54
BloombergBusinessweek December 23, 2019TheattackagainstLiberiabeganinOctober2016.Morethan
a half-millionsecuritycamerasaroundtheworldtriedto
connecttoa handfulofserversusedbyLonestarCellMTN,
a localmobilephoneoperator,andLonestar’snetworkwas
overwhelmed.Internetaccessforits1.5millioncustomers
slowedtoa crawl,thenstopped.
Thetechnicaltermforthissortofassaultisdistributed
denialofservice,orDDoS.Crudebuteffective,a DDoS
attackusesanarmyofcommandeeredmachines,calleda
botnet,tosimultaneouslyconnecttoa singlepointonline.
Thisbotnet,though,wasthebiggesteverwitnessedany-
where,letaloneinLiberia,oneofthepoorestcountries
inAfrica.Theresultwassimilartowhatwouldhappenif
500,000extracarsjoinedtheNewJerseyTurnpikeone
morningatrushhour.WhilemostDDoSattackslastonly
moments,theassaultonLonestardraggedonfordays.And
sinceLiberiahashadvirtuallynolandlinessincethebrutal
civilwarthatendedin2003,thatmeanthalfthecountrywas
cutofffrombanktransactions,farmerscouldn’tcheckcrop
prices,andstudentscouldn’tGoogleanything.Inthecap-
italofMonrovia,thelargesthospitalwentofflineforabout
a week.Infectiousdiseasespecialistsdealingwiththeafter-
mathofa deadlyEbolaoutbreaklostcontactwithinterna-
tionalhealthagencies.
EugeneNagbe,Liberia’sministerforinformation,was
inParisonbusinesswhenthecrisisbegan.Hestruggledto
marshala response,unabletoaccesshisemailora reliable
phoneconnection.Thenhisbankcardstoppedworking.
OnNov.8,withhundredsofthousandsofpeoplestilldis-
connected,NagbewentonFrenchradiotoappealforhelp.
“Thescaleoftheattacktellsusthatthisis a matterofgrave
concern,notjusttoLiberiabuttotheglobalcommunity
thatisconnectedtotheinternet,”hesaid.Theonslaught
continued. No one seemed to know why, but there was spec-
ulation that the hack was a test run for something bigger,
perhaps even an act of war.
Then, on Nov. 27, Deutsche Telekom AG in Germany
started getting tens of thousands of calls from its custom-
ers angry that their internet service was down. At a water
treatment plant in Cologne, workers noticed the computer
system was offline and had to send a technician to check
each pump by hand. Deutsche Telekom discovered that a
gigantic botnet, the same one targeting Liberia, was affecting
its routers. The company devised and circulated a software
fix within days, but the boldness and scale of the incident
convinced at least one security researcher that Russia or
China was to blame.
When the botnet took down the websites of two British
banks, the U.K. National Crime Agency got involved, as did
Germany’s BKA, with support from the U.S. Federal Bureau
of Investigation. German police identified a username, which
led to an email address, which led to a Skype account, which
led to a Facebook page, which belonged to one Daniel Kaye,
a lanky, pale, 29-year-old British citizen who’d been raised in
Israel and described himself as a freelance security researcher.When Kaye checked in for a flight to Cyprus at London’s
Luton Airport on the morning of Feb. 22, 2017, he triggered
a silent alarm linked to a European arrest warrant in his
name. He was in line at the gate when the cops arrived.
“That’s him!” an officer said, and Kaye felt hands grab him
roughly under the arms. He was taken to a secure room,
where officers searched him and found $10,000 in a neat
stack of $100 bills. Afterward they drove him to a nearby
police station and locked him up. That was until Kaye, a
severe diabetic, began nodding in and out of conscious-
ness, then collapsed in his cell. He was rushed to a nearby
hospital,wheretwopoliceofficersstoodguardoutsidehis
roomjustincasetheirprisonermanagedtoovercomehis
hypoglycemic coma and escape.
But Kaye was no Kremlin spy or criminal mastermind,
according to court filings, police reports, and interviews
with law enforcement, government officials, Kaye’s asso-
ciates, and Kaye himself. He was just a mercenary, and a
frail one at that.Growing up, Kaye showed few signs that he would one day
be one of the world’s most wanted hackers. Born in London,
he moved to Israel with his mother at age 6, when his par-
ents divorced. In the suburbs outside Tel Aviv, he learned
Hebrew, played basketball, and collected soccer cards. A
diabetes diagnosis at age 14 limited his social life, but by
then Kaye had found a much bigger world to explore online.
He taught himself to code, devouring all the train-
ing material he could find, and became a regular on the
web forums where young Israelis gathered to boast about
their hacking exploits. His alias was “spy[d]ir,” according
to Rotem Kerner, an online friend from those days. They
were “just kids curious about technology and how you can
bend it,” Kerner says.
In 2002 a forum user called spy[d]ir posted a screenshot
of an Egyptian engineering firm’s website, defaced with the
message: “Hacked By spy[D]ir! LOL This Was too Easy.” Over
the next four years websites throughout the Middle East got
similar treatment. The homepage of a Beirut karaoke bar
was tagged with a Star of David. When an Iranian leather
retailer was hit, spy[d]ir shared credit with a group called
IHFB: Israeli Hackers Fight Back. Kaye, a teenager at the
time, denies he was spy[d]ir. But he admits he used online
aliases including Peter Parker, spdr, and spdrman, all refer-
ences to another unassuming young man with hidden gifts.
By that time, Kaye says, he’d graduated from high school
and decided to forgo university in favor of freelance pro-
gramming. He was smart but easily bored, and the internet
seemed to offer unlimited challenges and possibilities. Yet
translating his love of puzzles and pwnage into paying gigs
soon took him into sketchier territory.
Generally speaking, hackers fall into one of a couple of
varieties. Black-hat hackers are spies, crooks, and anar-
chists. White hats hack legally, often to test and improve a
client’s defenses. And then there are gray hats, who aren’t