The College Student—and His Cat Meme—Who Hunted the World’s Biggest Cyberweapon
A growing network of hacked devices was launching the biggest cyberattacks ever seen on the internet. It had become the most powerful cyberweapon ever assembled, large enough to knock a state or even a small country offline. Investigators didn’t know exactly who had built it—or how.
As they chatted on Discord, a platform favored by videogamers, Brundage was eager to get more information, but he didn’t want to come off as too serious and shut down the conversation. So every now and then he’d send a funny GIF to lighten the mood. Brundage was fluent in the memes, jokes and technical jargon popular with young gamers and hackers who are extremely online.
“It was a bit of just asking over and over again and then like being a bit unserious,” said Brundage.
At one point, he asked for some technical details. He followed up with the cat meme: a six-second clip that showed a hand adjusting a necktie on a fluffy gray cat.
Brundage didn’t expect it to work, but he got the information. “It took me by surprise,” he said.
Eventually the leaker hinted there was a new vulnerability on the internet. Brundage, who is 22, would learn it threatened tens of millions of consumers and as much as a quarter of the world’s corporations. As he unraveled the mystery, he impressed veteran researchers with his findings—including federal law enforcement, which took action against the network two weeks ago.
Chad Seaman, a researcher at Akamai, joked at one point that the internet could go down if Brundage spent too much time on his exams.
Early warning
Three times a year, several hundred of the techies who keep North America’s internet running gather to talk shop. Last June they met at a conference in Denver hosted by the North American Network Operators’ Group.
One major topic was a fast-growing and often legally dubious business known as residential proxy networks. Dozens of companies around the world run such networks, which are made up of consumer devices like phones, computers and video players.
These “res proxy” companies rent out access to internet connections on the devices to customers who want to look like they’re surfing the internet from a genuine home address.
That kind of access is useful for people who want privacy or for companies that want to masquerade as regular people to test out internet features for particular regions or scrape the web for data (say, a shopping price-comparison site). AI companies use the networks to get around blocks on automated traffic so they can gather large amounts of data to train their models.
Then there are the customers who want to hide their identity while engaging in ticket scalping, bank fraud, bomb threats, stalking, child exploitation, hacking or espionage.
Some device owners willingly sign up to be on these networks so they can make a few dollars a month, but most have no idea they’re connected to one.
At the Denver conference, Craig Labovitz was alarmed. The Nokia executive had been tracking the data flows of the internet’s infrastructure for years, and he knew the network’s data centers, chokepoints and design better than most.
Starting in January 2025, Nokia’s sensors had picked up a series of increasingly powerful cyberattacks coming from devices that hadn’t previously been considered dangerous. Called distributed denial of service, or DDoS, attacks, these were massive floods of junk internet data designed to knock websites offline by overwhelming the data pipes that connected them. These attacks are sometimes launched by extortionists or even business rivals seeking to sabotage computer networks.
Nokia saw hundreds of thousands of devices joining in these attacks. One unprecedented attack later in the year on internet service provider Cloudflare was “comparable to the combined populations of the UK, Germany, and Spain all simultaneously typing a website address and then hitting ‘enter’ at the same second,” Cloudflare said.
The network, which would become known as Kimwolf, seemed to be using residential proxy connections to launch its attacks, giving it the potential to do massive damage.
“The basic message was, ‘Be afraid,’” Labovitz remembers.
by Robert McMillan, Wall Street Journal | Read more:
Image: via
[ed. Here's how to protect yourself.]
