what could be restored, is not clear. There is also information that there has been a request for redemption of the data, but there is no official information from the presidency on the subject.
The Federal Police and the STJ’s computer sector analyze the extent of the attack and how they can work around the problem. The Army’s Cyber Defense Command also collaborates.
Other official systems were also reached this Thursday (5/11) in Brasília: from the Ministry of Health, from the Federal District Economy Department and from the Federal District government. It is not known, however, if there is a relationship with the attack on the STJ.
The Federal Police opened an investigation to investigate the case and appointed computer experts to work on the matter. In your live weekly, President Jair Bolsonaro said that the PF has already identified the person responsible for the attack on the STJ system. The information, however, has not been confirmed by the authorities.
The procedural deadlines were suspended until next Monday (9/11). The court informs that urgent demands are centralized in the STJ presidency and requests that petitions be sent to the email [email protected]
Lawyers heard by ConJur showed a lot of concern about the episode and also considered that the situation is serious. According to them, it is necessary to investigate the causes and adopt measures to reduce legal uncertainty.
Maria Hosken, from Nelson Wilians e Advogados Associados, a specialist in Digital Law and Privacy, assesses that the case raises concern, mainly due to the risk of leakage of information arising from lawsuits that are under secrecy.
“Even more serious is the paralysis of the agency due to the unavailability of its computer systems. It is a situation of consequences that are still unpredictable and that should test the preparation of the Judiciary not only with regard to preventive security measures, but also of maturity in relation to management of such incidents “, says Hosken.
Lis Amaral, also a partner at Nelson Wilians Advogados, a specialist in Digital Law and Privacy, points out that the rules of the LGPD, in force for a short time, must be respected.
“In the event of incidents such as a leak, the controllers of personal data must observe rules established for communication to the national authority and, depending on the severity, even to the holders. This investigation process is fundamental to ascertain the causes of the incident and establish measures to mitigate the incidents. damages, which is why it is not advisable to speculate on rumors not yet confirmed “, explains the lawyer.
Alan Thomaz, a lawyer specializing in Digital Law and LGPD, understands that the incident still lacks more information, but the possibility that the data backup has also been hacked is worrying.
“Official information about the security incident involving the STJ has not yet been provided. Information from behind the scenes indicates that this is a serious hacker attack, probably from ransomware, which encrypted all process data and emails from the STJ, making them inaccessible. Apparently the data backup was also subject to encryption by hackers, and it still cannot be recovered “, says the lawyer.
Already for Alex Santos, a specialist lawyer in technology at Nascimento e Mourão Advogados, the incident is further evidence that there is “a chronic vulnerability in the cyber security systems used by the Brazilian government”.
“There is news that the entire collection of STJ cases, in addition to the ministers’ e-mails and other data were encrypted by the hackers. And if this information is confirmed, millions of jurisdictions could be harmed by a possible extension of the suspension of activities in the STJ until the base is restored “, warns Santos.
Adib Abdouni, a specialist in Criminal and Constitutional Law, also sees the attack as a fact of the “highest gravity”. “With a view to alleviating the legal insecurity that has been projected on the jurisdictional authorities since then, the STJ has activated the system of attendance on duty, in order to ensure that the lack of functionality in the electronic process does not prevent urgent demands from complaining immediate jurisdictional assistance cease to be appreciated, given that the right of access to justice is a fundamental and inalienable postulate of the person, provided for in article 5, XXXV of the Constitution, and article 93, XII, in turn, is expressed to the predict that ‘the jurisdictional activity will be uninterrupted’ “, highlights Abouni.
The lawyer recalls that in the period of digital instability, the President of the Court will be responsible for dealing with requests for provisional protection, as well as matters that imply the perishing of rights or that affect the right to freedom of movement. The President of the Court will also be responsible for requests for habeas corpus against arrest, search and seizure, precautionary measure and writ of mandamus due to acts decreed by authority subject to the original jurisdiction of the Court, in addition to suspension of security, suspension of execution of injunction and sentence and complaints regarding the president’s decisions whose effects operate during the extraordinary service period.
For the criminalist and LGPD expert André Damiani, founding partner of Damiani Sociedade de Advogados, the attack demonstrates the fragility with regard to data security and, consequently, the privacy of Brazilian public institutions.
“There is news that this was the worst hacker attack in the history of Brazil, since even STJ backups were encrypted by criminals, preventing access – by everyone – to an incalculable bank of lawsuits, causing enormous uncertainty about the destination and the maintenance of the data existing in these processes that may even be exposed by criminals “, he says.
Associate of Damiani Law Firm, Blanca Albuquerque, a lawyer specializing in the protection of personal data by Data Privacy Brasil, says that, according to the LGPD, the STJ must communicate with the National Data Protection Authority (ANPD) and the (data) owners who were affected as a result security incident.
“With the LGPD now in effect, the STJ must follow its precepts and set an example of how institutions should act in the face of security incidents, in addition to the fact that such a catastrophe should be a warning to the entire governmental system of the country, which even after the Snowden case, remains fragile and susceptible to cyber attacks, compromising the privacy of the confidential data of all citizens of the country “, concludes Blanca.
Paula Sion, a criminal lawyer and coordinator of the Working Group on General Data Protection Law within the scope of the Criminal Law Commission of the OAB-SP, recalls that in the 1990s they kidnapped people and asked for large sums in cash. In 2020, they hijack data and ask for ransom in cryptocurrencies, taking advantage of vulnerabilities in the systems.
“I believe that the STJ has a secure information backup routine and is prepared for attacks of this nature. Otherwise, the damage will be priceless.”
For Daniel Gerber, criminal lawyer with a focus on crisis management and compliance political and business. “Due to the unprecedented nature of the attack suffered by the STJ, more important than a solution to the problem of data encryption, we are looking for ways that will enable the analysis of emergency situations. In this sense, the STF is expected to designate, as soon as possible, a competent area to receive the resources of those who, at the moment, are unable to see their claim answered by that court. “
The lawyer Solano de Camargo, LBCA partner and specialist in Digital and International Law, warns that the growth of hacker attacks on public institutions during the Covid-19 epidemic is serious. For him, many of the causes of these attacks are due to the action or omission of the State in which the cyberpirates are housed, and it is up to public international law to govern the behavior of States. “There is an urgent need to establish international standards of responsibility based on evidence that are based on technical standards as a way of bringing the international law of each State into the application, both of countermeasures, which interrupt cyber aggressions, and of obtaining reparations”, he says. .
According to Solano, the action of transnational hackers could lead Brazil and other countries to a blackout in the scope of Justice and other essential public services. He recalls that the concept of “cyber attack” has not yet been resolved under international law, but that human rights violations in general are the responsibility of the International Criminal Court, as established in article 8 of the Rome Statute. “Cyber war can be considered a violation of human rights treaties, depending on its size, its targets and its consequences for the affected civilian population”, he concludes.
These were the details of the news STJ says to have backup; lawyers consider that episode is... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at time24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.