The Hacktivist Who Defaced Websites In 40+ Countries

INDUSTRY.co.id - Check Point researchers identify cyber criminal who tweeted a personal goal to hack 5,000 websites globally, which he nearly accomplished by spreading anti-government messages to websites of official governments, academic institutions and private companies.

Hacker nearly reaches goal by hacking 4,820 websites in 40+ countries across the world (USA, UK, Australia, Netherlands, Italy and more)USA ranks 1 on hacker’s hit list in the past year, making up 57% of hacker’s website attack volume, targeting city, state, and health sector websites Researchers leverage social media to trace hacker’s location to a city in Brazil.

In the past 12 months, the United States ranked at the top of the hacker’s hit list, followed by Australia and the Netherlands.

In fact, the United States made for nearly 57% of the hacker’s cyber attacks on websites (612 total websites), which included the official website of the state of Rhode Island and the city of Philadelphia, among others. Furthermore, the hacker targeted the US health sector.

The hacker’s activity also extended beyond hacktivism to include credit card and personal credential theft. The hacker attempted to breach details from public figures, universities and even hospitals. In one such case, the hacker claimed on social media to have access to the medical records of 1 million patients from New Zealand, offering to sell each contact for US$200 per record.

Figure 1: VandaTheGod’s claim to have access to New Zealand’s Primary Health Organisation’s data.

VandaTheGod made the habit of publicising his exploits on social media, primarily on Twitter. Disguising himself under multiple aliases, such as “Vanda de Assis” and “SH1N1NG4M3,  the hacker tweeted a public goal to hack over 5,000 websites.

VandaTheGod nearly reached his goal, as Check Point researchers linked 4,820 hacked websites to the hacker. However, this prolific social media activity proved to be a double-edged sword, for Check Point researchers first took notice of the hacker’s social activity and scoured it for clues to reveal their true identity.

Figure 2: VandaTheGod’s Tweet of his personal hacking goal.

Check Point researchers used VandaTheGod’s Twitter and Facebook accounts to gather clues on the hacker’s real identity. After scanning years of posts and tweets, Check Point researchers traced the real identity of the hacker to an individual living in Uberlandia, Brazil.  Check Point alerted relevant law enforcement.

“This case highlights the level of disruption that a single, determined individual can cause internationally. Although ‘VandaTheGod’s’ motive originally seemed to be protesting against perceived injustices, the line between hacktivism and cyber-crime is thin. We often see hackers taking a similar path from digital vandalism to credentials and money theft as they develop their techniques. Revealing the person’s true identity and disclosing it to law enforcement should put an end to their extensive disruptive and criminal activities.” Check Point’s Manager of Threat Intelligence, Lotem Finkelsteen said.