Cyber Incident Victim: Ku Klux Klan
Date:
Sep 2015
Location:
United States of America
Summary
An anonymous hacker using the alias "sgtbilko420" conducted distributed denial-of-service (DDoS) attacks against multiple websites affiliated with the Ku Klux Klan and other racist entities, including the Westboro Baptist Church, an Islamic State-linked platform, and a former Canadian prime minister's site, temporarily disabling them. The attacker claimed the actions aimed to end racism, declaring it was no longer acceptable in modern times, and threatened further disruptions targeting 20 additional racist sites around Halloween. Utilizing networks of infected computers to overwhelm targets with traffic, the hacker disabled approximately 20 sites over several weeks, with some later restoring functionality. Despite offering a monetary reward for their own identification and facing threats, the individual remained unidentified and unaffiliated with established hacker collectives like Anonymous.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Beginning on September 15, 2015, an individual using the alias "sgtbilko420" initiated a series of distributed denial-of-service (DDoS) attacks against websites associated with racist organizations, including the Ku Klux Klan (KKK). The attacker publicly claimed responsibility via a Twitter account under the handle @sgtbilko420, declaring intent to dismantle racist online infrastructure. By October 21, 2015, the campaign had successfully disrupted 20 websites through traffic flooding from botnets, temporarily taking them offline. Targets extended beyond KKK-affiliated domains to include the Westboro Baptist Church, a platform linked to Islamic State extremists, and a site associated with former Canadian Prime Minister Stephen Harper. The attacker explicitly framed these actions as anti-racism measures, tweeting, "it was time for all racism to come to an end [...] this is not the 1800s anymore." Operational communications included direct challenges to victims, such as an October 21 tweet taunting, "KKK and all RACIST i have a question.. how does it feel knowing one man is taking you all down one by one?"
The DDoS attacks caused intermittent disruptions, with some targeted websites restoring functionality during the campaign period. Despite these recoveries, the threat actor maintained an active offensive posture, publicly warning of planned Halloween attacks against 20 additional racist sites. No malware deployment, data exfiltration, or system compromises beyond temporary service disruption were documented. The perpetrator operated independently without claiming ties to Anonymous or other collectives, while offering a $5,000 bounty for successful public identification ("doxing") through Twitter. No verified disclosures of the attacker's real identity occurred during the documented timeline. Technical execution relied exclusively on DDoS methodologies, with no evidence of advanced persistent threat tactics or multi-vector attacks. Victim organizations did not publicly detail defensive measures or incident response protocols beyond restoring services. The campaign represented a sustained, ideologically motivated disruption effort against hate groups' digital presence over a six-week period.