It Worker Arrested For Selling Access
IT Worker Arrested for Role in $100M PIX Cyber Heist
TL;DR
An IT employee in Brazil was arrested for his involvement in a massive cyber heist that stole over $100 million via the PIX instant payment system. The breach, facilitated through social engineering, highlights the critical need for robust cybersecurity measures in financial systems.
Main Content
Brazilian authorities have arrested João Roque, a 48-year-old IT employee at C&M, for his alleged role in a significant cyber attack that resulted in the theft of over 540 million reais (approximately $100 million) through the PIX banking system. C&M is a company that connects smaller banks to Brazil’s PIX system1.
PIX, launched by the Central Bank of Brazil in November 2020, is an instant payment system that allows users to send and receive money 24/7 in real-time. Transactions can be made using a phone number, email address, CPF/CNPJ (Brazilian tax ID), or a random key[^2].
Arrest and Allegations
João Nazareno Roque was apprehended in the Jaraguá neighborhood of São Paulo. According to reports from the Brazilian website Globo, Roque received R$15,000 for providing his access password and executing commands within the C&M system1.
Key Points:
- Roque allegedly sold system access for R$5,000.
- He also aided in developing a tool to divert funds for an additional R$10,000.
- Roque claimed he communicated with the criminals solely via phone and frequently changed devices to avoid detection.
- The cyber attack targeted at least six financial institutions, causing significant market disruption.
Source: Globo.com
Modus Operandi
Hackers breached C&M’s system by executing fake PIX transactions overnight, focusing exclusively on financial institutions. The police are currently seeking four additional suspects and have frozen R$270 million in assets. The Central Bank of Brazil has suspended part of C&M’s operations to prevent further breaches1.
Company Response
C&M has stated that it is fully cooperating with authorities and has taken immediate technical and legal actions. The company believes the breach was likely due to social engineering rather than system vulnerabilities. C&M emphasized that its operations remain fully functional despite the incident1.
“So far, the evidence suggests that the incident was the result of the use of social engineering techniques to improperly share access credentials, and not of failures in CMSW’s systems or technology. We would like to emphasize that CMSW was not the origin of the incident and remains fully operational, with all of its products and services functioning normally,” according to a statement from C&M1.
Conclusion
The arrest of João Roque underscores the critical importance of cybersecurity in financial systems. As digital payment platforms like PIX become more prevalent, the need for robust security measures to prevent such breaches becomes increasingly vital. The incident serves as a reminder for both individuals and organizations to remain vigilant against social engineering attacks and other cyber threats.
For more details, visit the full article.
References
title: IT Worker Arrested for Role in $100M PIX Cyber Heist description: Brazilian authorities have arrested an IT employee for his alleged involvement in a massive cyber heist that stole over $100 million via the PIX instant payment system. The breach highlights the critical need for robust cybersecurity measures in financial systems. author: Vitus date: 2025-07-08 tags: [cybersecurity, data breaches, insider threats] categories: [Cybersecurity & Data Protection, Insider Threats]