The Portuguese Football Federation (FPF) system could even be “quite resilient” to attacks such as the one allegedly carried out by Rui Pinto. However, the director of information technology, Hugo Freitas, could not control the human factor, namely the passwords vulnerabilities chosen by users.
What is fundamental to understand about any type of attack is that it is rare to have originated from a technological component. The human factor is absolutely inseparable from security. I can create a security policy that requires a password of 12 characters or 16 characters, which must have numbers, which must have special characters, but if the doctor chooses amorzinho123! we have a problem. It is one of the most used passwords, from the last articles I read about it“, He stated when questioned by lawyer Pedro Barosa, who represents the FPF.
Heard this Thursday at the 25th session of the Football Leaks trial, the chief information officer assured that the FPF works “with a set of internationally recognized partners” and that the email used is the same as that used by “companies in the top 500 of [revista] Forbes”.
Hugo Freitas explained that “the FPF is no different from other institutions in the country” and that, therefore, also there “Attacks on computer systems happen regularly”. It is difficult to do a “real-time analysis” of the accesses: “It is very difficult to determine whether access to a given system is illegitimate or not because the techniques are quite advanced”.
The team that represents the Portuguese Football Federation. In the center, lawyer Pedro Barosa (FILIPE AMORIM / OBSERVADOR)
The morning session was occupied, in large part, by the testimony of Hugo Freitas, who spent many hours doing, at the request of the Attorney of the Republic Marta Viegas, a analysis of records of accesses made to the FPF’s computer systems allegedly by Rui Pinto, but also to documents that would be on the devices seized from the defendant. One, a document with notes, had passwords for FPF social network accounts, namely Twitter, Facebook and Instagram.
Before Hugo Freitas, the lawyer Pedro Melo, who worked at PLMJ at the time of the attack on this institution, was also heard by video call, also carried out by the accused, in the prosecution’s thesis.
When the Public Prosecutor asked him if he was aware that his computer had been accessed illegally, former PLMJ lawyer Pedro Melo replied promptly:
I did not have. In fact, I would like to take this opportunity to ask if this access took place or not.. It is the first time that they have given me this information ”.
Only the magistrate could not give a concrete answer. “That’s what we’re trying to prove“, He explained, with the exception of his box email it had not been one of those found in the devices apprehended by Rui Pinto.
The lawyer explained that had “gotten the idea” that he hadn’t been one of the targets of the alleged hacker since, in 2018, after, at the time, he questioned the team that was analyzing the effects of the alleged attack on the PLMJ law firm and “did not know how to answer”. “At the time, I asked if my computer had been accessed and they did not know how to answer. I asked later and they gave the same answer. So I got the idea that my e-mail box had not been accessed, ”he said. The prosecutor later explained that the PLMJ computer technician, who can explain whether Pedro Melo’s computer was or was not accessed, had not yet been heard at the Football Leaks trial.
Even so, the lawyer explained that he had “matters related to heritage” and his “family” on his computer, but also contracts related to his profession. “Today we have practically everything in computer documents”, he recalled, adding that did not realize that “documents have been published”. Asked by the Public Prosecutor about whether he had documents related to the Football or Luanda Leaks universe on his computer, Pedro Melo denied it.
From private investigation to Rui Pinto to partner with “clean money”. Nélio Lucas is not the center of the case, but he stirred the court
The next session of the trial is scheduled for next Tuesday. On that day, go continue hearing of Nélio Lucas, former administrator of the Doyen investment fund, allegedly accessed by Rui Pinto, who started to be heard on the 4th of November. But neither that day, nor the next, November 5, was enough to hear Nélio Lucas and, therefore, the businessman returns to court on Tuesday – at least.
Rui Pinto, the main defendant, is responsible for 90 crimes – all related to the fact that you have accessed the computer systems and mailboxes emails of people linked to Sporting, Doyen, the PLMJ law firm, the Portuguese Football Federation, the Portuguese Bar Association and the PGR. Among those targeted are Jorge Jesus, Bruno de Carvalho, the then director of DCIAP Amadeu Guerra or lawyer José Miguel Júdice. Thus, 68 are of undue access, 14 of violation of correspondence, six of illegitimate access and also for computer sabotage to Sporting’s SAD and for attempted extortion to the Doyen investment fund.
Aníbal Pinto, his lawyer at the time of the alleged crimes, is responsible for the crime of attempted extortion because he will have acted as an intermediary for Rui Pinto in the alleged extortion attempt on Doyen. And that is why the two of them sit side by side, in front of the panel of judges.
Rui Pinto. The boy with the “spiky hair” who was already on the school computers before being the “John” of Football Leaks
The alleged hacker has been in preventive detention since March 22, 2019 and was placed under house arrest on April 8 of this year, in a house made available by the PJ. Following a request made by the defendant’s defense, the judge Margarida Alves, president of the panel of judges – who is judging Rui Pinto and who has Judges Ana Paula Conceição and Pedro Lucas as his assistant – decided to release him. The alleged hacker left the PJ premises in early August and his current address is unknown.
[Artigo corrigido às 15h50 de 20 de novembro de 2020. Na versão original, era dito que amorzinho123! era uma das passwords mais utilizadas na FPF. Na verdade, essa é das passwords mais utilizadas pelos utilizadores em geral e não na FPF. Pelo lapso, pedimos desculpa]
