The story of D’Alessandro’s hacker: he was rejected by the Gendarmerie, lives with his parents and earns $60,000 per month

Elias Ezequiel Nunes Pinheiro He wanted to be a gendarme, not a hacker, but he was rejected in the physical test for the entrance exam to the Gendarmerie.

It was three years ago, when he was 18. Later, his father – today accused with him of having hacked the cell phone of former Buenos Aires minister Marcelo D’Alessandro – got him a job at an electronics store in Eldorado, his city, and that’s how he started , as stated by Elías Ezequiel Nuñes Pinheiro himself, his path in the phone spying on demand.

The first thing they entrusted to him at the Iguazú street location where he was employed was to attend to the public, but shortly after he learned to fix telephones. In 2021 he installed the Telegram messaging platform: he wanted to buy Playstation games and resell them. Thus, he came to a group that sold “everything” and there he met a user named “Commissioner Lopez”, which was identified with a photo of Chief Gorgory, the policeman from The Simpsons. “ComisarioLopez” gave him some key advice: he told him to stop moving with his real data on the web. In addition, he paved the way for business: he sold her “account access”, which later Nuñes Pinheiro resold.

Step by step he was entering -always according to his judicial testimony- in more organized groups where he learned, for example, how users are classified in this dark world: there are “rats” or “burned” (blatant scammers) and “law” or ” leggit” (they don’t betray you because they have prestige to take care of).

His first own operation was the sale of an Instagram account with about 4,000 followers. With that sale he learned the “SIM swap” technique, which he would later apply to hundreds of phones, including D’Alessandro’s. He needed to take control of the phone associated with the Instagram account in order to sell it.

The SIM Swap consists of activating someone else’s account as if it were your own, with a “white” SIM card, never used. It requires contacting the telephone company -in these cases, Movistar- stating that the telephone was lost or stolen. After answering a series of security questions (about personal data) the company enables the line on the new SIM card.

When he saw that he could do it, Nuñes Pinheiro became a provider of this service. In the chat groups of which he was a part, he said that whoever wanted those “recoveries” should send him a direct message and they would negotiate.

Nuñes Pinheiro had an important asset for the illegal market: because of the place where he worked, he could buy many SIM cards. A user (“pr1sox”), who found this interesting, he “gifted” him a key that opened countless businesses. She gave him access to a Telegram group called “Dark PFA,” where he could get anyone’s personal data just by having the person’s name.

According to Nuñes Pinheiro, it was at “Dark PFA” that he obtained the processing number of D’Alessandro’s document, which allowed him -together with the information he obtained at Nosis- to pass the Movistar identity check test.

Nuñes Pinheiro entered the private Nosis database with a user he created using the name of a former Marcos Peña official during the Mauricio Macri government. During the investigation, they did not ask him why he used that name.

The defendant did specify that the hacking of Horacio Rodríguez Larreta’s former minister and several other people was entrusted to him, via Telegram, by a user called “Eljuanxd” and that he was told that some of these actions were “to find out infidelities.” It was the client -according to Nuñes Pinheiro- who set a price for the task: between 12,000 and 15,000 pesos collected through a “Lemon wallet”, a digital account that allows receiving transfers and making payments.

In his investigative statement, Nuñes Pinheiro said that he earns about 60,000 pesos a month and that, since he lives with his parents, that is enough to “cover his basic needs.”

Now the researchers will try to find the alleged masterminds of the hack. Nuñes Pinheiro said he did not have much to contribute about his “client”. It’s just that she seemed to have a northeastern tune to him the few times she’d gotten voicemails from him. “Let’s do it at night because now I’m with the gurises”, he recounted that he told him.

Buenos Aires prosecutor Daniel Dupuy, who is driving this investigation, said last week that she could not escape her analysis that minutes before D’Alessandro was hacked, a query was made to Renaper about him “from a user who corresponds to the Cabinet Office of Nation”. Based on this statement, D’Alessandro said that he had been hacked by the Cabinet Office, an accusation that this week was relativized by those around the ex-minister himself. Yesterday, the Chief of Staff, Agustín Rossi, told THE NATION that he was informing the prosecutor that access to Renaper was through the Remote Procedures (TAD) page, which is managed by the Cabinet Office, but which can be accessed by any user.

As reported by Rossi, an external user “who could be any Argentine” entered the DNI number and the processing number of D’Alessandro’s document in the TAD, and that is all that is recorded in the records. This information, read in light of Nuñez Pinheiro’s investigation, reinforces the suspicion that the defendant, who said he had obtained D’Alessandro’s DNI processing number in the “Dark PFA” group, could have entered the TAD to check that the data was correct before using it with Movistar to complete the hack. The path of payment received by Nuñez Pinheiro and the data that he provided about his “client” now open up new avenues of investigation.

Get to know The Trust Project