A teenage hacker angry about the downing of the Malaysia Airlines Flight MH17 has gone on a hacking spree, apparently breaching several random Russian websites and spilling the private information on millions of Russian internet users.
The hacker, who calls himself Cyber Anakin in reference to the Star Wars character, told me that he didn't really put too much thought into picking its victims. All he cared, he said, was to hit Russian websites.
"I choose the targets randomly, as long as it's Russian," Cyber Anakin told Motherboard in a Twitter message. "I hold consequentialist approach during the hack, meaning that I only care about the public shock among Russians as a result of the hack, and to show the irony that Russians can defend against Hitler but cannot defend against hacker [sic]."
"I choose the targets randomly, as long as it's Russian."
Delusions of grandeur aside, Cyber Anakin seems to have really been able to hack into several websites and databases, including those of the news site and email provider km.ru, the videogame maker Nival.com.
Security researcher Troy Hunt, who maintains the website haveibeenpowned.com, a service that informs users whether they have been victimised in data breaches, confirmed that the data from Nival, as well as that from km.ru is legitimate.
Out of the two, the data stolen from km.ru is perhaps the most sensitive obtained by the hacker.
There are 1.5 million victims, according to Troy Hunt, a security researcher who independently analyzed the data. Other than emails, and encrypted passwords, the hacked database contains secret questions and answers in plaintext, meaning anyone in possession of the data can now hack into any victim's email addresses by pretending to be him or her. The database also contained dates of birth, email addresses, genders, and geographic location. (Km.ru did not respond to an email requesting comment.)
The Nival database contains similar data, such as birthdates, email addresses, genders, names, and usernames. (Nival did not respond to a request for comment.)
Cyber Anakin told me that these hacks are his way of getting "revenge" after the 2014 crash of MH17, which is widely believed to have been caused by missile shot either by pro-Russian rebels or perhaps even Russian soldiers.
The hacker claimed to know someone who had a relative die in that incident, though he declined to elaborate for privacy reasons.
"I can imagine and even feel the sadness that befell upon the relatives of MH17 victims back in July 17, 2014," he told me. "After the MH17 tragedy back in 2014, I made a promise to myself that I am going to revenge against Russians for what they did against the flight."
Whether hacking random Russian websites counts as revenge, that's up for debate. But it certainly shows that there are still a lot of websites out there with glaring security holes, which make for great targets for hackers with and without a cause.