Skip to main content
Advertisement
Advertisement
Nominations can be submitted for the 2025 CyberScoop 50 awards!
Click here!
Close
Uncategorized
Aubrey Cottle allegedly gained access to the Texas GOP’s website through a breach of its hosting provider.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
A Texas delegate holds up a sign as US Representative from Texas Monica De La Cruz speaks during the third day of the 2024 Republican National Convention at the Fiserv Forum in Milwaukee, Wisconsin, on July 17, 2024. Days after he survived an assassination attempt Donald Trump won formal nomination as the Republican presidential candidate and picked Ohio US Senator J.D. Vance for running mate. (Photo by Patrick T. Fallon / AFP) (Photo by PATRICK T. FALLON/AFP via Getty Images)
The Department of Justice unsealed charges against Canadian citizen Aubrey Cottle, a hacker who goes by the handle “Kirtaner,” for a 2021 incident that resulted in the defacement of the Texas Republican Party’s website.
Prosecutors have charged Cottle, an early member of the hacktivist group Anonymous, for the defacement, as well as downloading contents from an Apache backup web server owned by the Texas GOP that contained personal information. That information was later released publicly via BitTorrent as a 180-gigabyte file of stolen data.
In September 2021, the official website of the Republican Party of Texas was defaced, with the front page replaced with text like “JET FUEL DOESN’T MELT STEEL” (a reference to a decades-old 9/11-related conspiracy theory), “BUSH LIED, PEOPLE DIED” and “Trans demon hackers are coming to get you.”
According to a redacted complaint, the bureau identified one IP address that downloaded 100% of the stolen data over BitTorrent, a Bell Canada customer who was identified as Cottle.
Advertisement
Cottle allegedly gained access to the Texas GOP’s website through a breach of its hosting provider, Epik, and investigators appear to have relied on Cottle’s bragging on social media to prove his involvement in the hack and gather additional evidence.
Specifically, a TikTok user named “kirtaner” posted videos with “an individual believed by the FBI to be Cottle based on his appearance and screen name” taking credit for the hack against Epik.
The FBI used those videos to subpoena records from a Discord channel Cottle had created in 2005. In September 2021, he allegedly posted on that channel “OH I GAVE THE CHILDREN THE SQLI EXPLOIT VULN GAB CODE ALREADY,” later adding “when it hits you’ll never see it attributed to me but… epik hosting’s f—ed.”
Cottle was charged with identity theft. He faces a maximum sentence of five years in prison.
A request for comment sent to the Texas Republican Party and Epik were not immediately returned.
Advertisement
A search warrant issued for Cottle’s home by the Ontario Provincial Police resulted in the seizure of 20 terabytes of data, including emails sent by one his accounts in February 2021 claiming to have root access to Epik’s network along with its virtual machines, web domains and customer data. The email told the unknown sender to “delete this message after reading.” Another screenshot details an email sent by the same account on Sept. 9, 2021 with the subject line “oops I control the Texas GOP.”
A solid-state drive seized from Cottle’s home contained a file folder titled “EpikFailYouLostTheGame” that contained personal data, including from the Texas GOP website.
In January 2022, seemingly aware that law enforcement was on his trail, Cottle posted in the same channel to address the “fbi agents reading my discord logs,” defending the hack as an act of political activism against far-right extremism.
In September 2022, Cottle, who has a history of taking public credit for hacks, told CyberScoop that Ontario police raided his home on Aug. 30 and “took all my equipment (multiple pcs, storage devices, phones, servers, NAS) and bagged my guy fawkes mask as evidence.”
Epik, he said, was “known for providing services to websites that host far-right, neoNazi, and other extremist content” and claimed the stolen data “has allowed researchers and journalists to discover links between far-right websites, groups, and individuals.”
Derek B. Johnson
Written by Derek B. Johnson
Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.
Advertisement
Advertisement
Advertisement
More Scoops
Latest Podcasts
Government
Technology
Advertisement
Continue to CyberScoop