If you tried to visit Craigslist late Sunday night, you probably had a very weird experience. Instead of arriving at that sultry sea of classifieds, you were probably sent to DigitalGangster.com. Then, you were likely redirected to YouTube, where a very strange animated rap video filled your ears with lyrics about freedom, privacy, and net neutrality.
It’s all so, so weird. Around 8 PM on Sunday, as Craigslist’s Jim Buckmaster explained in a blog post, “The craigslist domain name service (DNS) records maintained at one of our domain registrars were compromised, diverting users to various non-craigslist sites.” Those sites included The New York Times, though it sounds like most users were eventually redirected to the Digital Gangster site — so many that the site eventually crashed — and then to YouTube. DNS records reflect those changes. The registrant name and organisation was also changed to “steven wynhoff [at] LulzClerk.”
The site remains down today, but it’s still redirecting people to a half-finished animation on YouTube, “Introducing Neals.”
The video looks like some sort of protest. There's a prominent mention of "online privacy and neutrality," and lots of stuff about The System and The Man. The animation is actually pretty smooth, though it looks like the animator got bored halfway through and decided to stop filling in the outlines. They're pretty self important, too:
I process the system, the network
Propagating data for hire, a true expert
Corporate interest keep the lights on
Coding up the dirt in Python
Nobody knows exactly who pulled off the Craigslist hack, but all eyes are on YTCracker, the hacker-turned-rapper that made "Introducing Neals." This is an obvious place to look because YTCracker is also the guy behind DigitalGangster.com. The third strike is the timing. Exactly 15 years ago today, a 17-year-old YTCracker broke into NASA's Goddard Flight Center and vandalised it with this (sort of sensible) message:
To the US government and military -- I have warned you about these security flaws. Please secure our military systems to protect us from cyber attack.
At the time, the high schooler told Wired that his intentions weren't malicious. "It seems the only way to get their attention is to show them." Wired's Leander Kahney notes that YTCracker had "done very little to cover his tracks." Now, the hacker-rapper says he doesn't know who pulled off the Craigslist hack. "It's some member of my site being a dingus, he told Slashgear in an interview Monday morning, "and I'm probably going to get blamed for it."
So who did it? Who is this Steven Wynhoff [at] LulzClerk.com? And why did he do it -- if he's even a real human being? We don't know yet. And honestly, the deeper you dig, the more confusing it gets.
Steven Wynhoff does appear to exist. Well, he exists online at least. Or he used to or something. It's all very bizarre. There's an untended Twitter account for @steven_wynhoff that makes a couple of references to hacking and points to another account, @doxuh. That account has now been suspended. Other instances of Steven Wynhoff online are scattered and strange. There's a YouTube account with a single video showing instructions for a fishy-looking Call of Duty. Wynhoff is also mentioned in some Bitcoin forums, where others call him a "sociopath" and accuse him of imitating other hackers. It's all pretty confusing.
Now about that LulzClerk mention. That handle is also taken by a YouTube user who also went by the name Lulz Savaged. The account used to post some decently popular Call of Duty gameplay videos. It hasn't been updated in a year. And again, the associated @LulzClerk Twitter account has also been suspended. At first glance, it would appear that both Wynhoff and LulzClerk are hacker-types who went dark or simply puppet accounts used by other hacker types. Trying to find out more is just a big dumb game of Whack-a-Mole.
This all feels like the LulzSec days, when hackers betrayed them and became an FBI snitch but that's a whole other story.) That string of hacks highlighted just how terrible major corporations and even government agencies like the CIA were at cyber security. In effect, LulzSec was parroting what YTCracker was saying way back in 1999.
In a weird way, this Craigslist hack also feels like a rallying cry. It wasn't even a hack really. The hacker used a technique called DNS hijacking which gives them control over a domain without actually requiring them to hack into the website. In effect, you could hijack CIA.gov to redirect to that silly half-finished rap video, but Craigslist.org gets much, much more traffic. According to Quantcast, it's currently the 29th largest website in the United States.
We may never know the full story behind the massive Craigslist breach. It sounds like YTCracker had something to do with it, even if he simply served as the inspiration. And in a backwards kind of way, the inspiration holds up. Massive websites, including important ones, continue to fail at securing their shit. The hackers will hack, and lulz will be had. Until one day, someone dangerous decides to do something violent, like hack into a public utility control room and shut down a whole city. It won't be very funny then.