Brazilian Ministry of Education changes security rules and students report hacks into the Sisu system.

247 - The Ministry of Education under Michel Temer's government, headed by Minister Mendonça Filho, changed the password change rules for the ENEM exam in 2016, making individual access to the online system more flexible for candidates.

The change – the 2016 edition of the exam was the first that did not require "two-step verification" to recover a password – led to problems with hacking into the Sisu (Unified Selection System), according to reports from students who, in some cases, ended up being registered by hackers in courses they were not interested in.

In a statement, the Ministry of Education reported that "the systems of the MEC (Ministry of Education) and INEP (National Institute for Educational Studies and Research) have not registered, to date, any indication of unauthorized access to information of registered students that would constitute a security incident." Read the full statement:

Regarding the alleged hacking of the Sisu and Enem systems, the MEC and Inep clarify:

1- The systems of the Ministry of Education (MEC) and the National Institute for Educational Studies and Research (Inep) have not registered, to date, any indication of unauthorized access to information of registered students that would constitute a security incident;

2- There are press reports of isolated cases of unauthorized access to candidates' personal data, which would have allowed changes to passwords and registration data, such as course selection. The password is confidential and can only be changed by the candidate or by someone who has unauthorized access to the candidate's personal data;

3- Individual cases that are identified and reported to the MEC (Ministry of Education), such as alleged improper password changes and data breaches, will be referred to the Federal Police for investigation. In the two cases cited by the press, INEP (National Institute for Educational Studies and Research) has already identified in the system the date, time, location, operator, and IP address from which the password changes originated. The data will be forwarded to the Federal Police.

4- We also emphasize that all actions performed in the system are recorded in a log (event record in a computer system), in order to allow for a complete audit;

5- The Secretariat of Higher Education (Sesu) emphasizes that the current administration took over the portfolio in May 2016, with the 2016 ENEM process underway, in the last week of registration. Therefore, the entire operational system of the 2016 ENEM, defined by the previous administration, was in operation and could not be altered mid-process;

6- For the 2017 ENEM exam, the teams from INEP and SESU are working to improve the exam, in order to guarantee safety and peace of mind for those registered.

Cases

Gabriela de Souza Ribeiro – The candidate who claims to have scored 1000 on the 2016 ENEM essay actually obtained 460 points. SISU records show accesses with the candidate's data on January 24th and 29th, respectively, at 11:30 AM and 12:33 PM, and on neither of those occasions was an application for any course submitted.

Terezinha Gomes Loureiro Gayoso – The Sisu records show accesses on January 24th and 29th, respectively, at 12:15 PM and 22:12 PM. The system also shows three unsuccessful access attempts (on January 24th, two at 20:06 PM and the last at 20:07 PM). The only course choice registered is for the cachaça production course at the Institute of Education, Science and Technology of Northern Minas Gerais – Salinas Campus, made on January 29th at 22:14 PM, according to the last access recorded in Sisu. The candidate competed for the vacancy in the category of candidates with a gross per capita family income equal to or less than 1,5 minimum wages who have completed their entire high school education in public schools (Law No. 12.711/2012). It should be noted that, in 2011, the aforementioned candidate was on the Sisu waiting list for the medicine course.Press Office

Read the statement from former Education Minister Aloizio Mercadante on the subject: 

"All editions of the ENEM and SISU exams, held during the administration of then-Minister Aloizio Mercadante, occurred normally, without problems in the systems of these programs or in the information technology area of ​​the Ministry of Education. The ENEM 2016 registration process, which was also planned during Mercadante's administration, proceeded in the same way, that is, without incidents in the system."

The changes to the security and control mechanisms of these programs, adopted for the release of the 2016 ENEM results and for the 2017 SISU registrations, are decisions entirely the responsibility of the current minister, who once again tries to attribute his management difficulties to Mercadante.

In reality, what we see is that the participants of the 2016 ENEM exam are paying the price for the current administration's decision to dismantle an experienced and qualified technical team in the area of ​​information technology for political appointments. It is unacceptable, for example, that an ENEM participant who scored a perfect 1000 on the essay and who registered for a medical course is actually enrolled in a cachaça production course, something that has never happened before in the history of the Ministry of Education.

The current administration of the Ministry of Education (MEC) has failed to structure an IT team, resulting in a structural problem in this area. This has already been evident in the confirmation of enrollments in the second edition of FIES in 2016, in the problems participants had checking their ENEM 2016 scores, in the difficulties in enrolling in SISU 2017, in the postponement of ProUni and FIES 2017 enrollments due to technical concerns that have not yet been clarified, and now, with students enrolled in courses for which they did not request registration.

Once again, students, families, and society as a whole are paying the price for the management difficulties and political appointments made by the current minister in the Ministry of Education.

Mercadante Consulting