How VandaTheGod, the Brazilian hacker who hacked websites to protest turned into a full-fledged criminal
This hacker has hacked a record-breaking 4800 websites throughout Brazil, the Dominican Republic, Trinidad and Tobago, Argentina, Thailand, Vietnam, and New Zealand since 2013. He styled himself as VandaTheGod probably after the famous Brazilian sprinter, Vanda Gomes. He being his hacking career as a hacktivist by bringing down Brazilian government websites as a protest against the policies of the Brazilian government. This is the story of who VandatheGod really is.
For the uninitiated, hacktivists are protestors who hack into websites, not for financial gain but to make a political statement. Some of these protests are often legitimate but the line between the hacktivist and a cybercriminal is pretty thin and VandaTheGod crossed it in 2019. Not many know that VandaTheGod became a popular figure in Brazil when he defaced a government website with the hashtag: #PrayforAmazonia as a reaction to the burnings of the Amazon rainforest allegedly carried out by the Brazilian government.
Starting July 2019, VandaTheGod started taking down Government websites for financial gain. This immediately alerted the security agencies world over and finally, CheckPoint Security was able to identify who VandaTheGod really was. VandaTheGod who was also called “Vanda de Assis” and “SH1N1NG4M3” shared his hacking exploits on Twitter. Many of these tweets were written in Portuguese, pointing to the nationality of the hacker. In some cases, VandaTheGod also claimed to be part of something called the “Brazilian Cyber Army” or “BCA.” This allowed the Checkpoint researchers to map his activity since 2019 and find out who he really is.
Check Point eventually zeroed down VandaTheGod’s real identity to a Brazilian individual from the city of Uberlândia. VandaTheGod had meanwhile graduated from hacktivism to a full-fledged database dealer.
The tweet was right after he had hacked a New Zealand company and got access to the medical records of 1 million patients from New Zealand. Tweets like this helped CheckPoint to trace VandaTheGod by tracking down the WHOIS information for the domain “VandaTheGod.com,” which led them to an email address (“[email protected]”) that was used to register other websites, such as “braziliancyberarmy.com.”
However, what really helped CheckPoint researchers were the screenshots that VandaTheGod uploaded to Twitter. The researchers used a reverse search to identify the Facebook profile belonging to “Vanda De Assis” and found that VandaTheGod was identified only by the initials M. R. A little more research concluded that M.R. and VandaTheGod were one and the same person. “VandaTheGod succeeded in carrying out many hacking attacks, but ultimately failed from the OPSEC perspective, as he left many trails that led to his true identity, especially at the start of his hacking career,” Check Point researchers concluded.
So finally the Brazilian hacker, VandaTheGod was nailed.