59BloombergBusinessweek December 23, 2019
thathisclienthadrecentlyreceivedjoboffersfromthesecu-
rityindustry.“TheworldneedsMr.Kayetobeontheside
oftheangels.”
Thejudgeadjournedforhalfanhourtoconsiderthe
sentence.AmongKaye’slegalteam,themoodwasupbeat.
Oneofhisattorneys,askedif hemightescapejail,replied:
“Anythingis possible.”EvenKaye’smotherwassmiling.
At4 p.m.,thejudgecamebackintocourttoinform
Kayeofhisfate.TheattackonLiberiawasa “cynicaland
financiallydrivenattackupona legitimatebusinessenter-
prise,”thejudgesaid,readingfromthescreenofhislap-
top.“Isentenceyouto 32 monthsinprison.I’mafraidI will
not,inthecircumstances,beabletosuspendthesentence.”
Kaye,seatedinthedock,wipedawaytearswithhissleeve.
OneoftheenduringmysteriesoftheLiberiahackisits
timing. When Kaye, on Marziano’s instructions, set his bot-
net on Lonestar, Cellcom had already been sold to Orange,
netting a $132 million windfall for its owners. Marziano was
just a consultant for the combined company at that point,
so why take such a big risk?
Marziano hasn’t said anything publicly since leaving
Orange Cellcom in 2017. He was arrested by British police
that August, just as Kaye made his first appearance in a
London courtroom, and released without being charged.
The NCA’s investigation is, technically, ongoing. Marziano
didn’t respond to repeated attempts to contact him via
mail, email, LinkedIn, or the Ethiopian Maritime Training
Institute, where he was listed as a manager in 2017. At his
former address in Israel, his now ex-wife says she has no
idea where he is.
In 2018, Lonestar Cell MTN filed a lawsuit against Orange
and Cellcom in London. Kaye and Marziano are also named
as defendants in the suit, which hasn’t yet reached court. “As
the intended consequence of the DDoS attacks, Lonestar has
suffered and continues to suffer a substantial loss,” the claim
documents allege. Orange has “vicarious liability,” even if
it didn’t know what the conspirators were up to, because
of laws making companies responsible for the conduct of
employees. Orange said in a statement that it knew nothing
about Kaye’s activities until it received the legal complaint
from Lonestar in 2018. “Orange strongly condemns these
actions and has taken all the necessary steps to ensure the
full compliance of all its operations with the group’s strin-
gent ethical guidelines,” the company said.
In Liberia, many people believe the Lonestar attacks
were motivated by politics, not profit. Urey, who’s no lon-
ger Lonestar’s chairman but is still a major shareholder,
keeps a bottle of Johnnie Walker Blue Label whisky on his
desk. “I’m saving it for the day I become president,” he says
in his office in Monrovia. (He ran unsuccessfully in 2017.)
For years, Cellcom publicly supported the party of one
of Urey’s opponents, former President Sirleaf, whose gov-
ernment was in power from 2006 until 2018. An attack on
Urey’s company, the theory goes, might have been intended
to weaken him and his All Liberian Party. Urey himself
blames the American-Israeli management team that used
to own Cellcom. “An American citizen launched an attack
on this country, and nothing was done about it,” he says.
Representatives of Cohen, his companies, and LR Group
didn’t respond to requests for comment. In defense papers
from the Lonestar suit, Cellcom said it had no knowledge
or oversight of Marziano’s activities after the sale to Orange
and didn’t benefit from them.
There’s really nothing stopping other hackers-for-hire
from using DDoS for corporate espionage or chaos. It’s
proved to be a cheap and effective way to hobble a rival.
Since the Liberia attack, the ranks of internet-connected
devices have continued to grow rapidly, including cars, med-
ical implants, even beehives. While the technology to defend
against botnets has advanced, too, it’s yet to be tested by a
next-generation Mirai-type incident, according to Payton,
the former White House online security official. If that hap-
pens, it’s unclear how or whether those defenses will hold
up, she says. “We won’t know until we are there.”
Kayeservedthefirstpartofhissentenceinseveralpris-
onsaroundLondonbeforemovingtoBelmarsh,a maximum-
security facility that houses rapists, murderers, and terrorists.
Its nickname, Hellmarsh, is scrawled on the walls inside.
In a series of interviews at the Belmarsh visiting room,
Kaye, now 31, has little to say about his life or work and
deniesbeingbehindmostoftheonlineidentitiesthathave
beenlinkedtohim.Hecan’tevenexplainhisuseofSpider-
Manreferences.It wasrandom, he says.
There may be good reasons for Kaye to keep quiet.
Someofhisallegedaliaseshavebeenlinked toother
offenses.JournalistBrianKrebs,whorunsthenewswebsite
KrebsOnSecurity, hasreportedthatbestbuyandpopopret
were observed on black-market hacking forums selling
GovRAT, a virus used to target U.S. government institu-
tions. Bestbuy and popopret were also users of Hell, an infa-
mous darkweb forum popular with black-hat hackers (its
slogan: “F--- heaven, hell is hot”). Kaye might be both best-
buy and popopret, as some police officials believe, or nei-
ther of them. They might be different people, part of his
circle of criminal hackers. Kaye denies being behind either
alias, although he admits to using bestbuy’s name to cover
his tracks.
Kayesayshehasn’tspokentoMarzianosincetheirlunch
inLondonjustbeforehisarrest.WhenKayeisreleasedin
early2020,he’llfacecourt-mandated restrictions limiting
hisaccesstophones,computers,andencryptionsoftware,
thoughhehopestocontinuehiscareerinonlinesecurity.
Untilthen,hespendsalldayintheprisonkitchen,chopping
vegetables. The more controlled environment allows him to
avoid contact with Belmarsh’s more frightening residents.
Does he have any regrets? Of course, he says, looking around
at the tattooed inmates in the visiting room. “I can’t believe I
ended up here.” <BW> �With Leanne de Bassompierre, Jonathan
Levin, Yaacov Benmeleh, and Jordan Robertson