Tag Archives: hacking

Brazilian government attacks data journalist for reporting app that prescribes ineffective treatments for COVID-19

Leave a reply
Mayra Pinheiro fala à CPI da Covid

Government says journalist “extracted data improperly” — but the journalist affirms that he only used a browser’s Inspect Element tool, reports Beatriz Farrugia.

Data journalism has been at the centre of a political debate in Brazil for two weeks after President Jair Bolsonaro’s government made allegations against a data journalist — for extracting data from a web app developed by the Brazilian Ministry of Health to prescribe treatments against COVID-19. 

The TrateCov app was launched in January 2021 for Brazilian doctors. Professionals were told they would be able to enter a patient’s profile and symptoms into the app, which would then suggest medication. 

However, the data journalist Rodrigo Menegat analyzed the app’s source code and found that, regardless of the patient’s symptoms, age and health conditions, TrateCov indicated the use of chloroquine, hydroxychloroquine and ivermectin — drugs with no scientific evidence supporting their use in the treatment of coronavirus. 

He announced his discovery on 20 January in a series of tweets. “Guys,” he wrote:

“I just put in the TrateCov app that my patient is a one week-old newborn who has a stomach ache and a runny nose. The app recommended chloroquine, ivermectin, azithromycin and everything else. Crime, crime, crime, crime.”

Other journalists and broadcasters tested the app and came to the same conclusion.

CNN Brazil reported that it simulated a query for a baby aged five months, with symptoms of fever and nasal congestion. The treatment recommended by TrateCov was chloroquine, hydroxychloroquine and ivermectin.

Soon after the complaints, the app was removed by the Brazilian Government.

Accused of committing cyber crime

Then on May 25th, during a public session of a parliamentary inquiry, Menegat was accused of having committed cyber crime by an official of the Brazilian Ministry of Health: Mayra Pinheiro

The parliamentary inquiry, opened late last month, is investigating the Bolsonaro government’s response to the pandemic. More than 461,000 people have died in Brazil so far. 

Approved by Brazil’s Supreme Court, the inquiry is pursuing multiple lines of investigation, such as why the Brazilian government promoted ineffective treatments and why three health ministers were removed over the pandemic. 

Naming the data journalist, Pinheiro said Menegat performed an “improper data extraction”. 

“He was unable to hack,” said Mayra. “He did an improper data extraction. Hacking is when you use someone’s password, enter a platform, a system. The term is not hacking. Today we have the official report that classifies it as improper data extraction.

“He did improper simulations. [The system] was taken down for investigation.”

In another testimony session to the parliamentary inquiry the previous week the former Health Minister General Eduardo Pazuello said that the app had been “stolen and hacked by a citizen”. 

After the allegations the data journalist explained that he had only used the browser’s Inspect Element tool to analyse the source code. 

“As a data journalist and developer, I only analyzed the source code which was public and available on the website of the TrateCov app, saved on a government server (https://tratecov.saude.gov.br) and accessible to any internet user curious enough to do this verification on their own.”

“The procedure has in no way altered any content on the platform”, he added. 

Since the allegations Menegat has limited his social media accounts to avoid online attacks by government supporters. 

“I am closing my Twitter account for more than an obvious reason, but I will be very pleased to show who wants to know how to use the Element Inspector to access source code from any website in the world,” wrote the journalist. 

Other Brazilian data journalists showed support for Menegat and published content explaining the technique used to analyse the app.

“The alleged hacking of the TrateCov application was nothing more than a journalistic investigation technique already used in newsrooms around the world,” said Daniel Trielli, journalist and researcher in media, technology and society, in an article published by the Folha de S.Paulo newspaper.

Brave new world? 5 things your newsroom can do now to protect your journalism against the Snooper’s Charter

Leave a reply

The Investigatory Powers Act has now been law for almost six months. For journalists and publishers this means having to remember that the webpages that you and your sources visit, who you call on your phone, and where you take it, are all being collected and potentially accessed by a range of authorities*.

It also gives the state the power to hack into devices and to require companies to help them compromise the security of users of their websites and apps.

But most importantly, it means understanding that unlike previous legal regimes it is likely that you will not be aware if any of this is happening, nor will you have an opportunity to mount a legal defence to argue against it.

If this makes you feel powerless to protect your sources, here are some things you can do to feel better:

Continue reading

From Bana and #boycottdelta to gaslighting and AI – why we’re headed for confusion fatigue in 2017

4 Replies

Goodbye 2016, the year of The Boys Who Cried Wolf. Not just a year of ‘fake news’, but something more: a crisis in people’s ability to believe anything.

And in 2017 it’s likely to get worse.

To explain what I mean, you need to go back to 2003, when Salam Pax, the ‘Baghdad Blogger’, was posting updates in the middle of the Iraq War. While some questioned whether he was really based in Iraq, that debate was relatively limited by today’s standards. It was a manageable doubt.

The boys who cried wolf in Aleppo

Cut to Aleppo in 2016 and you see how things have changed. Bana Alabed is perhaps Aleppo’s ‘Baghdad Blogger’: a Twitter account about the experiences of a seven year old Syrian girl, maintained by her mother.

But she is not alone: the number of voices speaking from the ground has proliferated… Continue reading

How publishers could end up helping authorities hack their own readers

3 Replies

Alan Rusbridger holding the destroyed Snowden files hard disk

The Guardian complied when authorities demanded they destroy the Snowden files

So far most of the talk about the Investigatory Powers Bill has been about the lack of protection for journalists’ sources thrown up by powers to intercept communications.

But there’s another part to the Bill which relates to facilitating state hacking – and an analysis by Danny O’Brien has thrown up some worrying ambiguity on this front for publishers – not just those based in the UK. Continue reading

In the wake of Ashley Madison, towards a journalism ethics of using hacked documents

9 Replies

Got leaks? sign

Got leaks image by Edward Conde

Last week I said we needed an ethical code for dealing with hacking leaks, and promised to explore that.

Now yet another site – “casual sex and cheating network” Ashley Madison – has been hacked and the results leaked, so I thought I’d better deliver.

How do you come up with an ethical framework for dealing with hacked documents? Firstly, it’s useful to look at what concerns are raised when journalists use them.

Looking at previous reporting based on leaked documents these break down into three broad categories:

  1. Firstly, that the information was ‘stolen’ (method)
  2. Secondly, that the motivation behind obtaining the information was tainted (source)
  3. And thirdly, that the information represents an invasion of privacy (effect)

Put another way: people are generally concerned with how the leaked information was obtained, why, and to what effect. Continue reading

VIDEO: Surveillance and the ‘1984 Generation’

2 Replies

Online video project newsPeeks have put together a documentary on surveillance. I really enjoyed it, so I’m sharing it here. Not only is the content great (newsPeeks were live at the Logan Symposium on the topic late last year so got some great contacts), but the production is a great example of online-native video (disclosure: I’m an unpaid advisor).

Continue reading

“Don’t be afraid: keep them afraid” and other notes from the Logan Symposium on surveillance’s first day

4 Replies

Don't be afraid. But keep them afraid.

Seymour’s parting advice to young journalists: maintain a watchdog role and hold power to account

On Friday I was at the Logan Symposium on secrecy, surveillance and censorship, an event which, as is often the case with these things, managed to be inspiring, terrifying, and confusing in equal measure.

Notably, Director of the Centre for Investigative Journalism Gavin MacFadyen opened the day by talking about investigative journalists and hackers together.

It is common to hear attacks on journalists mentioned at these events, but rare to hear an old-fashioned hack like MacFadyen also talk about the “growing number of hackers being imprisoned”, while noting the commonalities of a desire for a free press, free speech, and “a free internet”. Continue reading

Why every journalist should have a threat model (with cats)

10 Replies

Just because you're paranoid doesn't mean they aren't after you

If you’re a journalist in the 21st century you have two choices: you can choose to be paranoid, or you can choose to be delusional.

The paranoid journalist assumes that someone is out to get them. The delusional journalist assumes that no one is.

In this post I will explain why and how every journalist – whether you’re a music reporter or a political correspondent – can take a serious and informed look at their security and arrive at a reasonable evaluation of risks and safeguards.

Don’t panic. I promise that by the end of this piece you will be less anxious about security, and no longer paranoid. I also promise to use lots of lolcats. Continue reading