Cyber Threat Actor: Bitcoin Baron

Bitcoin Baron is the alias used by a hacker known to have operated from the United States of America. The actor first came to public attention in early 2015 through a series of intrusions against municipal government systems. The individual has not been linked to any larger organization or state sponsor in publicly available reporting. All known activities are conducted under the single pseudonym Bitcoin Baron.

The actor’s targets have been limited to city websites and associated police department networks in the United States, specifically in Oklahoma and Texas. In the March 2015 incident against the City of Moore, the hacker stated the motivation was retaliation for the city’s defense of two police officers involved in a local legal case and demanded a ransom of 100 bitcoins to prevent the release of exfiltrated personnel data. A separate March 2015 operation against the City of San Marcos and its police department aimed to pressure officials to terminate and imprison a former officer accused of assaulting a college student, despite the officer having already been removed from duty and jailed. In both cases the actor used website disruption as a means of amplifying pressure on the victims. No evidence indicates that the actor pursued espionage or long‑term persistence within the compromised networks.

The reported tactics include planting malware on victim systems, exfiltrating files described as personnel information, and rendering websites inaccessible through disruption or defacement. The actor communicated demands and statements via public platforms such as YouTube videos and Twitter posts, linking the cyber activity to a broader publicity campaign. No specific malware families or exploit kits are named in the sources, and the initial access vectors employed are not disclosed. The Moore incident is notable for the explicit ransom demand of 100 bitcoins in exchange for non‑disclosure of the stolen data. The San Marcos episode is distinguished by its vigilante motive, wherein the hacker sought to influence personnel decisions based on outdated information about an officer’s legal status. Together these two operations represent the entirety of the actor’s publicly reported campaigns.