It really is one particular detail for hackers to goal sites and proudly announce it on social media platforms for all to see. It is, having said that, an completely various factor to leave a digital trail that sales opportunities cybersecurity scientists ideal to their doorsteps.
That is accurately what happened in the case of a hacktivist below the identify of VandaTheGod, who has been attributed to a collection of assaults on governing administration internet sites since July 2019.
In a report shared with The Hacker News, researchers from Test Issue mentioned they had been equipped to map VandaTheGod’s exercise around the many years, and sooner or later zero down the attacker’s real identification to a Brazilian particular person from the city of Uberlândia.
The cybersecurity business said it notified anxious regulation enforcement of its findings for more motion, adding the social media routines on profiles involved with VandaTheGod arrived to a halt in the direction of the stop of 2019.
A Extensive Social Media Path
VandaTheGod has a prolonged record of likely following governing administration web sites, universities, and health care vendors. Notably, the attacker claimed to have breached the databases of New Zealand’s Tū Ora Compass Overall health and provided health care facts of just one million sufferers for sale on Twitter past Oct.
The hacker in concern, allegedly aspect of the “Brazilian Cyber Army” (BCA), has also vandalized dozens of sites to spread anti-governing administration messages, in addition to exhibiting BCA’s emblem in screenshots of compromised accounts and internet websites.
“A lot of of the messages remaining on the defaced web sites implied that the attacks ended up enthusiastic by anti-authorities sentiment, and ended up carried out to combat social injustices that the hacker thought were being a immediate outcome of governing administration corruption,” the researchers explained.
What is extra, a timeline of VandaTheGod’s tweets shows that the person savored the awareness from media studies mentioning the hacking endeavors, even heading to the extent of stating that “I will prevent hacking web sites” after the overall reaches 5,000.
“VandaTheGod failed to just go after federal government web sites, but also released assaults from community figures, universities, and even hospitals. In just one case, the attacker claimed to have accessibility to the clinical information of 1 million individuals from New Zealand, which have been made available for sale for $200,” the researchers claimed.
According to Zone-H documents, a stability portal that holds an archive of all world-wide-web intrusions, there are at the moment 4,820 entries of hacked web sites connected to VandaTheGod, most of which belongs to individuals and entities in the United States, Australia, Netherlands, Italy, South Africa, Canada, Uk, and Germany.
Check out Position reported they worked by monitoring down the WHOIS data for the area “VandaTheGod.com,” which led them to an e mail deal with (“firstname.lastname@example.org”) that was utilized to register other websites, this sort of as “braziliancyberarmy.com.”
But what eventually gave absent VandaTheGod’s serious id have been a pair of screenshots that were being uploaded to Twitter, from which the researchers discovered a Fb profile belonging to the attacker (“Vanda De Assis”) as well as the person’s actual title — determined only by the initials M. R.
For that reason, the scientists explained they were being in a position to determine a range of cross-posts involving the Fb profile tied to M. R. and that of Vanda De Assis, which includes pictures of the individual’s residing place, proving that equally the M.R. and VandaTheGod accounts were being managed by the exact personal.
“VandaTheGod succeeded in carrying out quite a few hacking assaults, but in the end failed from the OPSEC point of view, as he left several trails that led to his correct id, specifically at the get started of his hacking occupation,” Look at Position researchers concluded.
“In the long run, we have been ready to join the VandaTheGod identity with large certainty to a unique Brazilian specific from the town of Uberlândia, and relay our results to law enforcement to allow them to get further action.”