TL;DR
Brazil’s civil defense alert system was hacked and sent fake extreme alerts with the word “misantropi4” to millions of phones before the platform was shut down.
Hackers breached Brazil’s national civil defense alert system overnight, sending fakes”extreme alert” notifications containing the word “misanthropy4” to millions of mobile phones in at least seven states. The Civil Defense Alert platform was disconnected at 1:30 am on Saturday after the Ministry of Integration and Regional Development confirmed the intrusion.
The Federal Police have been activated to investigate. No timeline has been given as to when the platform will be restored.
The first unauthorized alert was recorded around 11:40 p.m. on Friday, June 19, in Paraná. Within hours, the same emergency sound, the kind that bypasses silent mode and overrides what appears on the screen, reached phones in São Paulo, Rio de Janeiro, Brasilia, Bahia, Pará, Mato Grosso do Sul and Acre.
National Secretary of Civil Protection and Defense Wolnei Wolff said in a press conference that 10 alerts were tracked in several Brazilian states, most sent via Cell Broadcast and at least one via SMS. The total number of affected phones was not officially revealed, although German outlet Ad-hoc-News reported an estimate of approximately 30 million people affected.
“It is difficult to say whether one or more people participated in this criminal act,” Wolff said. He added that the incident was “very bad for the system, taking into account that when we issue the alert we take care of people’s safety.“
The phones show “Civil Defense: misanthropy4,”with the final letter”to“in the Portuguese word”misanthropy“replaced by the number 4, a common substitution in Leetspeak. Misanthropy translates as misanthropy, meaning hatred or aversion to humanity.
The message was not accompanied by dangerous instructions, but the use of the most severe alert category, reserved for imminent natural disasters, caused widespread alarm. Beneficiaries in seven states were startled awake by the sound of emergency.
Wolff confirmed that the attackers managed to regain access after a first blocking attempt. The platform was finally closed completely at 1:30 am. The system will remain suspended until all digital security conditions are restored, according to the ministry.
Brazil’s cellular transmission system is relatively new. It was ordered by telecommunications regulator Anatel in 2022, tested in 11 cities starting in August 2024 and expanded to cover the entire national territory in October 2025.
The technology transmits alerts to all devices within range of a cell tower without requiring phone numbers or prior registration. The four operators that provide the service, Algar, Claro, TIM and Vivo, participated in the night response together with Anatel.
The vulnerability exploited in the attack has not been publicly disclosed and the investigation is ongoing. Security researchers have observed that Cell Broadcast systems worldwide They lack cryptographic authentication, meaning the devices cannot independently verify whether civil defense authorities actually sent an alert..
Academic research since 2019 has shown that false alerts can be transmitted using relatively inexpensive equipment, including software-defined radios. It is still unclear whether the Brazilian attack exploited the central platform, as the government statement implies, or used a clandestine transmitter.
A person who claims responsibility for the attack posted on X (formerly Twitter) before the platform removed the posts, according to Brazilian technology outlet TecMundo. The Federal Police have not confirmed whether this individual is a true suspect.
The incident reflects a pattern of critical infrastructure warning systems being compromised through surprisingly basic attack vectors. Last month in Taiwan, a 23-year-old student activated emergency braking on four high-speed trains using a laptop and a cheap software-defined radio, exploiting cryptographic keys that had not been changed in 19 years. The European Commission was breached in March via a poisoned open source security tool, resulting in 92 gigabytes of stolen data.
The immediate concern for Brazil is the erosion of public trust. The Cell Broadcast system was built to save lives during floods, landslides and severe weather events.
If citizens learn to associate emergency sound with pranks rather than genuine warnings, they may ignore future alerts when a real disaster is unfolding. That risk, more than any technical vulnerability, is the lasting damage of a hack that woke up a country with a single strange word.
