Hacking of Nota Fiscal
The Brazilian website of Nota Fiscal was among those that have crashed due to activities of Anonymous. In this article we will explain about the security breach that happened.
The Brazilian website of NF-e (Nota Fiscal Eletrônica or Eletronic Sales Slip) was one of those that have been invaded by the group of hackers worldwide known as Anonymous. The list of websites which have already been targeted by the group includes the Confederação Brasileira de Vôlei (Brazilian Volleyball Confederation) and the Confederação Brasileira de Boxe (Brazilian Boxing Federation).
About Anonymous
Anonymous call themselves not as an organization or a hacker group, but as an idea. “You can't suspend an idea”, says its website, Twitter and Facebook. Its members see themselves as activists and protectors of the free speech, and tend to appear in the newspapers around the world in times when they believe that internet freedom or personal privacy are being threatened.
#OpWeeksPayment
In Brazil, they also caused problems to a considerable number of entities and organizations. The most recent happened in October, 30th, when they started to make attempts to shut down the website of the Nota Fiscal Eletrônica, which provides a consultancy service for all Brazilian states. The attacks started at 10 am and lasted at least one hour. The 30th was the first of the originally five days that would constitute the operation named #OpWeeksPayment part 2.
This operation was the sequence to the attack that happened in the first semester of 2012; in February, Anonymous shut down several internet banking services. This first operation, created in January, received the name of #OpWeeksPayments and shut down websites of banks such as Itaú, Bradesco, Banco do Brasil and HSBC.
Anonymous claimed to have chosen as targets the webpages of big banks because the population only pays attention to these actions when they reflect in their incomes. That's why both operations were made in the week when workers were to receive their salaries.
With the websites unavailable, people had to go to the banks in order to make transactions and consultations. Anonymous members said that bothering the population is a way to make people aware of the problems in politics.
The unavailability of the websites was due to the action of Anonymous of creating a big number of clandestine accesses to them, shutting down the web servers. This action doesn't threaten neither the information nor the money of the clients. #OpWeeksPayments part 2 lasted for three days.
The issuing of Nota Fiscal
Nota Fiscal is a document that registers the transfer of property of a good or a commercial activity. Its issuing is mandatory to all the companies that sells products or services. The issuing of Nota Fiscal Eletrônica is not mandatory as long as the companies issue “Nota Fiscal de Venda ao Consumidor” (Nota Fiscal of Sales to Consumers).
With the Anonymous #OpWeeksPayments part 2, eight states had their webpages of Nota Fiscal shut down: São Paulo, Minas Gerais, Bahia, Amazonas, Goiânia, Rio Grande do Sul, Rio Grande do Norte and Mato Grosso do Sul. The crash of the websites, however, didn't have real practical effects.
Big enterprises didn't stop issuing Notas Fiscais because of the failure of the website. Even when the online services aren't available, Nota Fiscal can still be issued by using mechanisms of contingency, due to the law. Probably only small companies which were unprepared to the eventuality of an attack were jeopardized.
Phishing
The real and increasing threat to companies that issue Nota Fiscal is the phising. In the Internet language, phishing is an electronic fraud that tries to get secret data by sending links in e-mails, SMSs or instant messages. As the name suggests, it tries to 'fish' personal information.
The phishing occurs when the client is mislead by deceivers, who lie about their identities. Usually deceivers identify themselves as authorities or trustworthy companies and send ill-intentioned links to the clients.
Accessing these webpages can be a big problem to the companies. When the clients enter the link of the e-mail, the deceivers can get secret information such as data from bank accounts or credit cards, as well as clients registry, prices, products and levy. Considering this, it's important for companies to warn their personnel of this security breach, so that important information won't fall into the wrong hands.