On July 25, key Trinidad and Tobago government web sites, including those belonging to the Ministry of National Security, the Immigration Division and the Attorney General's office, were hacked.
Many of the hacked pages displayed a graphic of an individual wearing a Guy Fawkes mask and carrying a placard reading: “Join the Revolution: tell Your Corrupt Government to F**K OFF!” and the headline “Hacked by VandaTheGod.”
— Trinidad and Tobago Computer Society (@ttcs) July 25, 2019
An internet search reveals VandaTheGod to be an established and prolific black hat hacker who has authored scores of page defacements. A VandaTheGod Twitter account tweets links and screenshots of their hacking exploits. Items retweeted by the account yesterday include a link to a statement made by Trinidad and Tobago's minister of national security Stuart Young confirming the hacking.
The Trinidad and Tobago Guardian ran a front-page story describing VandaTheGod as a “Brazilian-based cyber team that specialises in hacking Web sites and posting political messages.”
Brazilian government and other web sites do figure prominently on the list of pages defaced by the hacker, which includes examples from other countries, including Bhutan, Germany, Italy and Portugal. Dev Anand Teelucksingh, founder of the Trinidad and Tobago Computer Society (TTCS), which tracked the exploits, confirmed in a telephone interview with Global Voices that the hacker was running a Portuguese-language version of the Ubuntu Linux operating system, but that it was not possible to verify the location from which the hacker was operating.
Teelucksingh said TTCS members noticed the hacking—the first of this magnitude they have seen in Trinidad and Tobago—around noon on VandaTheGod’s Twitter account. The TTCS reported that as of 9:30pm Trinidad and Tobago time on July 25 that 11 government web sites had been defaced, and Teelucksingh said that a several others had been affected since then.
In Minister Stuart Young's statement, he offered assurances that there was “no real damage done.” He said that:
“these web sites don't get into our operating systems, these web sites are not going to affect the records of national security and not the records of immigration either. So there is no reason to be overly concerned about intentional attacks on data that exists in those two very important places.”
Teelucksingh said he didn’t believe the government was being targeted for any specific malicious purpose. “I think it’s a case where they detected a vulnerability and exploited it,” he said. “It’s a cookie cutter operation.”
Teelucksingh observed that all of the hacked sites were running Windows Server 2012 and were developed by a Trinidad-based company called Digital Business, whose web site Teelucksingh said had momentarily displayed the same generic blue Windows IIS Server page that the hacked government sites were showing during the first half of the day on July 26. Some of the government web sites were hosted in Trinidad and Tobago, others in the USA and Canada. None of the affected Trinidad and Tobago government web sites appear to be using HTTPS, a widely used protocol for secure communication that is currently considered best practice.
At of 4:00 pm Trinidad and Tobago time, the web sites of the Ministry of National Security and the Immigration Division remain offline.