Brazilian “Car Wash” Task Force: Cyber Security Lessons

By Rodrigo Ruiz & Rogério Winter

The creators of House of Cards have publicly stated that their work is Discovery Kids. Brazil already stars in a reality show worthy of Discovery ID. The world follows our events as if they were accompanying their favorite series. Since we are all attentive to this show of real horrors, we must learn some lessons for our day-to-day life. As Cyber Security researchers, we would like to alert you to the good practices (believe it is not a joke) demonstrated by some people who have been or are being investigated by Brazilian police forces, including with the help of the FBI.

When talking about good practices in the use of Information Technology and Communication resources, we should look to Daniel Dantas (Satiagraha) and Marcelo Odebrecht as great personalities in the management of information security. We will not go into the merit of what kind of information these personalities protect in their digital safes. However, it is true that Mr. Trump, Mrs. Dilma, Mr. Nixon, Mrs. Clinton, NASA, CIA and all of us must learn to protect our information with the masters of real-life House of Cards.

“Neither FBI was able to open the archives of the Satiagraha task force, culminating in the nullity of the operation and the exile of the Delegate responsible for the operation”

The success of our personalities begins in the consciousness about having sensitive data and the need to protect them. Next, we must learn to control our mouth. A secret that many people know, well … it is no secret. Remember that nowadays almost anything can hide a tape recorder. Google holds restricted meetings with any electronic device. Mark Twain said, “We ought never to do wrong when people are looking”.

The use of encryption software (a way to hide text so that only the key holder can read the text) is essential for storing large amounts of sensitive information. However, that alone is not enough. We have already published research in specialized journals and security conferences demonstrating failures in cryptographic systems: Symantec PGP, BitDefender, Truecrypt and BitLocker from Microsoft, you can check in the Journal of Cyber Security and Mobility V5-2. These flaws, coupled with the unsafe use of systems, can put their secrets on the first-page newspaper!

Imagine the following scenario: You are a politician, director of a large company or a revolutionary researcher. Your life is in the security of your information. Therefore, you ask your director of ICT to give you an encrypted notebook.

You end up getting a computer prepared by an intern. When you receive, you change the password and think that everything is safe. We are sorry to inform you that your trainee and everyone who has touched your device before you will have access to your files.

Neither FBI was able to open the archives of the Satiagraha task force, culminating in the nullity of the operation and the exile of the Delegate responsible for the operation. The Brazilian press announced that the computer of Marcelo Odebrecht (investigated in the Car Wash task force) is so protected that it will not be able to have its data exposed.
No matter what you think about protecting. To do it right, learn from these “good” examples.

About the Authors
Rodrigo Ruiz is a researcher at CTI – Centro de Tecnologia da Informação Renato Archer, Campinas, Brazil. In addition, he as the co-author of Apoc@lypse: The End of Antivirus. He has also authored papers about privacy and security for Cyber Defense Magazine, Cyber Security Review, JCSM, 2600 Magazine, US Cybersecurity Magazine, ICCYBER, ICCICS, WCIT2014, YSTS, IJCSDF, ICISCF, SIGE, JPSS. [email protected] https://www.researchgate.net/profile/Rodrigo_Ruiz3

Rogério Winter is colonel at the Brazilian Army and head of Institutional relations of CTI Renato Archer with more than 25 years of experience in military operations and cybersecurity. He is master degree in Electronic Engineering and Computation by Aeronautics Technological Institute-ITA, dedicates to the warfare issues, cybernetics, command, and control, and decision-making process and he is a co-author of Apoc@lypse: The End of Antivirus.