David Luís Tojal revealed that when he joined the Alvalade club in 2010, “the credentials had three characters and most were SCP”, an information that generated some laughter in the audience room
The former administrator of Sporting’s computer system acknowledged this Wednesday the weakness of the Lisbon club’s internal network, the target of the attack attributed to Rui Pinto, considering that the tools to respond to this situation “were very basic”.
Speaking at the 10th session of the Football Leaks trial at the Lisbon Central Criminal Court, David Luís Tojal revealed that when he joined the Alvalade club in 2010, “the credentials were three characters long and the majority were SCP” , information that generated some laughter in the audience room.
“We suggested increasing the complexity to eight characters. This was done, but the Sporting administration itself asked to remove it because it was too much for their heads,” said the witness, adding that he passed the minimum complexity level for six characters: “When it arrived a new user, we had to create an account and password, and often the password was “SCP123”. We asked to change, but many did not change the password “.
Asked to describe the contours of the attack allegedly carried out by the creator of Football Leaks, Sporting’s computer technician said that it was only later that he identified “very strange activity” from an access from Hungary, after reporting “slowness” in the server, disruption and an “email database problem” that left users without access. David Luís Tojal explained that, then, the priority was to repair the system.
The problem was not solved internally, nor with the intervention of external entities, which was only possible with the use of “backups”. This process of reinstatement dragged on for “days or weeks”, until it was suspended with the disclosure in Coach Leaks of coach Jorge Jesus’s contract at the end of September, which led the IT department to try to understand the source of the document extraction. .
“From the attack they gave freedom and we increased the complexity [de acesso ao sistema]”, also assuming that even when the system blocked, this block disappeared after a short time:” The tools we had were not the best, they were very basic “.
According to the witness, who will continue to be heard in the afternoon, the accounts of members of the “management and the legal department were most affected” by the attack.
Before, there was a hearing at the end of the hearing of the Judicial Police specialist Afonso Rodrigues, who revealed that the disruption of the Sporting system “had 27,678 lines of attack” and that “some previous work” by the official was necessary, stressing that the IT team of the club “did not take care of this type of situation”.
The defense of the main defendant in the lawsuit sought to dismantle the idea of the intention to cause the system to “crash”, given the fact that Afonso Rodrigues stated that this situation was caused by “tools to test vulnerabilities” and not specifically to “bring it down.” ” the net.
On the other hand, Rui Pinto’s lawyers – who proved to be particularly active at this stage, gesturing several times and standing up to give directions to their representatives – led the witness to admit he was unable to specify, based on the log file to the club system on September 29, 2015, which attack caused the disruption.
“I am unable to assess subjectively what the intention of the attacker was,” said Afonso Rodrigues, who also said that he had only analyzed this day of records and that he was not aware of anyone else in the Judiciary having analyzed “logs” of this nature.
.
