From the SEO of the 90’s to generative AI -how its transforming client’s search engine rankings and marketing
April 19, 2024China is using threat actors are ramping up the use of AI to influence and sow division in the US and other countries.
April 19, 2024A LITTLE OVER two years have passed since the online vigilante who would call himself P4x fired the first shot in his own one-man cyberwar. Working alone in his coastal Florida home in late January of 2022, wearing slippers and pajama pants and periodically munching on Takis corn snacks, he spun up a set of custom-built programs on his laptop and a collection of cloud-based servers that intermittently tore offline every publicly visible website in North Korea and would ultimately keep them down for more than a week.
P4x’s real identity, revealed here for the first time, is Alejandro Caceres, a 38-year-old Colombian-American cybersecurity entrepreneur with hacker tattoos on both arms, unruly dark brown hair, a very high tolerance for risk, and a very personal grudge. Like many other US hackers and security researchers, Caceres had been personally targeted by North Korean spies who aimed to steal his intrusion tools. He had detailed that targeting to the FBI but received no real government support. So he decided to take matters into his own hands and to send a message to the regime of Kim Jong Un: Messing with American hackers would have consequences. “It felt like the right thing to do here,” Caceres told WIRED at the time. “If they don’t see we have teeth, it’s just going to keep coming.”
As he sought an outlet to broadcast that message to the Kim regime, Caceres told his story to WIRED while he carried out his attack, providing screen-capture videos and other evidence that he was, in fact, single-handedly disrupting the internet of an entire country in real time. But it was only just before going public that he decided to invent the P4x pseudonym for himself. The handle, pronounced “pax,” was a cheeky allusion to his intention of forcing a kind of peace with North Korea through the threat of his own punitive measures. He hoped that by hiding behind that name, he might evade not just North Korean retaliation but also criminal hacking charges from his own government.
Instead of prosecuting him, however, Caceres was surprised to find, in the wake of his North Korean cyberattacks, the US government was more interested in recruiting him. Caceres would spend much of the next year on a strange journey into the secretive world of America’s state-sponsored hacking agencies. Adopted informally by a Pentagon contractor, he was invited to present his techniques to high-level US defense and intelligence officials. He carried out a long-term hacking project designed to impress his new audience, hitting real foreign targets. And he pitched Department of Defense officials on a mode of US government-sanctioned cyberattacks that, like his solo North Korean takedown, would be far leaner, faster, and arguably more effective than Washington’s slow and risk-averse model of cyberwar.
Caceres’ pitch never got the green light. Now, partly due to his frustration with that experience, he’s finally dropping his pseudonym to send a new message, this one aimed at his fellow Americans: that the US government needs to wield its hacking powers far more aggressively. “Both the NSA and the DOD have a ton of talented hackers, yet when it comes to actually performing disruptive cyber operations, for some reason we as a country are just frozen and scared,” Caceres says. “And that needs to change.”
He points to ransomware actors, mostly based in Russia, who extracted more than a billion dollars of extortion fees from victim companies in 2023 while crippling hospitals and government agencies. North Korea–affiliated hackers, meanwhile, stole another $1 billion in cryptocurrency last year, funneling profits into the coffers of the Kim regime. All of that hacking against the West, he argues, has been carried out with relative impunity. “We sit there while they hack us,” Caceres says.
So Caceres is now arguing that it’s time for the US to try the P4x approach: that a part of the solution to foreign cybersecurity threats is for the American government’s own hackers to show their teeth—and to use them far more often.
Caceres and the Pentagon contractor that partnered with him—whose founder agreed to talk to WIRED on the condition we not name him or his company—spent much of the past two years advocating within the US government for that far-more-brazen approach to state-sponsored cyberattacks. They describe it as a special forces model: single hackers or small teams carrying out nimble, targeted digital disruptions, in contrast to the US’s traditionally slower and more bureaucratic approach to cyberwarfare.
“You can have an impact here, and it can be asymmetrical, and it can occur on a much faster timescale,” summarizes the founder of the hacker startup that worked with Caceres to pitch the Pentagon.
He cites a military principle that each member of a special forces unit should have the effect of 16 conventional soldiers. “With what we and P4x were doing, we wanted to increase that ratio a hundredfold,” he says. “And P4x would teach other operators how to do it.”
P4x Americana
In his public life as a security researcher, Caceres is known as a talented and sometimes brash figure in the hacker community: The second-generation Colombian-American, who used the hacker handle _hyp3ri0n long before he adopted the P4x pseudonym, is the founder of the cybersecurity company Hyperion Gray and a frequent speaker at events like the Defcon hacker conference, where he has shared methods for lone hackers to amplify their reach and effects through cloud services and high-performance computing clusters. He’s also the creator of a somewhat controversial vulnerability scanning tool called PunkSpider, which he announced at Defcon in 2021 that he intended to use to scan every website in the world and publicly reveal all of their hackable vulnerabilities.
From the beginning of his hacker career, Caceres has never been one to shy away from the most aggressive applications of the digital dark arts. His first job out of college, while he pursued a graduate degree in international science and technology policy, was working for a subsidiary of the notorious military contractor formerly known as Blackwater, doing open-source intelligence investigations for corporate security and executive protection—what he describes as a “Google sweatshop.” Within a few years, however, Caceres and his firm Hyperion Gray were getting grants from the Pentagon’s Defense Advanced Research Projects Agency, using his growing prowess in cloud and high-performance computing to scan the dark web as part of Darpa’s Memex program devoted to advancing search technologies for national security applications.
In that dark-web scouring, Caceres says, he regularly came upon child sexual abuse materials forums and even violent extremist content. He admits that he didn’t hesitate to hack some of those sites, pulling data off their backend servers and anonymously handing it to contacts at the Department of Homeland Security. “That probably wasn’t 100 percent legal,” he says, “but I didn’t necessarily give a fuck.”
Even his company’s name, Hyperion Gray, reflected Caceres’ sense of the murky territory in which he traveled: It combined his _hyp3ri0n hacker handle, the name of a Titan from Greek mythology, with a shade in the middle of the spectrum between ideas of whitehat and blackhat hacking.
So when North Korean hackers chose Caceres as one of their targets in 2021, it was inevitable that he wouldn’t let that slight go unanswered. In January of that year, a fellow hacker whom Caceres didn’t know approached him online through a friend and asked if he’d take a look at what appeared to be an interesting software exploitation program, offering it to Caceres to download. A day or so later, Caceres read a blog post from Google’s Threat Analysis Group warning that North Korean hackers were going after US security researchers in what appeared to be an effort to steal their hacking tools and intel. Sure enough, when Caceres checked the file he’d downloaded and run on his own computer, he saw that it included a backdoor—only the fact that he’d quarantined the program on his machine had protected him from being fully compromised.
North Korean watchers soon began to notice that the Hermit Kingdom’s entire web, from its government portal to its state-run airline booking site, had been knocked offline for days on end by an apparent cyberattack. News outlets published stories that pointed to the country’s recent missile tests, implying that the attack was perhaps the work of another country’s cyber forces—one news site suggested the US or possibly China—to signal to North Korea that it should stop threatening its neighbors. In reality, it was all the work of one aggrieved Florida man in his pajamas.
A Cyber Army of One
The US government may have had nothing to do with North Korea’s man-made internet outage, but it quietly took an interest in it. In the weeks after WIRED published its story about P4x’s solo hacking feat, Caceres began to receive messages from hacker friends with connections to the Pentagon and intelligence agencies—sent not to P4x but to Caceres’ own true-name accounts. Several agencies, he was told, were intrigued by his work and interested in talking to him.
For those in the know, identifying Caceres had been worryingly easy: He had given away hints in posts to his Twitter account about his North Korean targeting prior to his decision to hide it behind the P4x pseudonym. After P4x’s public statements on the cyberattack, one fellow hacker had even posted screenshots of Caceres’ now-deleted tweets, though without spelling out what exactly they revealed.
One friend had discussed Caceres’ work with a high-ranking military official and told Caceres there was someone the official now wanted Caceres to talk to: a longtime military intelligence contractor who had done contract work for the Joint Special Operations Command, which oversees groups like the Army’s Delta Force and the Navy’s Seal Team Six. WIRED agreed to call him Angus, though that isn’t his real name.
A few weeks after his North Korea attack, Caceres met Angus in the offices of Angus’ Pentagon-funded hacker startup. Angus began by warning Caceres that he was potentially in danger of reprisal from the North Korean state and that he should be wary of the possibility of a physical attack that might be made to look like a mugging, or of someone tampering with his prescription medications. “Before that, I was nervous,” Caceres says. “After that, I was shit-scared.” Angus suggested the hacker ought to arm himself. (Caceres, not one for half measures, later bought three guns and multiple bulletproof vests.)
Angus quizzed Caceres about his past hacking activities, his allegiance to other governments—he said he didn’t have any—and his politics. He specifically asked Caceres if he was a Marxist. Caceres confirmed he was not. With that brief vetting out of the way, they went out for drinks and talked late into that night about what a P4x-style US special forces hacker team might look like and what sort of work they might do together to demonstrate that model to the Department of Defense.
Soon after, Angus convened a meeting of military and intelligence staff at his startup’s office, where they listened to a presentation from Caceres. Standing before an audience of officials from Cyber Command, Special Operations Command, the NSA, and the Marines’ Cyberspace Command known as Marforcyber, he detailed his North Korean hacking project as a case study and laid out principles for how it could be replicated: Aim for “easy and impactful.” Minimize the number of “cooks in the kitchen.” Iterate rapidly. He laid out a timeline for operations that suggested assembling teams of two to four hackers, with support from researchers and analysts, and taking just a few days to plan an operation.
“For the US government, any execution on target is typically a six-month process. P4x did it in two weeks,” says Angus. “The whole point was that he can show them how to do it, and if they wanted to they could fund it and see it happen.”
The response to the presentation was positive, if somewhat cynical, according to Angus. “Most of them put their faces in their palms when they realized what he’d done and how he did it, and the only thing that stopped them from doing it was bureaucracy,” he says. Caceres remembers that one audience member responded with a joke: that Caceres forgot the step where he presents a 100-slide PowerPoint deck to someone who doesn’t understand what he’s talking about and then denies him authorization.