Cyberattackers target Vodafone’s Portugal network

Hack plunges country into chaos: emergency services compromised; 4.7 million without phones

Monday night from around 9pm saw the beginning of what have become fairly devastating effects of the latest institutional ‘hack’, this time on Vodafone’s network in Portugal.

Roughly 4.7 million users found themselves without service; INEM (medical emergency response), firefighters, PJ police were all severely compromised; numerous ATMs ‘went down’ – even criminals on ‘electronic tags’ could not be monitored.

As all reports have since attested, the attack – described by Vodafone bosses as a “terrorist, criminal act” – “shows the fragility of the operator’s IT security system”.

It also shows that  this is a new age form of crime that could “knock on the door of any business” (the words of Hugo Nunes, team leader in cyber threat intelligence at S21sec Portugal).

Hackers have been supremely active in Portugal since the start of the year when one group, Lapsu$, took credit for bringing down the media sites of the Impresa group.

Since then there have been intrusions into the networks of various hospitals, the official sites of the Republican Assembly, EDP, Altice (also a telecoms giant), the regional government of the Azores, the municipal council of Lisbon and even some government ministers.

For now, Lapsu$ has not claimed credit for the Vodafone attack – which is still nowhere near being completely resolved.

The group has however posted the word ‘Vodafone’ on its Telegram account.

Vodafone meantime is busy fixing the damage caused, following a press conference on Tuesday in which the company’s Portugal CEO called Mário Vaz denounced the situation as a  “deliberate and malicious cyberattack with the objective of causing harm and disruption”.

It doesn’t appear any client data has been accessed or compromised, but for people who could not make telephone calls, send text messages, or even watch television, the incident was exasperating. 

Thousands flooded the site ‘Downdetector’ with complaints on Monday night, and as of Wednesday morning a number were still without full service. 

The PJ’s cybercrime combat unit continues to investigate,  reportedly requesting the collaboration of counterparts in other countries.

In a statement the force referred to “the global dimension of cyberspace powering an increase in these kind of attacks, which by rule, assume an international dimension”.

CNCS, the national centre for cybersecurity, is also involved – particularly focused on investigating the intrusions into the banking networks, which became increasingly obvious on Tuesday as clients could not access homebanking services.

A cautionary text in Diário de Notícias on Wednesday explains that while cybersecurity experts have been ‘surprised’ by the dimension of this attack (suggesting it will have taken months of planning), they are quite certain this type of crime is here to stay.

The baffling aspect of these hacks – for which no group or individual seems to have requested a ransom – is motive. 

According to Manuel Dias, a senior consultant in cybernetic risk for the Marsh consultancy, “human life has become increasingly digitalised, transferring wealth from the physical world to the digital” and this is where this crime is directed: digital wealth.

[email protected]