Caught in the Web
Bloomberg Businessweek|December 23, 2019
The hacker who brought down Liberia’s internet wasn’t a Russian or Chinese agent. He was a capitalist
By Kit Chellel. Ilustrations by Viktor Hachmang

The attack against Liberia began in October 2016. More than a half-million security cameras around the world tried to connect to a handful of servers used by Lonestar Cell MTN, a local mobile phone operator, and Lonestar’s network was overwhelmed. Internet access for its 1.5 million customers slowed to a crawl, then stopped.

The technical term for this sort of assault is distributed denial of service, or DDoS. Crude but effective, a DDoS attack uses an army of commandeered machines, called a botnet, to simultaneously connect to a single point online. This botnet, though, was the biggest ever witnessed anywhere, let alone in Liberia, one of the poorest countries in Africa. The result was similar to what would happen if 500,000 extra cars joined the New Jersey Turnpike one morning at rush hour. While most DDoS attacks last only moments, the assault on Lonestar dragged on for days. And since Liberia has had virtually no landlines since the brutal civil war that ended in 2003, that meant half the country was cut off from bank transactions, farmers couldn’t check crop prices, and students couldn’t Google anything. In the capital of Monrovia, the largest hospital went offline for about a week. Infectious disease specialists dealing with the aftermath of a deadly Ebola outbreak lost contact with international health agencies.

Eugene Nagbe, Liberia’s minister for information, was in Paris on business when the crisis began. He struggled to marshal a response, unable to access his email or a reliable phone connection. Then his bank card stopped working. On Nov. 8, with hundreds of thousands of people still disconnected, Nagbe went on French radio to appeal for help. “The scale of the attack tells us that this is a matter of grave concern, not just to Liberia but to the global community that is connected to the internet,” he said. The onslaught continued. No one seemed to know why, but there was speculation that the hack was a test run for something bigger, perhaps even an act of war.

Then, on Nov. 27, Deutsche Telekom AG in Germany started getting tens of thousands of calls from its customers angry that their internet service was down. At a water treatment plant in Cologne, workers noticed the computer system was offline and had to send a technician to check each pump by hand. Deutsche Telekom discovered that a gigantic botnet, the same one targeting Liberia, was affecting its routers. The company devised and circulated a software fix within days, but the boldness and scale of the incident convinced at least one security researcher that Russia or China was to blame.

When the botnet took down the websites of two British banks, the U.K. National Crime Agency got involved, as did Germany’s BKA, with support from the U.S. Federal Bureau of Investigation. German police identified a username, which led to an email address, which led to a Skype account, which led to a Facebook page, which belonged to one Daniel Kaye, a lanky, pale, 29-year-old British citizen who’d been raised in Israel and described himself as a freelance security researcher.

When Kaye checked in for a flight to Cyprus at London’s Luton Airport on the morning of Feb. 22, 2017, he triggered a silent alarm linked to a European arrest warrant in his name. He was in line at the gate when the cops arrived. “That’s him!” an officer said, and Kaye felt hands grab him roughly under the arms. He was taken to a secure room, where officers searched him and found $10,000 in a neat stack of $100 bills. Afterward they drove him to a nearby police station and locked him up. That was until Kaye, a severe diabetic, began nodding in and out of consciousness, then collapsed in his cell. He was rushed to a nearby hospital, where two police officers stood guard outside his room just in case their prisoner managed to overcome his hypoglycemic coma and escape.

But Kaye was no Kremlin spy or criminal mastermind, according to court filings, police reports, and interviews with law enforcement, government officials, Kaye’s associates, and Kaye himself. He was just a mercenary, and a frail one at that.

Growing up, Kaye showed few signs that he would one day be one of the world’s most wanted hackers. Born in London, he moved to Israel with his mother at age 6, when his parents divorced. In the suburbs outside Tel Aviv, he learned Hebrew, played basketball, and collected soccer cards. A diabetes diagnosis at age 14 limited his social life, but by then Kaye had found a much bigger world to explore online.

He taught himself to code, devouring all the training material he could find, and became a regular on the web forums where young Israelis gathered to boast about their hacking exploits. His alias was “spy[d]ir,” according to Rotem Kerner, an online friend from those days. They were “just kids curious about technology and how you can bend it,” Kerner says.

In 2002 a forum user called spy[d]ir posted a screenshot of an Egyptian engineering firm’s website, defaced with the message: “Hacked By spy[D]ir! LOL This Was too Easy.” Over the next four years websites throughout the Middle East got similar treatment. The homepage of a Beirut karaoke bar was tagged with a Star of David. When an Iranian leather retailer was hit, spy[d]ir shared credit with a group called IHFB: Israeli Hackers Fight Back. Kaye, a teenager at the time, denies he was spy[d]ir. But he admits he used online aliases including Peter Parker, spdr, and spdrman, all references to another unassuming young man with hidden gifts.

By that time, Kaye says, he’d graduated from high school and decided to forgo university in favor of freelance programming. He was smart but easily bored, and the internet seemed to offer unlimited challenges and possibilities. Yet translating his love of puzzles and pwnage into paying gigs soon took him into sketchier territory.

Generally speaking, hackers fall into one of a couple of varieties. Black-hat hackers are spies, crooks, and anarchists. White hats hack legally, often to test and improve a client’s defenses. And then there are gray hats, who aren’t chaos agents like the black hats but don’t follow the white hats’ strict ethical codes, either. “A gray hat is just told, ‘Get the job done, and you get paid,’ ” says Theresa Payton, a former White House chief information officer who now runs Fortalice Solutions LLC, a cybersecurity consulting firm. “They don’t have a rule book.”

Kaye inhabited this quasi-legal world, working for private clients who heard about him through hacking forums or word-of-mouth. He also applied for straight jobs, but his demeanor put employers off. While he was thoughtful and soft-spoken, there was a “black cloud around him,” says Avi Weissman, founder of an Israeli cybersecurity school, who considered working with him. Kaye was awkward in person, with a pronounced squint and a way of answering questions that made it seem like he was hiding something.

In about 2011, Kaye was a finalist for a job at RSA Security LLC, a large American cyberdefense company with offices in Israel, but was rejected because of unspecified human resources concerns. Kaye told himself it was for the best. Corporate life didn’t appeal to him. Now in his 20s, he relished his freedom, working through the night when he needed to and hanging out with his friends in bars when he didn’t.

His adventures in the online underworld carried risks. In 2012, Israeli police questioned him in connection with an investigation of a gray-hat acquaintance. Kaye was released without charge. That year he decided to move to London. He’d just proposed to his girlfriend, a former university administrator who moved to Israel to be with him. She wanted to pursue her career in the U.K., and he wanted a fresh start.

Anthony Zboralski, a hacker-turned-entrepreneur, met Kaye at a West London party in 2014 and recalls sensing his frustration and bitterness. Kaye had rare and valuable skills, yet no upstanding company would employ a hacker with his background. Zboralski says he tried to find Kaye legitimate work, without success.

A few months later, Kaye heard from a friend back home about a businessman offering freelance work to people in the Israeli hacking scene. The friend connected them, and the man, whose name was Avi, called to say he was looking for help with cybersecurity. His business was based in Liberia.

In February 2012 a dozen young women in heels tottered up the steps of an office building in Monrovia, wearing fixed smiles and colorful sashes bearing the names of their home counties. They were contestants in the Miss Liberia beauty pageant and had been invited to the headquarters of Cellcom Liberia, the event’s sponsor and the country’s second-largest telecommunications company. Inside, Avishai “Avi” Marziano, Cellcom’s chief executive officer, took the microphone. An Israeli with gelled black hair, Marziano was dynamic and had a gift for flashy promotions. “We are all about Liberia,” he said.

Cellcom was owned by a group of adventurous American and Israeli businessmen led by Yoram Cohen, a Miami-based former attorney with shipping interests in the region, and LR Group, an African investment firm run by former Israeli Air Force pilots. Cellcom had grown rapidly since its 2004 creation, its red-and-white logo plastered across shantytowns and marketplaces around the country. Marziano, a trained engineer, seemed to enjoy the attention. After presenting each Miss Liberia hopeful with a new phone and SIM cards loaded with credit, he grinned for the cameras and signed offwith his company’s slogan: “With Cellcom, you are always No. 1.”

Continue reading your story on the app

Continue reading your story in the magazine

MORE STORIES FROM BLOOMBERG BUSINESSWEEKView All

Young U.S. Jews Shift on Israel

Millennial and Gen Z progressives question American support of Israeli policies, a point of tension for the Democratic Party

4 mins read
Bloomberg Businessweek
June 14, 2021

Fever Pitch

A British tonic maker aims to conquer the U.S. with its premium mixers

4 mins read
Bloomberg Businessweek
June 14, 2021

Welcome to the Trump Coast

The former president’s strategic retreat to Mar-a-Lago has helped turn Florida into a new home base for Republicans

10+ mins read
Bloomberg Businessweek
June 14, 2021

THE SEDITION HUNTERS

Amateur sleuths pore over photos and videos online to ID Capitol rioters

6 mins read
Bloomberg Businessweek
June 14, 2021

The FOMO Economy

From AMC to Dogecoin to houses, buying seems driven as much by anxiety as by hope

7 mins read
Bloomberg Businessweek
June 14, 2021

KING OF CARDS

Sports trading cards are having a moment. And no one promotes the industry like Ken Goldin

10+ mins read
Bloomberg Businessweek
June 14, 2021

Pay Attention to the Man Behind the Curtain

Vladimir Putin’s tolerance for criminal hackers will be on the agenda when he meets with President Biden on June 16

4 mins read
Bloomberg Businessweek
June 14, 2021

It's TEQUILA O'CLOCK In NYC

Jimmy Buffett’s Margaritaville is a hit song, a chill state of mind, a billion-dollar marketing empire, and the new best worst attraction in Times Square

10+ mins read
Bloomberg Businessweek
June 14, 2021

Is Streaming the Limit for Sky?

As its content providers start online services, the broadcaster pivots to create its own shows

5 mins read
Bloomberg Businessweek
June 14, 2021

China's Dangerous Diplomacy

Why the Wolf Warriors won’t change course

6 mins read
Bloomberg Businessweek
June 14, 2021