Darknet Diaries - 63: w0rmer
Episode Date: April 14, 2020The hacker named w0rmer was active within AnonOps. These are Anonymous Operations which often organize and wage attacks on websites or people often with the purpose of social justice. Eventua...lly w0rmer joined in on some of these hacking escapades which resulted in an incredible story that he will one day tell his kids.Thanks to w0rmer for telling us your story.SponsorsThis episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25.Support for this episode comes from LastPass. LastPass is a great password manager but it can do so much more. It can setup 2FA for your company, or use it to monitor what your users are doing in the network. Visit LastPass.com/Darknet to start your 14 day free trial.SourcesArchived TweetsFeb 7, 2012 Twitter user @Anonw0rmer posts “@MissAnonFatale I managed to pwn1 a site , get my papers , find my required primary IDS , yeah baby, i deservers em :)”Feb 8, 2012 1:17 AM, Twitter user @Anonw0rmer posted, “ROFL! WaS that us? https://www.wvgazettemail.com/news/legal_affairs/hackers-group-posts-police-chiefs-information-online/article_77f79fd5-f76f-5825-ae19-43a398361fdf.html o yeah oops #OpPigRoast #CabinCr3w”Feb 9, 2012 12:35 AM, Twitter user @Anonw0rmer posted, “DB Leak http://dps.alabama.gov https://pastehtml.com/view/bnik8yo1q.html”. The bottom of this post originally showed this NSFW image.Feb 9, 2012 at 8:42 PM, Twitter user @Anonw0rmer posted, “Mobile Alabama Police Criminal Record Database Logins Failing To Protect And Serve I Via @ItsKahuna I http://pastehtml.com/view/bnmjxxgfp.html #OpPiggyBank.”Feb 9, 2012 at 8:39 PM, Twitter user @CabinCr3w posted, “Texas Dept. of safety Hacked By @AnonWOrmer for #OpPiggyBank http://bit.ly/x1KH5Y #CabinCr3w #Anonymous” Bottom of pastebin also shows a woman holding a sign saying “We Are ALL Anonymous We NEVER Forgive. We NEVER Forget. <3 @Anonw0rmer”Feb 10, 2012 at 9:07 PM, Twitter user @Anonw0rmer posted, “My baby SETS standards ! wAt U got? https://i.imgur.com/FbH2K.jpg https://i.imgur.com/zsPvm.jpg https://i.imgur.com/S2S2C.jpg https://i.imgur.com/TVqdN.jpg #CabinCr3w”.Links Criminal Complaint - United States Western District Court of Texas https://gizmodo.com/these-breasts-nailed-a-hacker-for-the-fbi-5901430 https://www.tomsguide.com/us/Anonymous-CabinCr3w-w0rmer-Ochoa-Australia,news-14803.html
Transcript
Discussion (0)
The news today is crazy.
There's injustice happening all around us.
But it's not clear what we should do about it.
Or, as Bob Dylan said,
yes, and how many times can a man turn his head and pretend he just doesn't see?
This is a story about how one guy decided enough is enough and took matters into his own hands in the only way a hacker knows how.
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Darknet Diaries.
This episode is sponsored by Delete Me.
I know a bit too much about how scam callers work.
They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive.
It's endless.
And it's not a fair fight.
But I realize I don't need to be fighting this alone anymore.
Now I use the help of delete me delete me as a subscription service that finds and removes personal information from hundreds of data brokers websites, and continuously works to
keep it off. Data brokers hate them because delete me make sure your personal profile is no longer
theirs to sell. I tried it and they immediately got busy scouring the internet for my name and
gave me reports on what they found. And then they got busy deleting things. It was great to have someone on
my team when it comes to my privacy. Take control of your data and keep your private life private
by signing up for Delete Me. Now at a special discount for Darknet Diaries listeners. Today,
get 20% off your Delete Me plan when you go to joindeleteme.com slash dark net diaries and use promo code dark net at checkout.
The only way to get 20% off is to go to join delete me.com slash dark net
diaries and enter code dark net at checkout.
That's join delete me.com slash dark net diaries.
Use code dark net.
Support for this show comes from black Hills information security. Thank you. your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand, is a teacher, and he's made it a mission to make Black Hills Information Security world-class in security training. You can learn things like penetration testing, securing the
cloud, breaching the cloud, digital forensics, and so much more. But get this, the whole thing
is pay what you can. Black Hills believes that great intro security classes do not need to be expensive,
and they are trying to break down barriers
to get more people into the security field.
And if you decide to pay over $195,
you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills
and showing them off to potential employers.
Head on over to blackhillsinfosec.com
to learn more about what services they offer and find links to their webcasts to get some world-class training.
That's BlackHillsInfosec.com.
BlackHillsInfosec.com.
This episode does have foul language and some light descriptions of nudity.
If that's an issue for you, you've been warned.
I'm sorry, what's that?
I can use this call for the podcast Darknet Diaries?
Oh, of course, of course.
So, yeah, I want to hear all about it.
I want to hear what happened to you, how you got in trouble and all this stuff.
So are you ready to start from the beginning?
Yeah, yeah.
Hackers sometimes have two names.
The name they use online, like a cloak, the one they go by, that all their friends online
know them as, even if they don't know them at all.
And then there's their real name, the name their family uses.
Sometimes there's a night and day difference between the personas associated with these
names, literally.
One used only during
the day and the other at night in the darkness of the internet. You know, from pretty early on,
hacking for a cause versus hacking for a malicious just to do it. I mean, just to do it was a lot of
my early hackings. I need access or I'm bored. Let me go hack this site up or Hey, new zero day. Let me go try it out. Um, but that focused me into that, that realm. His love of computers led him into hacking,
all kinds of hacking, knocking websites offline, getting into their databases and defacing them
were all things that he knew how to do and was doing sometimes just for fun, sometimes for a
cause. But, um, yeah, so that kind of lent itself from the adoption of Anonymous by me.
Right. They seem to have the same ideals.
They like to do funny shit just for funniness. And I was all about that.
But I also like the fact that, you know, there was a little bit of social justice in there.
You know, hey, we're going to harass these people, but it's for this cause.
And at the time, you know, apolitical.
There's no right. There's no left. There's no wrong or right.
It was just this is something to do.
There was a lot of fervor behind this mask and this identity of non-identities.
This is Wormer. At least that's his online name, his anonymous identity. And when I say Wormer is his anonymous identity, I mean, that is the name he would useDoSs. And I kind of watched and learned the organization as it was being managed.
Right. The secret rooms and all that good stuff.
We are anonymous.
Nobody is really a member of Anonymous.
We are Legion. We do not forgive.
And at the same time, everyone is really a member of Anonymous.
We do not forget. Expect us.
It's not a well-defined group, but Wormer here had been watching what they were doing for years
and sympathizing with a lot of their causes. For instance...
Shut it down. It is time to shut down this terrorist organization, this terrorist website, Wikileaks.
Shut it down, Attorney General Holder.
In 2010, Wikileaks, a site that was releasing secret documents to the public, rose in popularity.
WikiLeaks was based on the idea of letting the people judge these secrets and government activities or scandals for themselves.
But many of those in power saw WikiLeaks as a big problem.
I think the man is a high-tech terrorist.
He's done enormous.
Assaults.
Yeah.
He needs to be prosecuted to the fullest extent of the law. And if that becomes a problem, we need to change the law. Many people in Anonymous loved the idea of people in power falling due to a scandal coming to light.
But let me remind you, this was 10 years ago. A lot about Assange and WikiLeaks has changed since then.
But at that time, Anonymous liked WikiLeaks and thought it was cool.
The founder of WikiLeaks has warned that it may soon have to stop publishing secrets because of a cash crisis.
But in January 2010, PayPal suspended and froze all donations to WikiLeaks.
Julian Assange says the outfit is feeling the pinch
because of a financial blockade by several U.S. firms.
This made a lot of people in Anonymous outraged.
So a group of Anonymous people decided to take PayPal offline.
Anonymous hacker activists have basically gotten together
and are exacting revenge for what they see as attacks on Wikileaks.
And they're targeting a number of corporations that have cut off their ties with Wikileaks,
MasterCard, Visa, PayPal, also the Swiss bank that shut down Julian Assange's account in Switzerland.
And so were you watching some of that stuff go down?
I was in the chat rooms when that was going on yeah uh from the planning phases to the the
kicking it off and getting everyone um um you know on board um in fact i believe around a similar
time i wrote a python application that would actually look at like twitter trends and then
inject um our call to action uh to kind of try to force the hand of,
okay, well, here's this trending thing.
Here's this thing we want to talk about.
Quickly inject it into the stream a couple of times
and move on to the next one.
So I was definitely part of the machine,
getting people involved and understanding the attacks
and why people were doing it and how they're organizing it.
14 people were arrested for this attack on PayPal.
Wormer didn't get caught this time, but he wormed his way deeper into Anonymous. It had become part
of his identity, and he saw the next big movement starting up. Around, you know, 2010, 2011,
the Occupy movement had started. He was upset that banks, the one percenters, were getting bailed out.
And the 99 percent, the rest of us, had to carry the burden.
He wanted to get the message out.
I did a non-communications.
So if we needed something or if we had an event that we were doing or a call to action,
I would go and amplify that through like year-on-news and et cetera, et cetera.
I would throw that out there to get it into the masses.
I did the hacker channels, right?
So there were dedicated channels where if you were a hacker, they would bring you into that.
I hadn't yet really broken the law, but I was still helping out.
Anonymous was known for exposing issues that they thought the public should know about.
And this morphed into a sort of online township rebellion.
Why stand on a silent platform?
Fight the war.
By this time, I'm already, you know, very rage against the machine.
You know, fuck the government.
Fuck this.
I'm going all in and here's a cause
where the rest of the people around me are also uh for it you know it became a movement to just
get let's get the truth out there and expose something so i could see why you're swept up
in the fervor now right and remember the hacker manifesto manifesto is that all information should be free.
So it was ingrained in me by this point, right?
Everything should be free. Look at these whistleblowers. Look at this.
And so, yeah, it was really easy for me to get swept up and kind of radicalized.
I already had the prerequisites. I just needed someone to point my anger somewhere.
And, you know, Anonymous at that time did just that.
And one of the prerequisites he had was that he was becoming a skillful hacker,
not just taking websites offline by flooding them with packets,
but he was also learning how to wiggle his way into a website with precision
and gain access to the backend database.
So with these skills and Anonymous lighting the fire behind him,
it was soon going to be time for Wormer to jump into action.
In 2011, the Occupy Movement protests began.
Calling witness to wealth inequality in the U.S.
It's immoral not to stand up and say something.
There was an injustice here, and Wormer wasn't going to sit and do nothing.
This movement moved him to get up and go protest himself in person
in a small town in Michigan where he was living at the time.
He was protesting downtown and then camping there all night.
24 hours a day, he was making a statement.
The police used batons to clear them out,
that the police threw their stuff into garbage trucks, into rubbish trucks,
and told them they could come and get it back in the morning.
But cities were not always happy with this.
Some had called in the police to clear out these camps.
Ladies and gentlemen, at this time, we ask that you walk onto the sidewalks.
But when the cops started doing things they weren't supposed to be doing,
that's when Anonymous started keeping a close tab on them and recording what they were doing.
After it is cleaned, as was stated in the legal notice.
Well, at that time, I was doing cop watch.
So there were still some camps that were running, but they were all pretty much getting their eviction notices so i'm watching this one particular one i don't remember the state
um but i remember the event uh and these cops were marching in on this place they had already
harassed the camp multiple times flashing their lights try to wake everybody up that kind of stuff
um and as they're coming coming through uh camera, people on the ground were trying to record and get their IDs, right.
Try to get their numbers. And we noticed that their numbers were blacked out.
They had put in black tape over, you know, I was just like, Whoa, you know,
like what's going on. And we had reports of people switching districts.
So they would raid a camp,
not in their police district in case they had friends or family that ran into
it doing all these kinds of little things. So I'm watching this elderly woman
and she starts having a seizure and this cop, assuming automatically, right, that she's
resisting, just starts beating her. The, oh my God, that could be me, hit me like a ton of bricks.
And action had to happen.
It had to happen.
They're arresting everybody.
They're shutting down our camps.
Everything's just starting to come to that head.
And I said, that's it.
I can do something.
Wormer begins to morph from an activist into a hacktivist and enters some dark waters on the Internet.
He finds out Anonymous had already started something called Operation Pig Roast.
And after the break, Wormer goes head over heels into it all. To be continued... much stolen identity data criminals have at their disposal, from credentials to cookies to PII.
Knowing what's putting you and your organization at risk and what to remediate is critical for
protecting you and your users from account takeover, session hijacking, and ransomware.
SpyCloud exists to disrupt cybercrime with a mission to end criminals' ability to profit
from stolen data. With SpyCloud, a leader in identity threat protection,
you're never in the dark about your company's exposure from third-party breaches,
successful phishes, or infostealer infections.
Get your free Darknet exposure report at spycloud.com slash darknetdiaries.
The website is spycloud.com slash darknetdiaries They're going around for the Occupy movement
and finding this private information about these police officers
because they had started hiding their badges and stuff.
Wormer, the hacktivist, has moved his camp from downtown on the streets
to back home in his bedroom
where he can try to use hacking to expose the police that were covering up their names and badge numbers and sort of pull that tape off digitally.
Anonymous didn't want these cops being anonymous.
We're after cops. I'm going to find them all. He would first scour Google, looking for any lists of police officers in his town,
and then try to match them with faces and try to identify them in the protest videos.
And this was something, but it wasn't enough.
Wormer wanted to know more.
I was after names and addresses.
And if you didn't want to follow your own laws to use your phone,
your number on your badge, so at least you could be accountable for your crimes, then
I'm going to make it really easy to go back and check to make sure, hey, you know, this guy did
this thing. So Wormer decides to hack the police. He started getting a list of police department
websites and looking at them to see if there was any way to hack into them to see maybe he could find a list of police officers. Back then you were kind of doing
something new, which was going after cops and that not many people had done that yet.
And did it kind of feel like this was a forbidden target? Like, did it feel really,
really, really wrong to you or what? I have cops in my family. I don't hate cops.
I hated what these particular cops were doing.
I came into this knowing that at some point I was going to be caught.
At some point I was going to be held responsible.
And, you know, we just had to do it.
Sit back, grab some popcorn and enjoy the ride.
The anonymous Operation Pig Roast went into full effect.
We couldn't sit idle while we watched our brothers and sisters being beaten.
Wormer joined up with a hacking crew called Cabin Crew, and he began a roaring rampage of hacking the police.
We are the cabin. We are the 99%.
He would ask other people in Anonymous to send him links to every police department's website in the cabin. We are the 99%. He would ask other people in anonymous to send him links to
every police department's website in the U.S. and he would build a long list of these websites and
then he would use his computer to programmatically scan each website to see if any of them were
vulnerable. The first one that he found that was vulnerable was a police department website in West
Virginia. He found the website was vulnerable to SQL injections,
a common vulnerability on many websites.
So he hacked into the West Virginia Police Department's website
using an SQL injection,
and this allowed him to peek behind the website
and see the database underneath.
And that database had a list of all the police officers in that department.
You got the database, which had 150 law enforcement officer usernames And that database had a list of all the police officers in that department.
You got the database, which had 150 law enforcement officer usernames, passwords, home address, home phone number, cell phone number.
Yeah, yeah.
So, I mean, what are you doing with this data then, once you have a database dump of a police department?
A paste bin or ghost bin or one of the bins and then send it out it's it wasn't for me to be judge and executioner my job was my the way i saw it um anonymous as a whole
wanted and needed for whatever reason this information i don't need to agree or know or any of that. Here's my job. I'm going to go do it.
And so Wormer would publish the personal information on all these police officers
that he could find, posting it to places like Pastebin, which is a place you can write texts
anonymously, and it pretty much stays there forever. But of course, as soon as it was posted there, it was also tweeted out and spread on all the anonymous channels.
So the world could see the personal information of these police officers.
And this is what you call doxing the police.
And remember, don't dox and drive.
Yeah. And so, I mean, I'm trying to guess what you're hoping happens here might be that somebody catches one of these police officers on a video.
They see their badge number, something, and now they can look up on Pacebin.
This is the guy. This is the actual police officer. This is where he lives and all this kind of stuff.
I mean, is that what you're kind of hoping is that somebody else makes the connections after you well well right right um and and the real life effect was cops
started stopped getting on and and doing these big press conferences where they talked about how
they destroyed occupy movements right because every time a police officer had been in front
of that camera we had doxed them and that just got you know bigger. So there was the real-life ramifications of that.
What we were trying to do was accomplished.
We had them, hey, if you're going to do this, cool, that's your job.
You're going to be a cop. That's your beat.
Cool, this is my job. This is my beat.
And as Wormer would hack the police, put everything into Pastebin,
and then publish it, he was also tweeting this.
And here's one.
On February 7th, 2012, username Adan Wormer posted on Twitter
hashtags op pig roast and cabin crew and then with Pastebin links to the website
where he dumped the whole database of police officer names.
At this point, the West Virginia Gazette noticed the dump and wrote an article about this.
And Wormer tweeted, quote,
Was that us? ROFL? Yeah? Oops? End quote.
The next police department website he found vulnerable was Alabama Department of Public Safety,
which included the National Crime Information Center data.
Like, this website had access to databases such as the sex offender registry,
vehicle registration information, and other personal identifying information.
But all Wormer was interested in, though, was the police officer's personal information.
So he grabbed that and he started to put it together in another pastebin dump.
But this one was a little different.
This one is a little bit interesting.
This pastebin.
You started a new thing.
Why don't you tell me what that pastebin was about?
You wanted the effect.
You wanted to anger people.
We weren't just hacking.
We were hacktivists.
And so you kind of had a little pizzazz in it, right?
And so we were having people send us shots of them in various things of undressed, holding up these kind of come at me, bros.
Yeah, he actually did have the audacity to tweet at the FBI where he said, quote, come at me, bro, end quote.
So as Wormer would put together his Pacebin post, he was adding extra pizzazz.
First, at the top of the post, he would spend a lot of time
making some ASCII art. Since Pastebin only lets you post words and no pictures, he used just
letters to make pictures and put them in the post. Okay, cool. But this is where things get weird.
In this post, he added a link to an image of a mostly naked woman, but you can't see her face and she's holding a sign.
So, yeah, I mean, tell me about that picture.
What does that picture describe that picture to me?
Um, well, I'm trying to remember which one was the first one.
Well, it has it has her breast and sort of a bikini.
And then it said pwned by wormer and cabin crew.
Heart you bitches.
She had taken a bunch of photos holding these different signs I had told her about or asked her to print up.
And so got included into one of my hacks.
And who was she again to you at the time?
So I'm working on this decentralized platform, Dick Deep and C-Code.
And in comes this Australian woman, and she had seen something where the dogs were being abused.
And she wanted answers.
She wanted this shit taken care of.
So she joins this anonymous chat room that Wormer was in and started asking a bunch of questions.
Like, can you find out who's doing this animal abuse kind of stuff
but the line that won her over was tits or get the fuck out like didn't have time for your bs
don't have time for whatever you're coming at me with i'm i'm building something great i did that
and she put a picture down with her head cut off of her in a bikini looking beautiful on the beach and that was it. I fell for her that day.
So she was just kind of on the fringes of anonymous, just kind of looking for information,
but not really involved. Right, right. Didn't really want to be involved in any of it. She
just, hey, here's the cause I think you guys should care about. So Wormer starts flirting
with this Australian woman. He starts liking her more
and more and he finds himself chatting with her for hours and hours. We had talked to each other
online in Skype calls and stuff like that. I'd obviously seen her in various forms of undress.
It was just, you know, we hadn't, I was in America, she was in Australia. So essentially we private message and we just talk like human to human.
You know, what are you looking for? What kind of dreams are you about? What's your life like?
And we just started talking and I just I just fell for her. She was a genuine person.
She talks and emotes literally with the feelings of herself.
You know, there's no hiding behind things.
I didn't have to guess what she was doing or feeling or thinking.
She's pretty forward with it.
We got engaged shortly after.
Wait, have you met each other before you got engaged?
Nope, nope, nope.
And you can, if you go through my Anon-warmer tweets too you can even see how that
kind of goes on fruition but um essentially you know once i once we started talking and and
again i'm i'm hacking by day and at night because she's sleeping or working right
and she's in australia so it's a whole 12 hour difference.
So I'm hacking and doing my stuff in the day.
And then I'm spending nights talking to her.
So I'm tired and all that other stuff.
I'm a 30 something year old dude.
Like, like, Hey, here's a hot chick.
And she seems to be cool, but everything that we're doing in our uh both in
our social lives and as we're talking seem to be genuine um i feel you know one way she feels the
same way um i saw no reason i don't i couldn't think of a reason uh you know we had covered a
broad topics i mean um everything from you know how do you see in the future? What kind of plans? All
that kind of stuff. So by this time, I think anyone who's ever had an online relationship
knows how quickly these things can just like snowball up, right? Now, when Wormer got these
photos of this woman, he's a hacker, right? So one of the first things he does is to look to see what
metadata there is in her photos. He sees the photo was taken in Thailand and asks her about
it. She says, yeah, she took it while on vacation. So he asks her for more photos. And these all have
that EXIF metadata in them. And he was able to look to see where these photos were taken. And
he tracked it down to a house in South Victoria, Australia. And he finds the exact address through the geolocation data in the photo and asks her, what's this address?
And she's like, uh, yeah, that's where I live.
Now, over the next few days, they become better and better friends.
And he asks her to print out some paper signs and pose with these signs.
Because he thinks this would be a great calling card to post with each police department database he leaks. A woman in a bikini with a sign that says hacked by wormer
or something like that. So she sends him these photos of her in different poses with different
signs. All right. So West Virginia chief of police site down tweeted about it. You're in the news.
That tweet's done. You've got the DPS Alabama
Police Department.
That's been owned. At the bottom of that
pastebin is a picture of your
girlfriend's
breasts in a bikini
that says something like
Pwned by Wormer and Cabin Crew
Heart you bitches.
Yes. Yes.
Department of Safety.
Hacked by a non-wormer for op piggy bank.
There's a payspin link.
Hashtag cabin crew.
Hashtag anonymous.
And this cabin crew is proud to present and release TexasDps.state.tx.us data.
And at the bottom is another, is the same female, your girlfriend.
Yep.
With a scantily something or another.
And it says, we're all anonymous.
We never forget.
We never forget.
Heart a non-warmer.
So February 10th
I mean you're just rapid fire at this point
the very next day Twitter user
a non-wormer posts
my baby set standards
what you got and then you've got
like five images of her
hashtag cam and crew and I have these
images here so you've got
again a bikini no bottom but the bottom of her is covered up by a sign that says,
Come at me, bro, a non-wormer.
Underwear.
Her underwear is there.
And it says, Proudly poked by wormer, a non-love.
We're so classy, by the way.
Yeah, that's.
She's got just real short shorts on and this one with no top, but you can't see her breasts.
She's turning with her back towards you.
And it says warmer pwned your ass and mine.
You mad, bro.
I have a way of also inciting anger in people.
And I think I think that's obvious, too. And then what I was doing right. I inciting anger in people. And I think that's obvious too.
And what I was doing, right?
I was egging everybody on.
But a little backstory on that.
So as you can see, all of them are pretty in your face
and they're trying to get an investigator really after me.
I already knew the GPS EXIF data was in them.
And so I had a whole workflow for that.
I had my dirty images and then I would clean them and put them in another file.
When I went to publish that, I went, I went one, two, three. And so, man, I need one more photo.
And I grabbed the wrong one, put it in there and hit tweet.
He accidentally posted one of her photos that he didn't clean the metadata off of,
which means in the file was data of where that photo was taken.
So I slipped up and I just remember if there was a camera, right?
Turning to the camera and being like, fuck.
But maybe they'll maybe they'll miss it.
Right. Yeah. Maybe maybe they just won't.
Maybe they'll run through the first three and be like, eh, nothing here.
That's not what happened, by the way, though.
Spoiler alert.
So the police were not happy with whoever a non-warmer was.
I mean, how could they be?
He was doxing the police themselves.
Of course, they want to know who was doing this and arrest him.
So an investigation started.
A special agent for the cyber squad of the FBI began investigating him.
He called up the West Virginia Police Department, wanting to look at all the logs of the hack.
And then the Alabama Police Department to see their logs. and then the Texas Police Department to see them too.
To the FBI, this all looked like it was exploiting the same SQL injection vulnerability.
Not only that, but a non-wormer was claiming responsibility for each of these hacks on Twitter.
So it obviously was the same person.
But not only that, the logs of each of these hacks all seem to be coming from the same IP address.
The FBI learned this IP address was for a residential internet connection that AT&T provided.
The FBI submitted a warrant to AT&T asking for what customer had that IP.
And this led them to an apartment and person in Galveston, Texas, which was exactly where
Wormer was living at the time. But it wasn't Wormer's name or address. He was too clever for
that. Instead, he hacked into his neighbor's Wi-Fi and did all these hacks from there. So when the
FBI called his neighbor, they didn't really understand or know anything, and this didn't really help the investigation.
It was kind of a dead end. So the FBI began looking at these photos that Wormer was posting
of his girlfriend. Wormer had erased the geolocation data of all these photos except
for that one last photo, and the FBI saw the longitude and latitude of where that photo was taken, which was a house in South
Victoria, Australia, Wormer's girlfriend's house. The FBI looked up who lives there and found her
name. And then the FBI looked up her Facebook profile and saw she's in a relationship with a
guy named Hino Ochoa. The FBI continued to analyze all the stuff Wormer posted.
And Wormer posted other pictures too, screenshots of the hacks he did.
And the FBI examined each of these screenshots.
The metadata was erased and cleaned.
But in the screenshot itself showed a username that was logged into one application. And the username was Hij Ochoa,
which could be short for Hinyo Ochoa, which has a silent G in it.
Next, the FBI did some open source intelligence,
just googling things like putting Wormer and Hinyo Ochoa together.
And sure enough, these two names did have connections.
There were some blog posts that
connected both of these together and the fbi learned that hinio ochoa was the neighbor of
that person who they first tracked that ip to with this the fbi had enough information to positively
believe that hinio ochoa was the name of the person conducting these hacks on the police departments.
I mean, yeah, walk me through how, between now and when you get caught, how did they catch you?
I'm sitting there one day, I notice there's a new Cisco wireless AP.
Basically, he was in his apartment and he wanted to see what Wi-Fi signals there were in the area.
And a new one popped up and he looked to see what brand of router was broadcasting this wi-fi because he was probably
looking at this to see if he could hack into another neighbor's wi-fi huh that's weird a because
cisco is not a brand you see in an apartment complex it's not you're usually at&ts or tp
links or something cheesy like that but But this particular one was a Cisco.
So cracked in to that, scanned, realized it was hooked up to a laptop.
At the same time, construction started on the street outside his apartment.
All of a sudden started getting road work done on it.
And in Texas, it's, you know, pretty common.
But there's something strange about it. The people that would show up and they would act
like they're working right, but never do anything. And I was like, okay, something's going on.
I remember walking outside and seeing the actual undercover agent that was watching me
just smoking cigarettes, throwing them over the balcony.
And that was a tell-to, right?
This dude had been here chain-smoking for God knows how long.
Because I don't just leave every day.
He assumes he's being watched, both in real life and online.
He feels too close to the fire. He closes the shop.
And I was like, well, that's the guy.
You know, I'm not going to push them. I'm not
going to whatever I'm, I'm done. I got to the point to where I didn't want to do this anymore.
You know, um, I had done my job. I'd done occupy. I had done this.
I had a beautiful new fiance. I need to get on with life.
It's a love story involved in this too. I wasn't expecting this.
That I think is the loss of it, right?
You have this angry adult who goes out and freaking wreaks havoc on a particular thing.
And here this beautiful Australian woman comes in and he's like, nah, I'm good.
And just wants to sail away and be happy in Australia.
I think it's every nerd's dream, right?
Yeah, until they met her in a hacker chat room, man. At this point, he's about 30 years old.
It's March 2012, and it's just 10.30 a.m.
So I'm downloading this database.
I wake up, I check on him.
I'm like, man, I need some fucking coffee.
But it's early for a hacker.
While he's getting his coffee, he's really thinking he's done with hacking.
He just wants to be with this girl in Australia and forget about hacktivism, at least for now.
So I stumble over the coffee machine.
I turn on the coffee.
It pours out.
I made a whole cup of coffee, right?
So I hear this jingling.
I'm like, what the fuck?
And so I go and I go look through the peephole and I see the groundskeeper guy trying to let in what looks like five heavily armed men wearing ski masks and shit, right?
I'm drinking my coffee.
And in the back of my head, I'm like, i have time to grab this thing and throw it in the
fire and just let it burn he's referring to his laptop i'll open the door and i'll plead not
guilty um so it did it did cross my mind right but uh at the end of the day i'm just like you
know what i signed up for this i knew this day was coming so i unbolted the doors opened it up and all you hear
is fbi you know hands up i got literally i'm in my boxers with a cup of coffee i'm just like
this is it man you know let's go uh i asked the guy for my pants you know because they immediately
want to put my hands in cuffs take my my coffee. They didn't give me my coffee.
Little assholes.
Did they give you pants?
They did let me wear pants, yes.
They let me put my pants on.
Now, fully clothed, he's an open book
to the five armed FBI and police officers
in his apartment.
They're going through all his stuff
and asking him a bunch of questions.
I'll cop to anything I did.
You just ask me.
You know what I mean?
And if I did it, I would say, yeah, I did it.
If I didn't, no, I didn't.
And he pretty much did what we just did.
He printed up my timeline and just tweet by tweet.
Is this you?
I'm like, yep, that's me.
Is this you?
Yep, that's me.
Is this you?
Yep, that's me.
Is this you? Nope, that's not me. I you? Yep, that's me. Is this you?
Nope, that's not me.
I don't even, I didn't do any of that.
You know, so.
And that was, that was it.
But, but I mean, it was shock to my whole family.
Wormer's real name is in fact Hino, or Hidge for short.
The FBI had the right guy.
And this is when everything that was dark is now exposed to
the daylight. He led such different lives that his family didn't even know he was a hacker.
He didn't tell them about the photos of the breasts or whose breasts they were,
or that he had fallen in love with the woman behind them.
And they asked my family, you know what I mean? Like, hey, you know, what do you know about his
Australian girlfriend? And my family's
like, what the fuck are you talking about? He's a nerd. He ain't got no girlfriend, you know?
Oh no, he's got an online girlfriend. Nah, he doesn't have an online girlfriend.
The FBI starts talking to Hidge's parents, and that's when his parents learn that he's been
engaged. The FBI agent says they're engaged and they're just like,
excuse me, my son's engaged to an Australian woman. And they're like, yeah. And they're like,
you're fucking crazy, dude. Like, we don't know what you're talking about. It was a shock to
everybody. The police process him, take him down to jail. He gets out on bail that day. He gets a
lawyer and starts working on different kinds of plea deals he might have options for. Like he's willing to admit he's guilty for all
these things he's done. So maybe by cooperating with the cops, he might not get that hard of a
sentence. He's got a date set for this trial, but in the meantime, he's not allowed to use a computer
at all. So all his Skype and chat messages with his online girlfriend, they suddenly stopped.
But love moves faster than the law, and it transcends the internet. She doesn't know why
he's suddenly stopped talking to her. So she starts trying to figure it out. She learns he
was arrested for hacking. And with that, she feels a sense of loss. Just yesterday, her relationship was getting hot and heavy.
But now, it was suddenly gone.
They were ripped apart from each other.
This wasn't okay for her.
She was heartbroken.
She told him, I'm coming, Hidge.
Meet me at the airport.
I'm sitting at this airport, and my mom's still completely shocked that I even talk to girls, more or less have a fiancé.
And all we know about her is she's got big boobs,
she's blonde and Australian, right?
And so we're sitting at the airport waiting for to come in and you know you're just you're looking
at the top of this escalator and the first blonde that comes over is a six foot tall blonde look
almost like a dude and i was just like oh great here it goes right and my mom just starts laughing
well that's what you get right you go online you're dating you think you got this hot chick
it's really it's a it's another 30 year old man man good luck good job baby no prison's gonna do
good for you and so i was like jesus man this sucks and then you know she goes all the way down
and she's walking towards me i'm just like j, Jesus, dude, please don't be it.
And she even stopped, right, to look for directions and then walks off, right?
So I'm like, oh, my God, thank God.
And just as that rocked away, here comes my 5'2", beautiful fiance over the escalators come down.
And he just ran up to me, gave me a giant hug,
and it was the best, to this day, the best hug I've ever gotten.
It was just like everything clicked into place.
It was just, it was, I mean, I can still,
I still get goosebumps thinking of that very first time that we met.
It was just amazing.
This is Kylie, the Australian girlfriend, his fiance, the voice
behind the breasts that are maybe the most famous hacker calling card in federal history.
When you joined the chat room, what did what did you guys how did you connect?
He said to me, Titzel, get the fuck out.
And what did you do after that? I had no idea that meant um so uh when he explained it to me i
thought you know what i'm just gonna send this guy photos so i sent him a couple of photos um
one of me in a bikini that i'd been in in thailand recently um and then another one um it's a very
very type like dress that i was wearing to a concert. So I sent him a couple of pics.
So he's like, wow, she's real.
This is a girl.
She has tits.
She's got great tits.
And we just, we started talking and it became romantic pretty quickly.
You know, he's charming.
He is a great social engineer and he's very smooth at getting,
making girls take notice.
And so that's what happened.
He was just really sweet and I fell for it.
So at some point he asked you to take specific photos that say like pwned by wormer and stuff.
He did. So he sent me a bunch of slogans.
Okay, I've got a great body.
And, you know, at the point in my life,
I loved how I looked.
Great body.
I'm like, yeah, why not?
You got it, flaunt it.
So I took these photos in various poses.
And, you know, when I saw them released,
I didn't have an issue with it.
I took, you know, I printed out these signs
and I held them up in different poses, different bikinis and just sent them to him.
I had no clue that it would have gone past. I mean, I had no idea.
Look, Jack, he said when he finally admitted he was a hacker and that he hacked, I didn't understand what that meant.
When she did learn he was a hacker, she wasn't entirely on board with it. Now, I'm going
to be clear at something. When I found out what he was hacking for, we had a huge fight about it.
Because coming from, I was working as an immigration officer. I had that law enforcement
background. And we had a huge fight over the fact that he released the police officer's names. And
to the point where I'm like, what would you do if you hacked immigration? Would you release my details too? Like, is that,
and we actually, if memory serves me correct, we break up for a few days over it.
So anyway, well, I don't support what he did. I understand why he did it. I don't support the hack.
But she did love him. She loved how intelligent and passionate he was about things that were going on in the world.
So while they disagreed on this one thing, they clicked on pretty much everything else.
Now that she was in Texas with her love, her fiancé, she was happy.
The court case was ongoing at the time.
So I was like, man, we got to get married.
We got to get married.
We don't have time to plan a big wedding or anything like that. Let's go just grab a dress. I'll grab the thing.
We'll find some close friends. We'll grab them and we'll show up and we'll just get married.
And that's what we did. Isn't it weird to arrive in a new country,
marry somebody who's going to just disappear any day?
Oh my God. When I look back at it, I think, what the heck was I doing? In hindsight, it's
crazy. I mean, it is crazy. I tell people now, I met him on the internet. 10 days later, he proposed.
Seven weeks later, I flew here. And six days later, we were married. Eight weeks and one day
from the day we said hello, we were married. And it was like, okay, cool. Now we're married. Eight weeks and one day from the day we said hello, we were married. And it was like, okay, cool. Now we're married. What comes next? And that's about the time when
the sentencing came about. They had a few months time between when he got arrested and when he was
going to be sentenced for his crimes. While he had been lucky in finding love, he wasn't so lucky in
court. For instance, he didn't get lucky with his judge.
Around the same time I got arrested, Anonymous had doxed a Texas judge, right?
That Texas judge ends up being my judge. an understandably upset judge gave Hidge our newlywed 27 months in prison and three years
probation and stuck me in um Elkton eventually in Ohio uh and I was on an FCI so
I was essentially locked up with 95% pedophiles,
which, not a great fuck in two years.
But just a few days before going to prison,
Kylie and Hidge found out they were going to be parents.
Kylie was pregnant.
And so after he goes off to prison, Kylie moves in with Hidge's parents.
And while the two first met on opposite sides of the world,
and they came together physically for a few months,
they're now being forced apart once again.
Kylie spends a lot of time thinking about Hidge now.
And Hidge spends a lot of time thinking about Kylie and his baby.
I'm not going to be there for the birth.
I'm not going to see his first walk. I'm not going to be there for the birth. I'm not going to see his first walk.
I'm not going to be there for the first words.
But you can't, you can't.
There's a saying in prison, you do your time, don't let your time do you.
Kylie was able to come visit him once in prison before she had the baby.
It wasn't easy.
The prison didn't want him to have visitors.
And there was this whole ordeal.
The prison guards finally let them talk through a sort of TV phone system. Even though she was right there at the prison where he was held, it was weird. But she cried the whole
time she was able to talk with him. She goes back to Texas and Hidge's parents help her plan for the
baby. You know how you see those TV, like, you know, that scene in a TV show where somebody looks
like they're in this fog.
It's all foggy and confusing.
I kid you not.
I came home from the hospital with this baby and that's how I felt.
Like, it felt surreal.
What?
What the hell?
I'm in America.
She had a baby boy and they named him Brody.
She wanted Hidge to meet the baby, so she took the baby to prison.
It was surreal.
Here I am, I'm taking this child of his in at seven weeks old that, you know, he'd never seen a couple of photos of.
And, you know, when they're in prison, you can hug and kiss them hello, goodbye, and that's it.
You can't touch, you can't hold hands.
If you do, you know, the prison guards come and yell at you but he was allowed to hold brody so the entire time he just he just
held brody and just you know couldn't stop looking at him i don't know how else to put it but after
you just finally hold your first born child uh the fact that you have to go back inside and some
dude's gonna look at your butthole to see if you have any drugs kind of takes the fun out of the moment. Hidge had to serve two years in prison. Kylie
was a single parent for those two years, which was really hard for her. He kept asking her to
send stuff like books and printouts of articles and stuff like that, which she was happy to do,
but she was exhausted and couldn't keep up. Other anonymous members were helping him out too,
going through her to send him stuff like money and letters. Anons knew that one of their members
had fallen and they wanted to take care of him however they could. In their eyes, he felt
honorably, serving a higher purpose, and their actions showed respect to him. So while he saw
her a couple of times in the first year in prison, and would sometimes see pictures of his son,
was still a long wait ahead of him. And Kylie had serious struggles in America. She often thought
about moving back to Australia for two years, and then coming back when he got out. Because in
Australia, she could get support from her family. She knows the place better. It's her home. But here she's in America,
a place she barely knows, raising a kid to a husband who's in prison.
After two years of prison time, Hidge gets out and he had to go to a halfway home in Texas,
a few hours away from Kylie. So Kylie goes to Austin and meets with his probation officer
to try to figure out when she can see him.
So get up there, move into the apartment.
Again, Anonymous were the ones who got that apartment for us.
I had a job lined up for him.
We had an apartment.
People moved us up there.
They paid up on like, we will be forever indebted to Anonymous
because they made it
happen so here am i brody um in this apartment his probation officer comes to see us like three
days after i moved in and she just come to inspect the house he's like okay the only thing is you
have to cut your internet off until we say that it's okay to be put on like okay not a problem
she said okay so i'm going to go and see him at the halfway house i'm going to tell them he's to until we'd say that it's okay to be put on. Like, okay, not a problem.
She said, okay, so I'm going to go and see him at the halfway house.
I'm going to tell them he's to be released.
You know, he's got a great home to go to.
Even though he was in the halfway home,
it still took them two weeks before they could see each other.
And it's funny, you know, Brody,
he had the most amazing long brown curly hair.
And he looked like a girl. Like, I let it grow so long long but I refused to cut my baby's hair until daddy was there and so I mean poor Brody will look back at
his photos he had these little hair clips looking like a girl and I remember the first time taking
his to the halfway house and we were able to get some scissors and we stood there in the walkway
and cut his hair together that That was just, you know,
it was crazy. Like I'm sitting in a halfway house, borrowing scissors from a prison guard or in a
halfway house guard and cutting Brody's hair for the very first time. And I still have that hair
like a crazy mother. I kept it. Eventually he finished his time in prison and his halfway house
and his probation time. And he was once again, a free man, free to move in with his wife and child.
And even though they had been married for two years,
by the time he got out of prison,
they still had a lot to learn about each other.
And do you feel like you owe your wife still for helping you through all that?
That is a loaded question.
Did she email you right now?
No.
Did she email you right now no did she email you because i can just imagine it as as as you know married and having the kids there's all the stress like dude come
on i got i got your ass you know a job out of dale and i moved here for you come on you gotta
at least get up and get the kid this morning well well and the rule goes right um so if she wants to die tomorrow i owe her two
years of solitude and right that's guaranteed i could die tomorrow and she can marry somebody
immediately afterwards it's easy when you're in the prison and you're in doing the time uh you're
not you're not looking at the at the effort that it takes to keep you afloat. You know what I mean?
Oh, yeah.
You're trying to live in a place you don't want to be.
You got other worries.
I don't know her at all, but I could just see someone playing that card like, hey, you owe me on this.
So much, so many things.
Even like eight years later, they still come up sometimes.
Well, I mean, she's not being addictive i think i think i you know after eight years of marriage or in the last six i think i believe i've you know
done pretty good at returning the favor um but yeah it's very much in the you know i can't play
the pity card right like oh you don't even love me you know what i mean like that doesn't work
it's you know my wife gave up her life uh literally came over here for me. So to say I owe her for two years is an understatement. You know, I owe her for the entire time that she's been over here and the time that she's, you know, given up. And, you know, whether or not that works, I don't know. I'm still living and breathing. She hasn't poisoned me yet.
And she says tonight's tonight. So maybe tonight. And, you know, whether or not that works, I don't know. I'm still living and breathing. She hasn't poisoned me yet.
Tonight's tonight.
She says tonight's tonight, so maybe tonight.
You know, but otherwise, yeah, otherwise all feels good.
And let me tell you, up until about a year ago, that would come up a lot.
I would say to him all the time, I have given up my life.
I have moved to this country.
I have given you everything. When are you going to grow up? When are you going to start being the man I married?
And you know what? It was hard for him. It took him a long time to become back to who he was. I
mean, prison, he had a good in prison, but it still changed. I mean, prison's not fun, you know,
and he was really lost when he got out. And, you know, we we we almost didn't make it on so many occasions and
it would come up all the time I gave up everything for you I gave up everything for you and honestly
about a year ago he just came back to the person that I knew he was um and I stopped saying he you
owe me two years you owe me two years um you, the last year of our marriage has been better than it's ever been.
But we almost didn't make it quite often.
And you know what held us together?
For me, it was I gave up my life.
I gave up my country.
I gave up a great career.
I had just finished building a house, rented it out the month before for an investment property.
Because I sold it so quickly, I ended up making no money. I gave up everything.
I refused to have to be stuck in America, divorced from my husband and trapped here because we would never take either parent away from the kids. And that was the thing. If I was
going to divorce him, I'd be stuck in a country a country that no offense I don't want to be in unless I'm married so it was you know it that was my
motivation his motivation is like you know we've been through so much we love each other the kids
but um you know that for me I was just determined to have not have done it all for nothing obviously
of my kids they're absolutely worth it but on the the other side, so about a year ago, we finally just fell into a very good group. But it took years. We almost
didn't make it, Jack. We almost didn't. Yeah, it was crazy.
So if your kids grow up to become hacktivists, do you have any advice for them? After I finish screaming for like three days straight, I will tell them,
do not do it. Yeah, this stuff can really hurt you in the bad end. But I'm a hacker. I've born
a hacker. I've been a hacker my entire life and I expect my kids to do the same. I do not,
do not at all and will never recommend hacktivism for anyone.
I understand there are points,
there are things that you want to change in this world,
but let me tell you right now, Jack,
nobody remembers that Hidge hacked the cops because cops were being dicks.
And the best I could say is, hey, if you're willing to go out there,
if that's something you want to do, I could tell you right now it sucks
and it's a long, whole lot of suckiness for a long time but
don't stand don't stand for something you're not willing to fall for nobody is ever going to
remember that he hacked them to try and stop them from beating up other people all that they're
going to remember is that he hacked the police we have been for the last eight years to this day
oh my god and please if nothing else please play this part people still after eight years to this day oh my god and please if nothing else please play this part
people still after eight years won't employ him because they are scared he is going to hack them
he is not going to lose his family to hack I don't if my kids ever want to get into hacktivism
if I have to lock them up in a room for 10 years, I will do that because I refuse to let that happen.
We have been homeless.
We have been hungry.
We've had, you know, he's been offered job after job, you know, that he's supposed to start the following week that gets cancelled the Friday before.
You know, offers of $125,000.
Like, Jack, we have been homeless to the point that our pipes froze.
We had holes.
It was horrible.
I will never, ever recommend hacktivism to anyone.
If you want to make a point, if you want to change the world,
then do not put yourself at risk because at the end of the day,
whatever you're trying to rectify is not going to be rectified.
All that's going to end up is that you're going to end in prison,
and prison's the easy part. You've got two that you're going to end in prison and they're not.
Prison's the easy part.
You've got two years in prison, 10 years in prison, whatever.
That's the easy part because for the rest of your life,
you are going to be turned down for employment.
People are going to be scared that you're going to hack and it's going to ruin so many aspects of your life.
And I cannot tell you the struggle, after eight years activism is not worth it
find another outlet find a better way to do something because the only
thing you're going to change is the fact that you will ruin the rest of your life
Hidge and Kylie are still together today after eight years of marriage or six years however you
want to see it and And in that time,
they've had two kids together and despite all the separations and reunions and
struggles are doing pretty good now.
A big thank you to our guests this episode, Hidge and Kylie.
I didn't know I was getting into a love story when I started this, but here it is.
Happily ever after and all that.
The show is created by me, KidVid19, Jack Recider.
This episode was produced by The Resilient, Jake Warga.
Sound design by the fine-tuned Andrew Merriweather.
And editing help from The Sparkling Damien.
Our theme music is by the book writing, Breakmaster Cylinder.
And even though when I show my password to other people, they say it's very strong, I still sometimes get hacked. This is Darknet Dyers.