A recent investigation by Folha has revealed that thousands of Brazilian government websites have been compromised, displaying content related to gambling, pornography, and child abuse. These breaches have redirected users to potentially fraudulent pages, raising serious concerns about the integrity and security of government digital platforms. These compromised links include websites belonging to municipal, state, and federal entities and are associated with terms like “tigrinho” (a popular betting game) and “novinha” (a term referring to underage girls), among other explicit terms. According to experts, the attackers used these terms to exploit search engine algorithms, boosting the hacked sites’ visibility.
This Content Is Only For Subscribers
To unlock this content, subscribe to INTERLIRA Reports.
The Technique: Parasite SEO
Criminals have employed a technique known as “parasite SEO,” which exploits the high authority of government websites. As a result, these pages attract more clicks, since they appear more legitimate, and are often redirected to sites that mimic online gambling interfaces, such as the “Jogo do Tigrinho” (Fortune Tiger). Later, these pages request personal information, such as names and phone numbers.
The “Fortune Tiger” Phenomenon
One of the most pervasive schemes discovered in this investigation involves the “jogo do tigrinho” (Fortune Tiger), a slot game that has rapidly spread across social media. This game exploits a loophole in Brazilian law, allowing it to operate despite restrictions on gambling. Its presence is most visible on Instagram, where users report receiving unsolicited friend requests and tags in posts promoting the game and promising cash bonuses for those who place bets through their links.
Despite the popularity of Fortune Tiger and similar games, their legal status in Brazil remains contentious. These games operate from offshore locations such as Malta and Curaçao, making it difficult to regulate or hold them accountable under Brazilian law.
Platforms’ Response
Meta, the parent company of Facebook, Instagram, and WhatsApp, claims to work diligently to curb spam and unauthorized gambling content. However, their systems struggle to keep up with the volume and sophistication of these posts. Even though advertisers must obtain approval to promote gambling, the investigation found over 1,400 different profiles behind these ads, many newly created with minimal information.
Analysis
The hacking of Brazilian government websites and the surge of gambling content across social media are highlighting critical vulnerabilities in both the public and the private sectors. The Brazilian government has already recognized the issue since October 2023, with the Cyber Incident Prevention, Treatment, and Response Center issuing alerts about these attacks. However, there are still digital security weaknesses across many government sites.
Meanwhile, Google and other tech giants emphasize their efforts to combat these threats, but the rapid evolution of these schemes can pose ongoing challenges. Furthermore, this situation also highlights an ongoing issue in Brazil: the challenge posed by online casino ads such as the “Jogo do Tigrinho” and their promotion by young influencers on Instagram, and the addiction it creates for children and teenagers.
