Police arrest suspect for hacking company that operates Pix

Investigators from the São Paulo Criminal Investigation Department (Deic) arrested a suspect of having participated in a hacker attack on the system of a company that intermediated payments via PIX between fintechs and the Central Bank, last Tuesday (1st). The diversion could reach R$ 1 billion, although official estimates have not yet been released.

According to initial information from TV Globo and GloboNews, with images released by the police themselves, the arrest took place on Thursday night (3) and was released on Friday morning (4). The man was reportedly an information technology technician at C&M Software, a company that connects smaller banks to the Central Bank's PIX system.

The Deic confirmed to Gazeta do Povo the arrest of the coach, and said that it will provide further explanations in a press conference at 11 am. The São Paulo Public Security Secretariat (SSP-SP) has not yet responded to the request for information -- the space remains open. The Federal Police said that it did not carry out the arrest, and that the investigation remains confidential.

The investigation indicates that the technician told the police that he was enticed by the hacker group to hand over a password to access the systems. This enticement allegedly occurred after being approached by a man as he was leaving a bar in the city near his home, in mid-March.

According to the investigation, the man knew that the technician worked in a sector of C&M with access to the payment system. He allegedly received R$5,000 to provide the access password.

The technician also told the police that he was approached a second time via WhatsApp to create a login and password to access C&M's PIX payment structure. He later received another R$10,000 to continue operating for the criminal group, including having his cell phone constantly changed so as not to leave any traces -- until he was arrested on Thursday night (3).

In recent days, C&M Software reported to authorities that the system was accessed using credentials -- such as passwords -- that affected the reserve accounts of at least six financial institutions. The names were not released.

These reserve accounts are accounts that banks and financial institutions maintain at the Central Bank to process and fulfill financial transactions. In principle, current account holders were not affected.

On the other hand, the Central Bank stated, in a note to the press, that C&M, its representatives and employees do not act as outsourced employees of the institution or maintain any kind of contractual relationship, as has been reported by the media. "The company is a service provider for institutions that provide transactional accounts", it added.