Check Point Unmasks Hacktivist Who Defaced Nearly 5000 Sites

Written by

Security researchers are claiming victory after unmasking an infamous hacktivist who defaced nearly 5000 websites in more than 40 countries over the past few years.

The individual, known online as “VandaTheGod” on Twitter, took to social media to publicize his exploits, sometimes under aliases such as “Vanda de Assis” and “SH1N1NG4M3,” according to Check Point.

This activity first alerted the security firm to his presence, and also provided a trail of clues which ultimately led them to his real identity: an individual living in the south-eastern Brazilian municipality of Uberlandia.

Active since 2013, the hacktivist never reached his stated personal goal of compromising over 5000 websites. However, thousands of government, academic and corporate sites were apparently defaced with anti-government and social justice messages thanks to his work.

In the last year, over half (57%) were located in the US — where victims included the official website of the state of Rhode Island and the city of Philadelphia — while Australia and the Netherlands rounded out the top three targeted countries.

VandaTheGod was also active in his home country, defacing a Brazilian government website with the hashtag #PrayforAmazonia, in response to the increase in rainforest clearing approved by right-wing President Bolsonaro.

However, his motives weren’t always so altruistic, and occasionally strayed into theft of credit card details and log-ins. VandaTheGod is said to have attempted to breach details from public figures, universities and even hospitals — one on occasion offering to sell the medical records of one million New Zealand patients for $200 per record.

“This case highlights the level of disruption that a single, determined individual can cause internationally. Although ‘VandaTheGod’s’ motive originally seemed to be protesting against perceived injustices, the line between hacktivism and cybercrime is thin,” argued Check Point manager of threat intelligence, Lotem Finkelsteen. 

“We often see hackers taking a similar path from digital vandalism to credentials and money theft as they develop their techniques. Revealing the person’s true identity and disclosing it to law enforcement should put an end to their extensive disruptive and criminal activities.”

What’s hot on Infosecurity Magazine?