A hacker named VandaTheGod has carried out an “invasion” campaign on 4,820 government websites, academic institutions and private companies in 40 countries since 2013. Now, Check Point investigators have managed to discover the identity of the hacker who became a cybercriminal, reporting all the information found the authorities.
According to the security company, the attacker was known for altering the visual aspect of his targets’ web pages, in a practice known as “defacing”. In a first phase, the hacker aimed to spread anti-government messages, denouncing social injustices and situations of corruption.
The hacker stood out for being very active on social networks and for using different user profiles and channels to give visibility to his campaign. One of VandaTheGod’s first attacks was on the Brazilian government’s website, in response to the burning in the Amazon rainforest.
The cybercriminal used to leave a link to his Twitter page on the “hacked” pages, which led the experts to believe that the profile on the social network was, in fact, managed by VandaTheGod. The fact that many of his publications are written in Brazilian Portuguese and that the hacker claims to belong to the Brazilian Cyber Army ended up as clues for researchers.
After a phase of hacktivism, VandaTheGod began to change the pattern of his behavior and attacks against public figures, universities and entities in the health sector followed. In one case, the hacker claimed that he had access to the medical records of one million New Zealand patients, indicating that the “ransom” for each of the contacts was $ 2000.
The cybercriminal even set out to hack 5,000 websites, declaring that he would only stop doing so when he achieved his goal. Check Point researchers explain that in order to attack the 4,820 pages he was able to access, VandaTheGod scanned his vulnerabilities for an entry point. As you can see, some of the websites belonged to Portuguese domains. In all, 16 national websites were attacked.
The methods used to give visibility to the attack campaign ended up tracing its destiny, as it contained details about its trail. By analyzing the publications he made on social networks and comparing them with information through the online tool WHOIS, the specialists were able to discover that VandaTheGod was actually a Brazilian citizen of Uberlândia, in the state of Minas Gerais.
After alerting the authorities, Check Point noted that some of the photos that allowed the discovery were deleted, however some of its profiles remain active. For now, it is not yet clear whether the Brazilian authorities have taken any action in relation to the hacker.