Hackers hijacked Brazil’s emergency alert system and sent ‘misanthropy’ to millions of phones

Hackers breached Brazil’s national civil defense alert system overnight, sending fake “Extreme Alert” notifications containing the word “misantropi4” to millions of mobile phones across at least seven states. The Civil Defense Alert platform was taken offline at 1:30 am on Saturday after the Ministry of Integration and Regional Development confirmed the intrusion.

The Federal Police has been activated to investigate. No timeframe has been given for when the platform will be restored.

The first unauthorized alert was registered around 11:40 pm on Friday, 19 June, in Paraná. Within hours, the same emergency sound, the type that bypasses silent mode and overrides whatever is on screen, reached phones in São Paulo, Rio de Janeiro, Brasília, Bahia, Pará, Mato Grosso do Sul, and Acre.

National Secretary of Protection and Civil Defense Wolnei Wolff told a press conference that 10 alerts were tracked across various Brazilian states, with most sent via Cell Broadcast and at least one via SMS. The total number of phones affected was not officially disclosed, though German outlet Ad-hoc-News reported an estimate of approximately 30 million people reached.

“It’s difficult to say whether one or more people participated in this criminal act,” Wolff said. He added that the incident was “very bad for the system, considering that we are dealing with people’s safety when we issue the alert.”

Phones displayed “Defesa Civil: misantropi4,” with the final letter “a” in the Portuguese word “misantropia” replaced by the number 4, a substitution common in leetspeak. Misantropia translates to misanthropy, meaning hatred or aversion to humanity.

No dangerous instructions accompanied the message, but the use of the most severe alert category, which is reserved for imminent natural disasters, caused widespread alarm. Recipients across seven states were jolted awake by the emergency sound.

Wolff confirmed that the attackers managed to regain access after an initial blocking attempt. The platform was ultimately shut down entirely at 1:30 am The system will remain suspended until all digital security conditions are re-established, according to the ministry.

Brazil’s Cell Broadcast system is relatively new. It was mandated by telecommunications regulator Anatel in 2022, piloted in 11 cities beginning in August 2024, and expanded to cover the entire national territory by October 2025.

The technology broadcasts alerts to all devices within a cell tower’s range without requiring phone numbers or prior registration. The four operators that deliver the service, Algar, Claro, TIM, and Vivo, were involved in the overnight response alongside Anatel.

The vulnerability exploited in the attack has not been publicly disclosed, and the investigation is ongoing. Security researchers have noted that Cell Broadcast systems globally lack cryptographic authentication, meaning devices cannot independently verify whether an alert was genuinely sent by civil defense authorities.

Academic research since 2019 has demonstrated that fake alerts can be transmitted using relatively inexpensive equipment, including software-defined radios. Whether the Brazilian attack exploited the central platform, as the government’s statement implies, or used a clandestine transmitter remains unclear.

A person claiming responsibility for the attack posted on X (formerly Twitter) before the posts were removed by the platform, according to Brazilian tech outlet TecMundo. The Federal Police has not confirmed whether this individual is a genuine suspect.

The incident echoes a pattern of critical infrastructure alert systems being compromised through surprisingly basic attack vectors. In Taiwan last month, a 23-year-old student triggered emergency braking on four high-speed trains using a laptop and a cheap software-defined radio, exploiting cryptographic keys that had not been changed in 19 years. The European Commission was breached in March through a poisoned open-source security tool, resulting in 92 gigabytes of stolen data.

The immediate concern for Brazil is the erosion of public trust. The Cell Broadcast system was built to save lives during floods, landslides, and severe weather events.

If citizens learn to associate the emergency sound with pranks rather than genuine warnings, they may ignore future alerts when a real disaster is unfolding. That risk, more than any technical vulnerability, is the lasting damage of a hack that woke up a country with a single strange word.