Cyber Incident Victim: Intsights
Date:
Sep 2015
Location:
United States of America
Summary
An anonymous hacker operating under the alias "sgtbilko420" conducted vigilante DDoS attacks against multiple websites affiliated with racist ideologies, including the KKK, the Westboro Baptist Church, an Islamic State-linked platform, and a former Canadian prime minister's site. The attacker claimed the campaign aimed to end racism, emphasizing that modern times should not tolerate such views. Over 20 targeted sites were temporarily taken offline through traffic-flooding attacks originating from compromised computers. The perpetrator, unaffiliated with any established hacking groups, offered a monetary reward for anyone who could reveal their identity and threatened further disruptive actions against additional racist platforms. Despite counter-threats, the hacker remained unidentified during the reported activity period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Beginning on September 15, 2015, an individual using the alias "sgtbilko420" initiated a series of distributed denial-of-service (DDoS) attacks against websites associated with racist ideologies and organizations. The attacker publicly claimed responsibility via a Twitter account (@sgtbilko420), explicitly targeting entities including the Ku Klux Klan (KKK), the Westboro Baptist Church, an online platform linked to the Islamic State, and a site connected to former Canadian Prime Minister Stephen Harper. These attacks overwhelmed the targeted websites with traffic from compromised systems, rendering them temporarily inaccessible. The hacker’s stated motivation, communicated through social media interactions, centered on opposing racism and asserting that such ideologies were outdated. By October 21, 2015, the actor had successfully disrupted 20 websites, with the earliest confirmed attack occurring over a month prior. The attacker operated independently, explicitly denying affiliation with Anonymous or other established hacktivist collectives.
The operational impact of these attacks varied, as some affected websites regained functionality after temporary outages. Despite the disruptions, no permanent data destruction or systemic infrastructure damage was reported. The attacker escalated tensions by offering a $5,000 bounty for anyone attempting to reveal their real identity ("dox" them), challenging adversaries to retaliate. No successful identification occurred despite public threats from opposing parties. On October 21, the hacker issued a warning of expanded operations, promising to target 20 additional racist websites on Halloween, though the scope and success of these planned actions were not verifiable from available data. The campaign relied exclusively on DDoS tactics without evidence of data exfiltration, malware deployment, or secondary attack vectors. Defensive responses appeared limited to technical remediation by targeted organizations to restore service availability.