Cyber Incident Victim: City of San Marcos, TX
Date:
Mar 2015
Location:
United States of America
Summary
A hacker identifying as "Bitcoin Baron" compromised the City of San Marcos and its police department websites, demanding the termination and imprisonment of a former officer involved in assaulting a college student. The attacker mistakenly targeted the officer despite his prior removal from duty and incarceration for the same offense years earlier. The cyber intrusion caused both municipal websites to become inaccessible, with the hacker condemning the police department's conduct in a video statement. The incident demonstrated misguided vigilante retaliation against resolved misconduct.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In March 2015, an unidentified hacker using the alias "Bitcoin Baron" executed cyberattacks that disrupted the official websites of the City of San Marcos, Texas, and the San Marcos Police Department. The hacker publicly claimed responsibility through a video released on Monday night, demanding the termination and imprisonment of former police officer James Palermo for his alleged assault of college student Alexis Adelphi during an attempted arrest in 2013. The 2013 physical altercation resulted in Adelphi sustaining a concussion and losing two teeth. Bitcoin Baron condemned the police department's employment of Palermo, stating, "Your police department is disgusting... in no way will I stop 'til Palermo is in prison." This cyber intrusion was framed as retaliatory justice for the assault incident.
The attack occurred despite Palermo having already faced legal consequences prior to the hack. Public records showed Palermo had been indicted for the assault, removed from the San Marcos Police Department, and incarcerated approximately two years before the 2015 website takedowns. Bitcoin Baron's actions were based on outdated information, as evidenced by their demand for disciplinary measures that had already been enforced. The operational impact of the attack rendered both municipal and police websites inaccessible for an unspecified duration, with the Techworm article confirming the sites remained offline at the time of its publication on March 6, 2015. No additional attacker motives, data compromises, or restoration timelines were disclosed in the available source material. The incident demonstrated a misalignment between the hacker's perceived grievance and the actual status of their intended target.