They hijacked the one channel that forces millions to pay attention
In the hours after a real earthquake had already unsettled the Peruvian coast, thousands of citizens received a second tremor — this one digital and deliberate. The hacktivist collective Deface Perú seized control of Sismate, the state's official emergency alert system, broadcasting a fabricated 8.7 magnitude earthquake warning followed by a political manifesto to an audience of millions. The breach reveals a quiet paradox at the center of modern civil infrastructure: the very systems built to cut through noise and compel trust become, when compromised, the most efficient engines of mass panic and manipulation. Peru now faces the harder question that follows every such rupture — not only how the walls were breached, but how long they had already been open.
- Phones across Peru screamed with an emergency alert warning of a catastrophic earthquake and tsunami — a message indistinguishable, at first, from a genuine state warning.
- A second alert dropped the mask entirely, with hackers identifying themselves, invoking electoral fraud, and signing off with 'divide and conquer' — confirming the state's emergency broadcast infrastructure had been weaponized.
- The attack landed just one day after a real earthquake struck the Ica region, lending the false alert a credibility that deepened the confusion and panic spreading across social media.
- Authorities from the Ministry of Transportation and the National Civil Defense Institute promised official statements but offered no immediate account of how the system was breached or what had failed.
- The incident forces a reckoning: if a hacktivist collective can commandeer the system designed to warn an entire nation of imminent death, the vulnerability extends far beyond one bad night.
On a Wednesday night in May, thousands of Peruvians received an emergency alert through Sismate, the state's official early warning system: a magnitude 8.7 earthquake had struck off the central coast, a tsunami was imminent, evacuate now. The message was false.
Minutes later, a second alert arrived through the same channel — this one openly signed by the hacktivist collective Deface Perú. It referenced electoral fraud, name-dropped a popular streamer, and closed with a political rallying cry. The breach was no longer deniable. Someone had taken control of the infrastructure Peru relies on to warn its citizens of genuine catastrophe and used it to broadcast a political message to the entire nation in seconds.
The timing sharpened the damage. Just one day earlier, a real earthquake had struck the Ica region, leaving people already on edge. The false alert's inclusion of an external Telegram link — something no legitimate emergency notification would carry — was a tell, but by the time anyone noticed, the panic had already moved.
Deface Perú has a documented history of targeting Peruvian state platforms: municipal websites, police intelligence files, the official government gazette. But breaching a database is a different order of harm than commandeering the system designed to mobilize an entire population in moments of mortal danger.
The Ministry of Transportation and the National Institute of Civil Defense announced they would respond officially, but offered no immediate explanation of how the system was compromised or how long access may have been held. The questions that remain are the ones that matter most — and the one that presses hardest is the simplest: what stops it from happening again?
On a Wednesday night in May, thousands of Peruvians felt their phones suddenly vibrate and scream with an emergency alert. The message was stark: a magnitude 8.7 earthquake had struck off Peru's central coast. Tsunami danger everywhere. Evacuate to high ground. Get away from the water. The alert came through Sismate, the state's official early warning system—the kind of message designed to cut through noise and demand immediate action. Except it was false.
What made the breach unmistakable came minutes later, when a second alert arrived through the same system. This one abandoned all pretense of official language. "Hello Peruvians, Deface Peru speaking," it began. It mentioned electoral fraud, referenced a popular streamer named Curwen, and ended with a rallying cry: "Divide and conquer." The message was stamped with a timestamp and formatted as an emergency alert, but its content made clear that someone had seized control of critical state infrastructure and was using it to broadcast political messaging to the entire nation.
The hack exposed a vulnerability that cuts to the heart of how modern societies manage collective risk. Sismate exists for one purpose: to warn people of genuine disasters—earthquakes, tsunamis, floods, landslides. It bypasses normal notification channels entirely, forcing itself onto phone screens with sound and vibration that cannot be ignored or dismissed. That same power, when weaponized, becomes a tool for spreading panic or, as happened here, for amplifying a political message to an audience of millions in seconds. The first alert had included an external link to a Telegram channel, something that would never appear in a legitimate emergency notification. That detail alone should have raised flags, but by then the damage was done.
Deface Perú is not a new name in Peru's digital underground. The collective operates as a hacktivist group, targeting government websites and state platforms with a mix of political messaging and document theft. In May 2025, they breached the Arequipa municipal website and leaked internal files while posting critiques of local governance. Later that year, they were linked to attacks on Colombian government sites during a diplomatic dispute over a border island. In September 2025, they released documents from Peru's National Police intelligence directorate, including information about officers deployed to monitor social protests. They have also targeted El Peruano, the official government gazette. Their pattern is consistent: infiltrate, expose, broadcast.
But hacking a municipal website or even a police database is different in scale and consequence from compromising the system designed to warn an entire nation of imminent death. No official count has been released of how many people received the false alerts or how many believed them, at least initially. The panic was real enough that it rippled across social media, with users sharing screenshots and demanding explanations. The breach occurred just one day after a genuine, significant earthquake had struck the Ica region—timing that may have made the false alert more credible to people still on edge.
The Ministry of Transportation and Communications and the National Institute of Civil Defense announced they would issue official statements about the breach, but as of the immediate aftermath, neither had disclosed how the system was compromised or what security measures had failed. The questions hanging over the incident are the ones that matter most: How did attackers gain access to a critical state system? How long had they maintained that access? What other systems might be vulnerable? And perhaps most pressingly: if Deface Perú could seize control of Sismate, what prevents them—or any other group with sufficient skill and motivation—from doing it again?
Citas Notables
The second alert read: 'Hello Peruvians, Deface Peru speaking. Electoral fraud. Do not go blind. Divide and conquer.'— Deface Perú hacker collective, via compromised Sismate system
La Conversación del Hearth Otra perspectiva de la historia
When you send an alert through Sismate, does it go to everyone in the country at once, or is it targeted by region?
It broadcasts nationwide. That's the whole point—when there's a tsunami threat on the coast, you need everyone to know immediately. The system overrides normal notification settings. Your phone screams. You can't ignore it.
So when the fake 8.7 alert went out, people in Lima and Cusco and everywhere else got it simultaneously.
Yes. Thousands of people. And because it came through the official channel, many believed it initially. An earthquake that size would be catastrophic. The panic was immediate.
The second message mentioned Curwen, a streamer. Why would a hacker collective care about calling out a specific content creator?
That's the part that suggests this wasn't just about proving they could breach the system. They were using the platform to amplify a message. Curwen has a large following. Mentioning him, linking it to electoral fraud claims—it's a way of reaching an audience that might otherwise never see their content.
So they weaponized the emergency system as a megaphone.
Exactly. They didn't just steal data or deface a website. They hijacked the one communication channel that forces millions of people to pay attention, whether they want to or not.
Has anyone explained how they got in?
Not yet. The government hasn't released details. That's what worries people most—if they won't say how it happened, how can anyone trust that it won't happen again?