In a new session of the Football Leaks trial, the FPF’s chief technology officer said the agency’s computer system is “quite resilient” to external attacks.
The computer system of the Portuguese Football Federation (FPF) is “quite resilient” to external attacks, such as the one allegedly carried out by Rui Pinto, the agency’s chief technology officer defended this Thursday, in the judgment of the Football Leaks case.
“It is a very resilient system. We work with a set of internationally recognized partners and the email service that FPF uses is also used by Forbes ‘top-500’ companies,” said Hugo Freitas, in the second part of the deposition at the Central Court Criminal of Lisbon, after having been heard by the panel of judges chaired by Margarida Alves on November 10.
However, the person in charge of the technological area of FPF stressed in the 25th session of the trial that even the best computer systems are vulnerable to the “human factor” and cited as an example of vulnerability “one of the most used passwords” by users.
“What is fundamental to understand about any type of attack is that it is rare to have originated from a technological component. This means that the human factor is inseparable from security. I can create a system that requires having a password with 12, at least, characters and special characters, but if the person writes “amorzinho123!” we have a problem, “he said in response to FPF lawyer Pedro Barosa. Now, “little love123!” is one of the most used passwords in Portugal.
Hugo Freitas also revealed that “computer attacks happen regularly” and that the integrity of the computer system was at stake when a user’s data was compromised “through phishing”. However, the FPF’s internal investigation into access records, following information provided by the Judiciary Police, did not fully identify the source of the attack.
During the public prosecutor’s inquiry, it was also possible to realize that the main defendant and creator of Football Leaks would be in possession of the passwords of the accounts of the federation’s social networks, namely, Twitter, Facebook and Instagram.
This Thursday’s session also had the testimony of former PLMJ lawyer Pedro Melo, by video call, who assumed he did not know that his email box had been the target of an alleged access by Rui Pinto, at the end of 2018.
“I didn’t know about it and I even take the opportunity to ask if this access took place or not,” questioned Pedro Melo, with the Public Prosecutor, Marta Viegas, answering only that the electronic mailbox was not exfiltrated for the devices apprehended by Rui Pinto and that “it is only indicated that there will have been access”.
“I had no indication of this access, it is the first time that they give me this information. At the time, I asked if my computer had been accessed and they did not know how to answer it, I asked it a second time and they gave the same answer. So I got the idea that my email box had not been accessed “, said the lawyer, adding that he did not have any information related to the Football Leaks or Luanda Leaks cases.
The next session of the trial is scheduled for Tuesday, with the hearing of Nélio Lucas, former CEO of the investment fund Doyen, continuing.
.
