{"id":22867,"date":"2025-08-09T08:00:00","date_gmt":"2025-08-09T11:00:00","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=22867"},"modified":"2025-08-02T21:00:57","modified_gmt":"2025-08-03T00:00:57","slug":"jovens-hackers-expunham-falhas-criticas","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/08\/exploits\/jovens-hackers-expunham-falhas-criticas\/","title":{"rendered":"Jovens hackers expunham falhas cr\u00edticas"},"content":{"rendered":"\n<article class=\"text-token-text-primary w-full focus:outline-none scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" tabindex=\"-1\" data-testid=\"conversation-turn-92\" data-scroll-anchor=\"false\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto [--thread-content-margin:--spacing(4)] @[37rem]:[--thread-content-margin:--spacing(6)] @[72rem]:[--thread-content-margin:--spacing(16)] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:32rem] @[34rem]:[--thread-content-max-width:40rem] @[64rem]:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\" tabindex=\"-1\">\n<div class=\"flex max-w-full flex-col grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal [.text-message+&amp;]:mt-5\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"e6a7d248-641a-4586-b2a6-0083849cb1ec\" data-message-model-slug=\"gpt-4o\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden first:pt-[3px]\">\n<div class=\"markdown prose dark:prose-invert w-full break-words light markdown-new-styling\">\n<p data-start=\"44\" data-end=\"126\"><strong data-start=\"44\" data-end=\"126\">Tr\u00eas jovens hackers expunham falhas cr\u00edticas no sistema do Minist\u00e9rio da Sa\u00fade<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"128\" data-end=\"204\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Um grupo de tr\u00eas jovens portugueses, sem forma\u00e7\u00e3o acad\u00eamica formal, ganhou notoriedade ao expor graves fragilidades nos sistemas inform\u00e1ticos do Minist\u00e9rio da Sa\u00fade. Com idades entre 19 e 20 anos e origem em atividades de entretenimento online, os hackers foram detidos ap\u00f3s movimentarem cerca de \u20ac500 mil em contas banc\u00e1rias, sem exercer qualquer atividade laboral legal, segundo acusa\u00e7\u00e3o judicial (Expresso)<\/span>.<\/p>\n<p data-start=\"128\" data-end=\"204\">\u00a0<\/p>\n<p data-start=\"211\" data-end=\"253\"><strong data-start=\"211\" data-end=\"253\">Metodologia e consequ\u00eancias do esquema<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"255\" data-end=\"331\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">O grupo, autodenominado PKN (inspirado em Pok\u00e9mon), operava desde o contexto da pandemia e utilizava conhecimento dom\u00e9stico e acesso simples a redes p\u00fablicas para identificar vulnerabilidades. Eles conseguiram acessar dados pessoais de cidad\u00e3os, expor receitas il\u00edcitas de fabrica\u00e7\u00e3o de bebidas com drogas, compartilhar certid\u00f5es de \u00f3bitos de pessoas vivas com fins de ridiculariza\u00e7\u00e3o e realizar extors\u00f5es contra dezenas de v\u00edtimas, aproveitando-se da falha do sistema para obter e divulgar informa\u00e7\u00f5es confidenciais<\/span>.<\/p>\n<p data-start=\"255\" data-end=\"331\">\u00a0<\/p>\n<p data-start=\"338\" data-end=\"393\"><strong data-start=\"338\" data-end=\"393\">Vulnerabilidades reveladas no sistema do Minist\u00e9rio<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"395\" data-end=\"432\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Embora o artigo n\u00e3o detalhe tecnicamente as falhas, o tipo de dano sugere falhas de configura\u00e7\u00e3o e autoriza\u00e7\u00e3o em APIs internas ou portais p\u00fablicos, aus\u00eancia de prote\u00e7\u00e3o contra automa\u00e7\u00e3o de scraping ou autentica\u00e7\u00e3o vulner\u00e1vel. Essas lacunas permitiram que os jovens acessassem dados sens\u00edveis sem barreiras t\u00e9cnicas substanciais.<\/span><\/p>\n<p data-start=\"395\" data-end=\"432\">\u00a0<\/p>\n<p data-start=\"439\" data-end=\"500\"><strong data-start=\"439\" data-end=\"500\">Li\u00e7\u00f5es para seguran\u00e7a em sistemas p\u00fablicos governamentais<\/strong><\/p>\n<p data-start=\"502\" data-end=\"539\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">O caso evidencia v\u00e1rios pontos cr\u00edticos:<\/span><\/p>\n<ul data-start=\"541\" data-end=\"702\">\n<li data-start=\"541\" data-end=\"580\">\n<p data-start=\"543\" data-end=\"580\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Aus\u00eancia de controle de acesso robusto em portais que exp\u00f5em dados da infraestrutura p\u00fablica.<\/span><\/p>\n<\/li>\n<li data-start=\"581\" data-end=\"620\">\n<p data-start=\"583\" data-end=\"620\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Falta de monitoramento e limita\u00e7\u00e3o de scraping ou consultas em massa.<\/span><\/p>\n<\/li>\n<li data-start=\"621\" data-end=\"660\">\n<p data-start=\"623\" data-end=\"660\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Necessidade de transpar\u00eancia e accountability no desenvolvimento de sistemas governamentais.<\/span><\/p>\n<\/li>\n<li data-start=\"661\" data-end=\"702\">\n<p data-start=\"663\" data-end=\"702\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Vulnerabilidades explor\u00e1veis por indiv\u00edduos com baixo n\u00edvel t\u00e9cnico, mas alto poder limitador.<\/span><\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p data-start=\"709\" data-end=\"771\"><strong data-start=\"709\" data-end=\"771\">Boas pr\u00e1ticas recomendadas para governos e desenvolvedores<\/strong><\/p>\n<ul data-start=\"773\" data-end=\"987\">\n<li data-start=\"773\" data-end=\"815\">\n<p data-start=\"776\" data-end=\"815\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Implantar autentica\u00e7\u00e3o s\u00f3lida e controle de privil\u00e9gios em APIs e portais;<\/span><\/p>\n<\/li>\n<li data-start=\"816\" data-end=\"858\">\n<p data-start=\"819\" data-end=\"858\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Monitorar acessos e padr\u00f5es de comportamento automatizado;<\/span><\/p>\n<\/li>\n<li data-start=\"859\" data-end=\"901\">\n<p data-start=\"862\" data-end=\"901\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Implementar valida\u00e7\u00e3o anti-bots e mecanismos de detec\u00e7\u00e3o de scraping;<\/span><\/p>\n<\/li>\n<li data-start=\"902\" data-end=\"944\">\n<p data-start=\"905\" data-end=\"944\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Realizar auditorias regulares de seguran\u00e7a e testes de penetra\u00e7\u00e3o por terceiros;<\/span><\/p>\n<\/li>\n<li data-start=\"945\" data-end=\"987\">\n<p data-start=\"948\" data-end=\"987\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Treinar equipes internas para responder rapidamente a incidentes e fortalecer resposta institucional.<\/span><\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p data-start=\"994\" data-end=\"1007\"><strong data-start=\"994\" data-end=\"1007\">Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1009\" data-end=\"1048\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">O incidente com o Minist\u00e9rio da Sa\u00fade de Portugal demonstra que sistemas p\u00fablicos, mesmo com baixa sofistica\u00e7\u00e3o t\u00e9cnica dos atacantes, podem ser seriamente comprometidos por falhas b\u00e1sicas de seguran\u00e7a ou configura\u00e7\u00e3o. A exposi\u00e7\u00e3o de dados pessoais, extors\u00e3o de v\u00edtimas e movimenta\u00e7\u00e3o de valores consider\u00e1veis por indiv\u00edduos sem forma\u00e7\u00e3o formal refor\u00e7am a import\u00e2ncia de proteger sistemas governamentais com camadas de defesa eficazes, auditorias cont\u00ednuas e monitoramento proativo.<\/span><\/p>\n<p style=\"text-align: justify;\" data-start=\"1050\" data-end=\"1089\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Este caso serve como um chamado urgente para que governos e organiza\u00e7\u00f5es tratem a seguran\u00e7a digital como prioridade central: <strong data-start=\"125\" data-end=\"242\">n\u00e3o basta construir sistemas funcionais \u2014 \u00e9 preciso torn\u00e1-los resistentes a erros simples e a ataques inesperados<\/strong>.<\/span><\/p>\n<\/div>\n<p data-start=\"1050\" data-end=\"1089\">\u00a0<\/p>\n<div class=\"markdown prose dark:prose-invert w-full break-words light markdown-new-styling\">\n<p data-start=\"1096\" data-end=\"1111\"><strong>Refer\u00eancias Bibliogr\u00e1ficas:\u00a0<\/strong><\/p>\n<ul data-start=\"1113\" data-end=\"1280\">\n<li data-start=\"1113\" data-end=\"1197\">\n<p data-start=\"1116\" data-end=\"1197\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">Expresso. <em data-start=\"10\" data-end=\"122\">Tr\u00eas hackers sem estudos montaram esquema que exp\u00f4s fragilidades do sistema inform\u00e1tico do Minist\u00e9rio da Sa\u00fade<\/em>. Dispon\u00edvel em: <a href=\"https:\/\/expresso.pt\/sociedade\/2025-07-30-tres-hackers-sem-estudos-montaram-esquema-que-expos-fragilidades-do-sistema-informatico-do-ministerio-da-saude-34952e18\" target=\"_blank\" rel=\"noopener noreferrer\" data-start=\"139\" data-end=\"299\" data-is-last-node=\"\">https:\/\/expresso.pt\/sociedade\/2025-07-30-tres-hackers-sem-estudos-montaram-esquema-que-expos-fragilidades-do-sistema-informatico-do-ministerio-da-saude-34952e18<\/a><\/span> <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]! transition-colors duration-150 ease-in-out\" href=\"https:\/\/expresso.pt\/sociedade\/2025-07-30-tres-hackers-sem-estudos-montaram-esquema-que-expos-fragilidades-do-sistema-informatico-do-ministerio-da-saude-34952e18?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-full grow truncate overflow-hidden text-center\">linkedin.com<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+6<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between\"><span class=\"max-w-full grow truncate overflow-hidden text-center\">expresso.pt<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+6<\/span><\/span><span class=\"flex h-4 w-full items-center justify-between absolute\"><span class=\"max-w-full grow truncate overflow-hidden text-center\">expresso.pt<\/span><span class=\"-me-1 flex h-full items-center rounded-full px-1 text-[#8F8F8F]\">+6<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<li data-start=\"1198\" data-end=\"1280\">\n<p data-start=\"1201\" data-end=\"1280\"><span class=\"relative -mx-px my-[-0.2rem] rounded px-px py-[0.2rem] transition-colors duration-100 ease-in-out\">APDPO Portugal. <em data-start=\"16\" data-end=\"90\">Ver\u00e3o Ciberseguro: dicas de preven\u00e7\u00e3o e prote\u00e7\u00e3o em redes Wi\u2011Fi p\u00fablicas<\/em>. Dispon\u00edvel em: <a href=\"https:\/\/www.linkedin.com\/company\/apdpo\" target=\"_blank\" rel=\"noopener noreferrer\" data-start=\"107\" data-end=\"145\" data-is-last-node=\"\">https:\/\/www.linkedin.com\/company\/apdpo<\/a><\/span> <span class=\"\" data-state=\"closed\"><span class=\"ms-1 inline-flex max-w-full items-center relative top-[-0.094rem] animate-[show_150ms_ease-in]\"><a class=\"flex h-4.5 overflow-hidden rounded-xl px-2 text-[9px] font-medium text-token-text-secondary! bg-[#F4F4F4]! dark:bg-[#303030]! transition-colors duration-150 ease-in-out\" href=\"https:\/\/www.linkedin.com\/company\/apdpo?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\"><span class=\"relative start-0 bottom-0 flex h-full w-full items-center\"><span class=\"flex h-4 w-full items-center justify-between overflow-hidden\"><span class=\"max-w-full grow truncate overflow-hidden text-center\">linkedin.com<\/span><\/span><\/span><\/a><\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"flex min-h-[46px] justify-start\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/article>\n<article class=\"text-token-text-primary w-full focus:outline-none scroll-mt-(--header-height)\" dir=\"auto\" tabindex=\"-1\" data-testid=\"conversation-turn-93\" data-scroll-anchor=\"false\" data-turn=\"user\">\n<h5 class=\"sr-only\">\u00a0<\/h5>\n<\/article>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tr\u00eas jovens hackers expunham falhas cr\u00edticas no sistema do Minist\u00e9rio da Sa\u00fade Um grupo de tr\u00eas jovens portugueses, sem forma\u00e7\u00e3o acad\u00eamica formal, ganhou notoriedade ao expor graves fragilidades nos sistemas inform\u00e1ticos do Minist\u00e9rio da Sa\u00fade. Com idades entre 19 e 20 anos e origem em atividades de entretenimento online, os hackers foram detidos ap\u00f3s movimentarem [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":22869,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-22867","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22867","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=22867"}],"version-history":[{"count":2,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22867\/revisions"}],"predecessor-version":[{"id":22870,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/22867\/revisions\/22870"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/22869"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=22867"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=22867"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=22867"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}