On Thursday (18/12), Rio de Janeiro’s Civil Police launched Operation Firewall to dismantle a sophisticated digital fraud scheme that directly interfered with the execution of arrest warrants in the state. According to investigators, the group also concealed traffic fines and IPVA tax debts. The inquiry indicates that criminals unlawfully accessed judicial platforms to hide court orders, benefiting members of the Red Command (CV). The operation was led by officers from the 126th Police Precinct (Cabo Frio), with support from the Rio de Janeiro Military Police and the Civil Police of Minas Gerais. Arrest and search warrants were carried out in both states, and two suspects have been arrested so far.
This Content Is Only For Subscribers
To unlock this content, subscribe to INTERLIRA Reports.
Warrants “erased” for R$3,000
The investigation began in July, after police identified criminal advertisements offering the “removal” of arrest warrants for R$3,000. Once payment was made, the individual’s name would no longer appear in systems consulted by security forces. All advertisements made explicit reference to the Red Command, clearly indicating the intended clientele of the illegal service. As the investigation advanced, police determined that the hackers did not actually delete warrants—an action that is technically impossible—but instead altered sensitive records within the National Database of Penal Measures and Prisons (BNMP). These changes prevented judicial orders from appearing during routine checks, creating the false impression that no warrant existed.
Data theft
To gain access to the system, the group relied on VPNs combined with credentials stolen from judicial servers. Investigators say there is no evidence so far from direct involvement by public officials. According to police, court employees were victims of credential theft, with their usernames and passwords illegally obtained and misused by the suspects.
Threats and Extortion
Beyond fraud, the scheme also relied on intimidation and extortion. Investigators report that criminals threatened clients, claiming that if payment was not made, new arrest warrants could be “issued” against them. Financial monitoring led police to accounts used to move the illicit proceeds. One of the suspects’ partners allowed her personal bank account to be used to receive payments. Through this account, investigators identified financial transactions involving criminals in Minas Gerais, revealing the interstate scope of the operation.
Leader with a History in Digital Certificates
The alleged leader of the group was identified through financial analysis and an examination of the operation’s technical footprint. He previously worked for digital certification companies, expertise that investigators believe was central to the success of the scheme. According to police, he was the first to successfully conceal an arrest warrant issued by a federal court in Rio de Janeiro and subsequently began selling the service. The same suspect had already been arrested in September by officers from the 36th Police Precinct (Santa Cruz) on charges including breach of professional secrecy, criminal association, and fraud. Investigators also found that, during his time in the certification sector, he was involved in bypassing two-factor authentication systems, decoding digital certificates, manipulating magistrates’ registration data, and even fraudulently issuing court documents.
Analysis:
Operation Firewall exposes a critical and increasingly sophisticated dimension of organized crime in Brazil: the convergence between traditional criminal factions and advanced cyber capabilities. By manipulating judicial databases rather than attempting to erase records outright, the group demonstrated a deep understanding of institutional workflows and system vulnerabilities. The fact that the scheme directly benefited members of the Red Command illustrates how digital tools are being used to weaken core state functions, particularly the enforcement of arrest warrants, undermining the credibility and effectiveness of the justice system.
The investigation also shows that human factors remain the weakest link in high-security environments. The use of stolen credentials, VPNs, and technical expertise drawn from the digital certification sector highlights persistent weaknesses in access management, authentication controls, and user awareness within public institutions. Although there is no evidence of direct involvement by court officials, the case reveals significant exposure to credential theft and identity misuse, raising serious concerns about cybersecurity governance across judicial and law enforcement systems.
Sources: O Dia; Metrópoles; Extra; A Folha de SP.
