Cyber Incident Victim: Islamic State
Date:
Sep 2015
Location:
United States of America
Summary
An anonymous hacker using the alias "sgtbilko420" conducted distributed denial-of-service (DDoS) attacks against multiple racist websites and entities, including the Ku Klux Klan, Westboro Baptist Church, an Islamic State-affiliated site, and a former Canadian political figure. The attacker claimed motivation to end racism, stating "this is not the 1800s anymore," and disabled approximately 20 targets by overwhelming them with traffic from compromised systems. The hacker issued public warnings of planned Halloween attacks against additional racist sites and offered a financial reward for anyone who could reveal their identity, though they remained undoxxed despite counter-threats. The operations were conducted independently without affiliation to established hacktivist groups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Beginning on September 15, 2015, an individual using the alias "sgtbilko420" initiated a series of distributed denial-of-service (DDoS) attacks against websites perceived as promoting racism or extremism. The attacker publicly claimed responsibility via a Twitter account (@sgtbilko420), explicitly targeting organizations including the Ku Klux Klan (KKK), the Westboro Baptist Church, and an unspecified website linked to the Islamic State, alongside a site associated with former Canadian Prime Minister Stephen Harper. These attacks overwhelmed targeted sites with traffic from compromised computers, forcibly taking them offline. The hacker framed their actions as a vigilante effort against racism, stating in Twitter communications that "it was time for all racism to come to an end" and emphasizing that "this is not the 1800s anymore." By October 21, 2015, the campaign had disrupted 20 websites, with the attacker threatening further escalations against "20 different racist sites" on Halloween.
The operational impact included sustained downtime for multiple targets, though some sites restored functionality during the campaign. The attacker operated independently, denying affiliation with Anonymous or other collectives while taunting targets about their inability to stop the disruptions. A $5,000 bounty was offered for anyone capable of revealing the hacker’s identity, but no successful doxing occurred despite public threats. No technical details beyond DDoS methodology were disclosed, and no law enforcement or victim responses were documented in the source material. The campaign remained ongoing as of the article’s publication date, with the Halloween threat underscoring the attacker’s intent to continue operations.