Unmasked: The Vigilante Hacker Who Shut Down North Korea’s Internet

A Hacker’s Personal Vendetta Against North Korea

In January 2022, Alejandro Caceres, a 38-year-old Colombian-American cybersecurity entrepreneur, launched a one-man cyberwar against North Korea. Working from his Florida home, Caceres used custom-built programs and cloud-based servers to intermittently disrupt the country’s internet for over a week. Adopting the pseudonym “P4x,” Caceres sought to send a message to the Kim Jong Un regime that targeting American hackers would have consequences.

Targeted by North Korean Spies

Caceres’ motivation stemmed from being personally targeted by North Korean spies who aimed to steal his intrusion tools. Despite reporting the incident to the FBI, he received little support, prompting him to take matters into his own hands. By hiding behind the “P4x” pseudonym, Caceres hoped to evade both North Korean retaliation and potential criminal charges from the US government.

Unexpected Recruitment

Instead of facing prosecution, Caceres was surprised to find that the US government was more interested in recruiting him following his North Korean cyberattacks. He spent the next year immersed in the secretive world of America’s state-sponsored hacking agencies, presenting his techniques to high-level officials and carrying out hacking projects to impress his new audience.

Caceres worried after his attack on North Korea that the US government might prosecute him. Instead, he was surprised to find that it was more interested in recruiting him.

Advocating for Aggressive Cyberwarfare

Frustrated with the US government’s slow and risk-averse approach to cyberwarfare, Caceres is now dropping his pseudonym to send a new message to his fellow Americans. He believes that the US needs to wield its hacking powers more aggressively, particularly against ransomware actors who have targeted critical infrastructure and caused significant damage.

A Hacker’s Unconventional Path

Caceres’ hacker career has been marked by a willingness to engage in aggressive applications of his skills. From working for a Blackwater subsidiary to receiving grants from the Defense Advanced Research Projects Agency (DARPA), Caceres has operated in the murky territory between whitehat and blackhat hacking. His startup, Hyperion Gray, even reflects this ambiguity in its name, combining his hacker handle with a shade in the middle of the hacking spectrum.

Taking Matters into His Own Hands

When North Korean hackers targeted Caceres in 2021, he reported the incident to the FBI but received little follow-up. After nursing his grudge for a year, Caceres decided to retaliate, launching a solo cyberattack that knocked North Korea’s entire web offline for days. News outlets initially speculated that the attack was the work of another country’s cyber forces, unaware that it was orchestrated by a single individual in Florida.

The US Government Takes Notice

Although the US government had no involvement in Caceres’ attack on North Korea, it quietly took an interest in his work. In the weeks following the publication of his story, Caceres began receiving messages from hacker friends connected to the Pentagon and intelligence agencies, indicating that several agencies were intrigued by his techniques and wanted to discuss them further.

Rethinking Cyber Warfare: The P4x Model and Its Implications

A Fateful Meeting

Through a mutual acquaintance, Caceres found himself face-to-face with Angus, a seasoned military intelligence contractor. Angus cautioned Caceres about potential retaliation from North Korea, urging him to be vigilant against physical attacks disguised as muggings or tampering with his medications. Unnerved by the warning, Caceres took drastic measures, arming himself with firearms and bulletproof vests.

During their meeting, Angus probed Caceres’ hacking history, political affiliations, and ideological leanings. Satisfied with his responses, they delved into discussions about the potential for a US special forces hacker team and how they could collaborate to showcase this concept to the Department of Defense.

Pitching the Concept

Caceres found himself standing before an audience of high-ranking officials from various military and intelligence agencies, presenting his North Korean hacking project as a case study. He outlined key principles for replicating his success: prioritize simplicity and impact, minimize bureaucracy, and iterate quickly. His proposed timeline suggested assembling small teams of hackers, supported by researchers and analysts, with operations planned and executed within days.

The audience’s response was a mix of admiration and cynicism. As Angus put it, “Most of them put their faces in their palms when they realized what he’d done and how he did it, and the only thing that stopped them from doing it was bureaucracy.” One attendee even joked that Caceres had omitted the step involving a lengthy, incomprehensible PowerPoint presentation followed by a denial of authorization.

Demonstrating Capabilities

As Angus sought funding for their project, Caceres took matters into his own hands. Alongside fellow hacker tu3sday, he embarked on an extensive intrusion campaign against another foreign adversary, showcasing the potential havoc a small team could wreak. While they conducted much of their hacking from the offices of Angus’ startup, Caceres maintains that the work was never officially sanctioned by the company or the Pentagon.

Despite initial enthusiasm, Angus encountered roadblocks in securing official support for their experiment. He attributes this resistance to a combination of risk aversion and bureaucratic inertia within the Department of Defense. Frustrated by the lack of progress, Caceres eventually abandoned his visits to the startup.

Reimagining Cyber Deterrence

Undeterred by the setbacks, Caceres continues to advocate for the concept of American “special forces” hackers. He envisions small teams targeting ransomware gangs, recovering stolen cryptocurrency, and disrupting adversarial nations’ internet access as a form of deterrence. Caceres even suggests that civilian infrastructure should be considered fair game, likening such attacks to trade embargoes or sanctions.

“Exactly as we’re withholding certain goods and businesses from Russia right now,” Caceres says, “we could be withholding the internet.”

However, critics argue that indiscriminate attacks on civilians could be considered war crimes and invite retaliation from other countries. Jacquelyn Schneider, a cyber conflict researcher at Stanford’s Hoover Institution, points out that the US government’s cautious approach to cyberattacks stems from a desire to avoid unintended civilian casualties, violating international law, or triggering dangerous blowback.

Nevertheless, Schneider acknowledges that Caceres and Angus raise valid points about the US underutilizing its cyber capabilities, with bureaucracy being a significant factor. As she puts it, “There are good reasons, and then there are bad reasons.”

On his right arm, Caceres has tattoos of his pre-P4x hacker handles. On his left, he has a cryptographic hash—a long string of numbers and letters—that encodes a word. He invites WIRED readers to try to crack it.

The Cybersecurity Dilemma: Balancing Offense and Defense in the Digital Age

Critiquing America’s Cyber Strategy

“Like, we have complicated organizational politics, we don’t know how to do things differently, we’re bad at using this type of talent, we’ve been doing it this way for 50 years, and it worked well for dropping bombs.”

In recent years, the United States’ offensive hacking capabilities have seemingly become less aggressive and adaptable. Despite the “defend forward” strategy advocated by General Paul Nakasone in 2018, which aimed to confront cyber threats on enemy networks, U.S. military hackers appear to have taken a more subdued approach. Increasingly, the responsibility for responding to foreign hackers has fallen to law enforcement agencies like the FBI, which face greater legal limitations.

The Subversive Trilemma and Targeted Aggression

While some criticize this conservative stance, others argue that it aligns with the Subversive Trilemma, a concept introduced by researcher Lennart Maschmeyer. According to this idea, hacking operations must prioritize among intensity, speed, and control. The U.S. Cyber Command has historically emphasized control over the other variables. However, certain targets, such as ransomware gangs or hackers associated with Russia’s GRU military intelligence agency, may warrant a more aggressive approach. As Jason Healey, a former senior cybersecurity strategist at the U.S. Cybersecurity and Infrastructure Security Agency, puts it, “For those targets, you really can release the hounds.”

The Case for Action and the Ongoing Threat

Caceres, the former P4x hacker, argues that while he supports a conservative approach to limiting damage and protecting civilians, he believes that action is necessary. He points to the escalating attacks carried out by foreign hackers, such as the AlphV ransomware group’s targeting of medical claim platforms in February, which disrupted services for hundreds of providers and hospitals. “That escalation is already happening,” Caceres asserts. “We’re not doing anything, and they’re still escalating.”

The Future of Cyber Warfare: P4x’s Doctrine Lives On

Although Caceres has revealed his real identity in an attempt to engage the U.S. government in a conversation about adopting a more aggressive approach to cyber warfare, he remains committed to his cause. He states that by working independently or with a small group of trusted individuals, he can move more quickly and “fuck shit up for the people who deserve it” without the need for official approval. While the P4x handle may be retired, the P4x doctrine of cyber warfare persists.