IT Worker Arrested for Selling Access in $100M PIX Cyber Heist
Brazilian police have arrested an IT worker, João Roque, 48, for his alleged role in a massive cyber heist that stole over $100 million from Brazil's PIX banking system. The incident is considered one of the country's biggest banking system breaches to date.
Roque, who worked as an IT employee at C&M, was arrested in Jaraguá, São Paulo, on Thursday and allegedly received payment for his access password and system commands. According to reports, he sold his system access for approximately $5,000 and helped develop a tool for fund diversion worth around $10,000.
The cyberattack targeted at least six financial institutions and shook the market. Despite working in IT, Roque's LinkedIn profile reveals 20 years of experience as an electrician and four years as a cable TV technician. However, it was his role at C&M that led him to be approached by hackers.
"It was because of this role at C&M that he was lured by hackers," said João Nazareno Roque in a statement to the Cybercrimes police station. "He claimed that he was approached as he was leaving a bar in the capital of São Paulo to give his password to the criminals and run codes on the system to generate fraud."
The breach likely stemmed from social engineering, with hackers using fake passwords and commands to execute fake PIX transactions in one night.
Police are seeking four more suspects and have frozen approximately $270 million. The Brazilian Central Bank has suspended part of C&M's operations to prevent further attacks.
C&M stated that it is cooperating with authorities and took prompt technical and legal actions to contain the breach. According to the company, its defenses helped trace the access, and "so far, the evidence suggests that the incident was the result of the use of social engineering techniques to improperly share access credentials, and not of failures in CMSW's systems or technology."
"We would like to emphasize that CMSW was not the origin of the incident and remains fully operational, with all of its products and services functioning normally," reads a statement shared by C&M.
The $100M PIX cyber heist is a stark reminder of the importance of cybersecurity and the need for organizations to prioritize employee education and training. As authorities continue to investigate the incident, it remains to be seen how many more suspects will be arrested and brought to justice.