A stupid FB post mistake led to arrest of hacker famous for defacing governments’ websites

Check Point’s cybersecurity experts have revealed an unprecedented story. According to experts, a simple post-based error by Facebok allowed the detection and arrest of a well-known hacker responsible for attacks on thousands of websites, data theft and the sale of credit card information.

Self-appointed as “VandaTheGod”, the hacker boasted of his thousands of crimes over the Internet, reaching the point of advertising himself on a Twitter account.

“We started the entire investigation process after receiving a government request to detect the identity of the hacker,” says Check Point. The company claims that as the hacker expanded its activities, its advancement and acquisition of new skills became more apparent. “Surely the hacker was interested in demonstrating his knowledge on all possible platforms, including Facebook,” says check point report.

The researchers mention that VandaTheGod has been active for almost ten years: “By mapping its activity over more than seven years, we were finally able to discover the identity of the hacker,” the report says. The use of social networks was essential to discover their identity; when VandaTheGod decided to start broadcasting his attacks via Facebook, he began to leave some traces, despite being a really meticulous hacker.

Check Point began searching for clues that could be related to each other, eventually finding clues to the threat actor’s activity. “The hacker operated with multiple aliases, such as ‘Vanda de Assis’ or ‘SH1N1NG4M3’, and was very active on social media, mainly Twitter. They often shared the results of those hacking efforts with the public.”

The researchers spent months collecting information about the hacker, although it was an oversight that allowed the identity of VandaTheGod to be determined: “The cybercriminal shared a screenshot showing a hacked email account, which also showed an open Facebook tab under the name ‘Vanda De Assis’; we just had to look up that name on Facebook to find the hacker,” the experts mention.     

Experts then compared some Facebook and Twitter accounts for more clues. They finally found another screenshot with a set of uncovered initials. By linking those initials with the Brazilian city of Uberlandia, Check Point found all the Facebook profiles that matched. “We were able to locate a single account, which contained a loaded image supporting the Brazilian Cyber Army.”

The last step was confirmation. “At this point, we knew we were on the right track. All we had left to do was connect this individual’s account to one of VandaTheGod’s known accounts. We were able to locate several cross posts between the newly discovered profile and The Assis’ Vanda’s Facebook account.”

Although the experts’ investigation was really satisfactory for Brazilian justice, experts ignore where the process lies against the hacker, although the number of attacks in prison is certainly expected.