Skip to content
Naked Security Naked Security

So long! ‘The internet’s most inept criminal’ goes to jail

The FBI took six months to track him down - what they found was a disturbed hacker with "no skills".

Who is this guy?
Somebody with an enthusiasm for child abuse images, who cheers “moar CP = fun” when a porn site called “Girls Hub” comes back online?
…or somebody who goes on a distributed denial of service attack (DDoS) spree against Tor hidden services sites that host such images? …including the “moar fun!” Girls Hub?


…or, maybe, all of the above? As in, somebody whose main goal is to shock people and get the most attention possible – including by filming himself as he chugged pills in a staged suicide attempt – all in a socially inept way to fit in, somehow, somewhere, anywhere, be it in gaming chat rooms or with Anonymous hacktivists?
The answer is irrelevant, except perhaps to mental health professionals and prison staff, given that the 23-year-old Randall Charles Tucker – who hid behind online names including “Bitcoin Baron” and “DevilZ” to DDoS a grocery list of sites and to allegedly deface a children’s hospital website with child abuse imagery – has been legally DDoSed himself.
The Department of Justice (DOJ) announced on Tuesday that Tucker is looking at 20 months in jail and has been ordered to pay restitution in the amount of $69,331.56 to the victims of his cyberattacks.

Tucker pleaded guilty on 17 April 2017 to one count of intentional damage to a protected computer; namely, the website of the city of Madison, Wisconsin. A 2016 indictment charged him with three counts of intentional damage to a protected computer and one count of threatening damage to a protected computer.
That first protected computer was the server of News2Share, a user-generated video-based news portal. It all started on 8 October 2014, when Tucker launched a DDoS against News2Share.
Using aliases such as “Key Last” and “ZeusAres,” Tucker sent an email from “settheworldfree999@gmail.com” to News2Share managing editor Ford Fischer, asking for his video submission to be posted on the website.
The video was an attempt to imitate an Anonymous hacktivist demand, with the same monotone robot voice pretentiously telling people that “We Are Anonymous, Expect Us”. But the production quality was, well, embarrassing: instead of video footage, the voice simply played over a still image, for example.
In fact, the amateurish production quality of this first video would set the tone for Tucker’s cybercrime career – a career that earned him the moniker “the internet’s most inept criminal.”
Bitcoin Baron’s email came on the same day that News2Share published a video sent by Anonymous’s #OpHongKong that scored big in hits. After the post blew up to 300,000 views, garnering worldwide attention, Tucker must have wanted some of that glory: he sent his request to News2Share on the same day.
Fischer ignored the email – or, perhaps, he didn’t even notice it. So three hours later, Tucker followed up with a threat.
The Observer quoted Fischer in 2015:

Presumably, his feeling was, ‘If these guys put up my video, it will magically become viral as well.’ But that’s not obviously going to be the case if it’s sh*t.

The internet’s most inept criminal DDoSed the site when it didn’t immediately comply with his demand. Ultimately, after another DDoS attack, News2Share posted Bitcoin Baron’s video. It got less than 500 hits.
Tucker kept threatening News2Share for a week. Then, he moved to other targets as his colorful and crapalicious career proceeded apace. Here’s a list of his crimes, from News2Share and the DOJ’s announcement:

  • He demanded 100 bitcoins from the city of Moore, Oklahoma, to demand justice for a man who died in police custody… as if lining his own pocket could somehow make up for a man’s death.
  • He took down a number of IRC chat rooms for other hacktivists and gaming groups.
  • He allegedly attacked and defaced the website of Shriners Hospitals for Children with child abuse images. Tucker was never charged for that one, though he did brag about it online.
  • He took down a municipal site in Texas, demanding that a local police officer be put in jail. The officer had already been jailed one year prior to his threat.
  • He downed a number of Tor hidden services sites that hosted child abuse imagery.
  • He disabled the website for Madison. The attack crippled the city’s internet-connected emergency communication system, causing delays and outages in the ability of emergency responders to connect to the 911 center. The attack also degraded the system used to automatically dispatch the closest unit to a medical, fire, or other emergency. He boasted about that one on social media, too.

On Christmas Day, 2014, Fischer heard again from Tucker, who was calling himself Bitcoin Baron at that point.
But this time, Fischer didn’t respond. Instead, he called the FBI and Arizona Department of Public Safety (ADPS) detective Travis Meadows. Bitcoin Baron spent the next few months opening accounts on Facebook and YouTube so as to brag about the companies and governments he’d damaged, including Sea World, Madison, and the children’s hospital. His Twitter account is, actually, still active.
According to ADPS and the FBI, the investigation wrapped up thanks to a public tweet that identified Bitcoin Baron as Randy Tucker …and which said that he had “no skill.”
As described by the Observer – the publication that dubbed Tucker “the internet’s most inept criminal” in the first place – the Bitcoin Baron had about as much knowledge of how to use encryption and Tor as you could get during “an afternoon from a handful of tutorials on YouTube.”

Mr. Fischer suspects that the tools he used to take down various websites were all of the plug-and-play variety. All he needed to perform the DDoS was to find a tool, plug in a URL, and watch the site go down.
Really, there isn’t a worthwhile skill or capability in Bitcoin Baron’s tool belt. The tool he used to make his videos is Camtasia, a laughably rudimentary video capture tool. His videos, which are mostly just still images with audio, instead of being a single image frame seem to be a rolling screen recording of a still image on his desktop – in one previously public video, you can actually see the mouse moving across the screen.

Unfortunately, you don’t have to be a mastermind to cause a lot of hurt, thanks to those plug-and-play cyber weapons. Put them at the fingertips of an unstable, flailing young man, and the “inept” part of the description fades to irrelevance.
All you’ve got left after that is fury unleashed on a shifting kaleidoscope of targets that forms no coherent picture at all.


5 Comments

So… why only 20 months in prison?? :\
I know my view is over simplistic but the guy sounds like a complete nut case.

There’s always a reason why someone’s targets were attacked, regardless of method or arena. That reason is always internally consistent. Lisa touched on this in her (very good) article, but I’m still interested to see how this guy moved from hacktivism to knocking over emergency responder systems.
I feel like there’s probably someone out there in the hacktivist community that tried to reach him and help, slipped up, and cost their employer. Wild guess, but i hate not having a plausible explanation for things.

The way it reads this guy was never a hacktivist to begin with. Just a guy seeking attention, using some hacking tools to get it any way he could think of.

If he was never charged with posting child porn in the hospital site, I dont think it should be attributed to him, chances are that he wasnt charged is because no evidence exists linking him to that.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?