Documents sent to the PF indicate that the shooter may have operated the platform without territorial restrictions
Credentials of 2 Civil Defense agents from Pará were used to trigger 10 false alerts to millions of cell phones in the early hours of Saturday (June 20, 2026). The messages were sent to 7 States and the Federal District. The information is from the newspaper The Globe.
According to documents sent by the federal government to the Federal Police, which is investigating the case, there is evidence that an external agent used the access accounts of the 2 state servers to access the platform for sending alerts. The messages contained words unrelated to real emergency situations, such as ““, “misantropi4” e “alien attack”.
The alerts reached the States of São Paulo, Rio de Janeiro, Mato Grosso do Sul, Minas Gerais, Bahia, Paraná and Acre, in addition to the Federal District. The 10 alerts correspond to the total number sent by the system, while the 7 States and the Federal District only indicate the locations that were hit by at least one of these shots.
As the same alert can reach more than one region at the same time and the same region can receive more than one message, the total number of messages does not necessarily coincide with the number of federative units affected.
In the document sent to the PF, the federal government states that the episode is aggravated by the fact that the shots were directed to regions outside the area of activity of the agents involved, who were authorized to issue alerts only in Pará.
HOW IT WAS
The 1st false alert was issued at 11:41 pm on Friday (June 19, 2026), using the credentials of one of the agents. The message was sent to Rio de Janeiro, registered in the “landslides” category, with the text: “misanthrope ADDRESS RJ donkeys dms pprt”.
Four minutes later, at 11:45 pm, cell phones in Curitiba received a new alert, also in the “slides” category, containing only the word “misanthropy”.
Another 8 alerts were sent between 1:20 am and 1:23 am on Saturday (June 20, 2026), this time using the credentials of a 2nd agent. Most messages contained the term “misantropi4”.
Nine of the 10 alerts used cell broadcast technology – a system that automatically sends messages to all cell phones connected to telephone antennas in a given area. The other used the SMS system. All shots were recorded as “extreme level”, a category reserved for situations that require immediate protective action.
The National Secretariat for Protection and Civil Defense stated, in a document sent to the PF, that the messages “do not present technical, institutional content or content compatible with Civil Protection and Defense protocols”. According to the folder, the texts contained “expressions that are offensive, incoherent and unrelated to real events, including terms such as ‘misanthropy’, ‘misanthrope’ and mention of ‘alien attack’”.
INVESTIGATION
The national secretary of Civil Protection and Defense, Wolnei Wolff, in a press conference on Saturday (June 20, 2026) that the signs point to a cyber attack.
“Everything indicates that the incident was not caused by someone within the system itself. Everything suggests that it was a hacker attack, a cybercrime”these.
The National Civil Defense took the platform for sending alerts offline around 1:30 am on Saturday and contacted the PF. A preliminary investigation was launched the same day.
An internal government document indicates that the team responsible for the platform blocked the credential used in the first 2 shots. Next, the 2nd credential linked to the body in Pará was used.
The attack targeted the Idap (Population Alert Data Integration) platform. The National Civil Defense also opened a security incident call with the CTIR Gov (Center for Prevention, Treatment and Response to Cyber Incidents of the Federal Government).
According to the folder, “the incident consisted of the unauthorized activation of the Civil Defense Alert (DCA) system, with the consequent improper sending of messages to the population, without any request or validation from the competent civil protection and defense authorities”.
The document adds that, in addition to the possible misuse of credentials, there is evidence that the person responsible managed to operate the platform without the expected territorial restrictions, issuing or attempting to issue alerts for areas in which users did not have authorization to send.
