Cold Open
Robert! Get your ass down here!!!
It was 5:30 p.m. on Tuesday, November 27, 2001.
Robert Junior, 17, rolled his eyes. He was in the middle of installing a software update on his main rig, an HP Pavilion computer with a Pentium III processor, which could run Mandrake, aka Linux 8.1, as well as Window’s 2000.
It would have to wait. He pushed away from the L-shaped desk that took up a corner of his bedroom and gingerly stepped his way to the door.
Robert’s bedroom was a rabbit’s warren cluttered with equipment. In addition to the Pavilion, there was:
-a bootleg motherboard he purchased on eBay for $20, which ran on an AMD K6-2333 megahertz processor, and used a version 4.3 of the FreeBSD Operating system.
-a Silicon Graphics Indigo 2 running Irix version 6.3
-a Sun Microsystems Sun Sparc computer running SunOS 4.1 Unix operating system version 4.1, plus a Sun Sparc 2 running the same thing.
-and an AMD Thunderbird computer running Windows 98 and connected to a 17-inch monitor—Robert used that one to play games.
There was also a “junk pile” that included an old PacBell 9000 and an HP Vectra that had been running Corel Linux until it stopped working.
All in all, the 17-year-old had nine computers, eight operating systems, four monitors, and one printer. There was barely enough room for a bed.
Robert! I said get down here!
Mom sounded pissed. This wasn’t new. She often complained about his 12-hour stints inside his dimly lit bedroom, surrounded by the computers she knew little about.
He opened the bedroom door and headed down the stairs. He expected yet another lecture. Instead, he found his mother along with two middle-aged men in business suits and overcoats.
The older one stepped forward.
Robert? We’re with the National Infrastructure Protection Center. We’ve got a few questions.
They’re FBI, Robert, his mother cut in. What the hell have you gotten yourself into?
Ma’am, your son’s not in trouble yet. We’re just gathering information. Now, Robert, we understand you’re a computer enthusiast. Can we see your setup?
Robert didn’t see a way out.
Sure. This way.
He led them upstairs and showed them his bedroom, explaining the diverse array of hardware and software.
Wow. Wish we had this kind of computing power at the Bureau, said the older agent.
Then the younger agent stepped forward.
Robert, we’ll cut to the chase. We know all about your activities with the hacker group World of Hell. We even know your online alias: Cowhead 2000.
Robert went pale.
Look, we’re not criminal masterminds. We’re just hackers. We don’t do any damage and we don’t mean any harm.
Really? Then why has one of your members, named RaFa, been talking about attacking US military websites? And why is he participating in a Russian credit card scam?
Look, I don’t know who RaFa really is. I don’t know who anyone on World of Hell really is. I’m not involved in anything criminal. If they are, that’s on them.
The older agent frowned.
Mr. Junior, I hope that’s true. Your government takes hacking very seriously, especially after September 11th. If you know anything, tell us now.
I really don’t.
With that, the visit was over and the agents saw themselves out. But Robert was disturbed. He and his friends were in deep shit, and he didn’t know whether to warn them or save himself.
On this episode: website defacement gangs, NASA, September 11th, Venezuelan oligarchs, and the US government’s war on teenage hackers.
I’m Keith Korneluk and you’re listening to Modem Mischief.
You're listening to Modem Mischief. In this series we explore the darkest reaches of the internet. We'll take you into the minds of the world's most notorious hackers and the lives affected by them. We'll also show you places you won't find on Google and what goes on down there. This is the story of the World of Hell.
Act One
In many ways, Robert Junior was a typical American hacker. The kind created by a country that pioneered the personal computing industry and made computer hardware and software cheap enough for even a child to buy.
Robert started hacking when he was 12. One of his earliest experiments was installing the Sub7 Trojan virus onto his friends’ computers, allowing him to log onto their computers from his home. This gave him a taste for hacking. From there, he frequented legal websites like progenic.com or cyberarmy.com, which encouraged users to hack their sites to hone their skills. He also read every book and journal article on hacking that he could.
On his 15th birthday, Robert was bored. So, he decided to have a little online fun. He randomly picked out a foreign website—Sewon Teletech, a South Korean manufacturer of electronic video and audio equipment.
With a few keystrokes, he changed Sewon Teletech’s front page to read:
Sewon Teletech would officially like to wish Cowhead2000 a happy birthday!
Of course, Cowhead2000 was his online hacker alias.
Sewon Teletech changed their homepage back within hours, but Robert was hooked. He gravitated towards hacking chatrooms on Internet Relay Chat, a hotbed of both American and foreign hackers, who gathered to swap tips, brag about their exploits, form gangs, or just shoot the shit.
These hacker gangs and their members all had different backgrounds and different motivations, but their behavior was similar—stirring up shit online to make a statement, whether that was political or just attention-seeking.
Robert logged onto a chatroom and shared screen grabs of his birthday message. Soon, he was the head of his own hacking group, a small-time outfit called “Ph33r the B33r,” spelled in leetspeak.
Ph33r the B33r’s members defaced a few dozen websites, all similar to the Sewon Teletech hack.
But some members were unimpressed with Ph33r the B33r’s work and split off to form their own group under the leadership of a hacker named Jesse Tuttle, aka Hackah Jak. They called themselves Hackweiser, and they’ll be the subject of a future episode.
Robert also wanted more. He didn’t want to knock off a few no-name websites. He wanted to knock off the “big boys,” hundreds at a time.
After the schism, Robert had about seven other hackers remaining on his side. Together, they formed a new hacking group: World of Hell.
World of Hell was founded in March, 2001.
But a hacker group that hasn’t hacked anything is a hobby, at best. World of Hell needed to make its entrance onto the hacker scene, and it needed to make a splash.
Naturally, Robert and his cohort chose to hack a porn site. In March 2001, they changed the porn site’s home page to read:
We are the seven hackers known as World of Hell. We are not some script kiddie group. We are professionals who are to be ph33red (“feared”) by all. 2001 will go down in history as the year nobody was safe from World of Hell.
A few days later, World of Hell hit six more websites simultaneously, with the same message before, but with an addendum:
We’re looking for coders. No script kiddies, please.
They were recruiting. The hacking community was impressed, and email applications flooded in.
While World of Hell sifted through all these applications, it continued to hack and deface websites, of a much higher profile than Sewon Teletech.
From March to May 2001, World of Hell hacked the Sony Semiconductor Foundry Services, the State University of New York at Stonybrook, the Egyptian government’s ministry of communications, a Time Warner broadband internet service page in Wisconsin, the Hong Kong Education Department, the State of Virginia Bankruptcy Court, plus over a dozen sites in Russia, and over 100 in Mexico.
But it’s important to emphasize that World of Hell wasn’t malicious. In all of these hacks, all they did was deface the homepage with a goofy message, then erase all traces of how they gained access. They didn’t destroy information.
By June 2001, World of Hell’s splashy hacks and recruitment message allowed the group to swell to 13 members.
Like we said, members of any hacking group in this era come from different backgrounds and have different motivations. Journalist Dan Verton compares these groups to terrorist cells, in that their members mostly operate independently from each other.
This is evident in their motivations. For Robert Junior, aka Cowhead2000, hacking was about having fun.
But for another member, like FonE_TonE—and we don’t know his real name, hacking was almost a public service.
FonE_TonE joined World of Hell in the summer of 2001. Like Robert Junior, FonE_TonE’s spent years studying computer hacking before actually doing it. The more he studied, the more he became aware of how shoddy internet security was.
After joining World of Hell, FonE_TonE’s targets included Staples Online, the Shao-Lin Kung Fu Academy in British Columbia, and Prostar Interactive Media Works, which he defaced with an image of a chain-mailed knight surrounded by lightning bolts.
Often, when FonE_TonE would hack, he would also leave a message for his victim’s system administrator, explaining just how he’d broken in.
Another was named kr0nograffik, aka “kr0n,”—whose real name is also unknown. For him, hacking was like a secret compulsion. He was far from the stereotype of a computer hacker. He was in high school, a skilled and popular athlete. Hacking allowed him to dabble in illegal activity, which went against his squeaky-clean image.
Then there was dawgyg. His real name was Tommy DeVosse.
Tommy was a 17-year-old from Virginia, but he wasn’t in high school. He’d been expelled after committing a series of hacks from his school computer lab out of boredom. The final straw came when he hacked into the AOL account belonging to a South Korean general, then used it to email a bomb threat to his school superintendent.
For Tommy, hacking started out as a way to get revenge. After joining World of Hell in June 2001, one of his first victims was the website for the Commonwealth of Virginia.
Specifically, Tommy railed against Virginia’s “ROTC” program, which he claimed showed favoritism—we don’t know the origin of this beef—and concluded his rant with the words, “patriotism is dead in America.”
Tommy loved the feeling of power hacking gave him, and over the next few months he hacked an impressive list of targets, including:
Yahoo, Mercedes Benz, United Airlines, Rolex, Pfizer, the US Department of Energy, the US court systems, the Venezuelan military, and the Chinese government. And if you think that’s a lot, there was a slew of others we cut for the purposes of time. Also, no one wants to hear me read that extensive list…
And then, there was RaFa. He joined in June 2001, but the other members of World of Hell didn’t know much about him.
RaFa claimed to be an American teenager from the Midwest, but he failed to specify beyond that. He loved graphic design, and he claimed to borrow his name from the Renaissance painter Rafael.
Of everyone in World of Hell, RaFa was the most political. In one of his first hacks for the group, he broke into a series of servers belonging to no-name companies, and tagged his hack with the following message:
Can I live in a world where young children and women die on their way to school and work? Every day when I take the bus I see a man with a suitcase and I think what will happen on my way to school? Will I die? The nations are the reflection of their government rulers and their unemployment, ignorance, sub development. It’s hard to survive in a world with such limitations! How many people will die? When will all this shit be over? People from Brazil and Venezuela are dying for hunger. For this reason we live in the World of Hell…
RaFa’s statement would give clues to who he really was, but it would still take years before his identity was exposed. In the meantime, with this message RaFa established himself as the most radical and outspoken member of World of Hell. The other members weren’t sure if they agreed with him, but his work got attention.
Shortly after this first attack, RaFa orchestrated a massive hacking operation that defaced 679 websites simultaneously.
From there, RaFa convinced other members of World of Hell to help him carry out an attack on an even bigger target, the Pentagon, seat of the American military, and specifically the Information Systems Defense Agency. It took fell to RaFa’s attacks. This time, he defaced the Pentagon’s sites with the message:
WoH is Back ... and kiss my ass cause I just 0wn3d yours!
This attack caused a complete collapse of the website for the US Air Force, which cost $10,000 to fix.
RaFa also managed to ferret his way into computers owned by NASA, which he used to steal a PowerPoint presentation that detailed plans for upcoming technology. This included design information on the COBRA space shuttle engine design program and the risk reduction plan for the Boeing’s next-generation ground control software.
Robert Junior, aka Cowhead2000, and World of Hell’s nominal leader, was probably unaware of any of this. Like we said, the group operated like a terror cell, where members didn’t know each other personally and didn’t coordinate their activities.
But the US government sure was aware of it.
Newly empowered by the Clinton administration, the FBI’s National Infrastructure Protection Center was tasked with investigating hacks against US government infrastructure.
Days after RaFa breached the Pentagon, the FBI traced the attack to the World of Hell’s chatroom and began monitoring all conversation—they could see what the hackers were saying, even if they didn’t know who they were.
As badass as Robert Junior and his cohort might have thought themselves to be, they had no idea the Feds were onto them.
In the summer of 2001, things were going well for World of Hell. So well that Robert Junior, aka Cowhead 2000, had the idea for World of Hell’s first in-person meeting.
The location was easy to choose: DEFCON 9, the ninth convention of American and International hackers, held annually in Las Vegas. There, aspiring and professional hackers can mix and mingle with their colleagues, attend seminars on the latest developments in cybersecurity, and party their guts out.
We know what you’re thinking: why would any self-respecting hacker who relies on anonymity attend a conference that publicly identifies every attendee as a hacker, or hacker-adjacent?
We never said it was a good idea. It was common knowledge that various law enforcement agencies had already infiltrated DEFCON. And remember, Robert was 17.
For $50, Robert got a pass to all of that weekend’s panel discussions. Three other members of World of Hell also ponied up for a pass—soldierx, Floyd, and v0id, real names unknown. For Robert DEFCON 9 was a chance to further develop World of Hell’s imprint, as well as cut loose.
At one point during the hot Las Vegas weekend in July 2001, Robert and his three pals were wandering through the crowded halls of the Alexis Park Resort in Las Vegas, Nevada, a non-gaming hotel a few minutes away from the strip.
There, something caught Robert’s eye—a gold-plated telephone mounted on the wall.
He scoffed. It was the exact sort of symbol of American capitalistic excess he despised. Before his friends realized what he was doing, he slipped his pocket knife out of his pocket, deftly unscrewed the phone, disconnected it, and tucked it under his arm.
What the hell are you doing? Soldierx asked.
Shut up and act casual.
Robert hurried away from the scene of the crime.
But then, two security guards approached from the opposite direction. One eyed the golden phone under Robert’s arm.
Uh, does that belong to you?
…no?
Come with us please.
Robert was busted. The security guards turned him over to the police, who booked him. He returned the phone, and the resort declined to press charges.
Robert felt stupid, but relieved. But what happens in Vegas doesn’t always stay in Vegas.
Act Two
In the weeks after his golden phone caper, Robert returned home to Memphis, Tennessee and resumed his life. As Cowhead2000, he joked about the incident on World of Hell’s IRC channel, and this was his downfall. Now, the FBI had a way to identify him. Agents combed through Vegas arrest records until they found Cowhead2000’s real name and location. This led to the visit we saw at the beginning of this episode.
The visit “scared the shit” out of Robert. The agents warned him that if he continued hacking he would get into real trouble. He decided it was time to step away from World of Hell.
There were other reasons, of course. Lately, members had been bragging about their exploits to the media. It felt like some of World of Hell’s members wanted the notoriety of belonging to the web’s most badass website defacement group without having to do the work.
After Robert left the group in December 2001, leadership passed to RaFa, the militant political hacker with a knack for graphic design. RaFa tried his best to keep the group’s momentum going.
On Christmas Eve, 2001, he hacked the website for order-flowers-online.com and replaced it with a message:
Holiday Greetings from WoH! It’s not what you know, it’s what you can prove.
It was accompanied by an image of a menacing-looking Santa Claus.
But the momentum was flagging. A few weeks later, on January 15th, RaFa posted a message on the IRC page:
Every man, woman, and child has their day in the sun, it’s how you use that sunlight that matters.
I spent a good amount of my life spreading my messages and spiritual philosophies; I tried to pump some intelligence into the underground community. I broke away from the mold of owning a box for the joy. I have a message. Weather [sic] you like me or not, you must admit that I wasn’t the usual defacer.
I wanted to get the underground involved in political activism. The media and our governments are seriously neglecting the truth and I wanted to do something about it.
I have witnessed the defacing scene become more and more ignorant over the years. Do you want to be forgotten as a kid that just rooted servers, or do you want someone to remember you for changing their life? It’s your choice now, god help us.
He ended it with a characteristic flourish, some mock code, which read:
The group disbanded soon after. RaFa hoped to leave his exploits with World of Hell behind him, but that would prove difficult.
By the time RaFa quit World of Hell in January 2002, the US was keen to punish anyone who’d tampered with a government computer.
The US passed the Computer Fraud and Abuse Act back in 1986, which criminalized hacking. But recent events made the Internet even more dangerous for hackers.
The first was Y2K, the much-feared hypothetical crisis that would crash computers worldwide on January 1st, 2000. The Clinton Administration spent $100 billion shoring up America’s computers in anticipation of Y2K. But with so much of this work handled by overseas contractors, Clinton’s National Security Council feared that foreign spies or terrorists snuck viruses into Y2K updates that would cause American computers to crash. The entire Internet was vulnerable to enemy attack, it realized.
So the NSC proposed a system called FIDNET (not be confused with FidoNet for the BBS fans out there), which would monitor government computer systems for intrusion—but this was too controversial for early 2000.
That changed after September 11th. In the wake of 9/11, Congress, urged by the Bush Administration, passed new laws that empowered law enforcement to tap terrorists’ phones and trace their internet activity. The government even considered treating any hack of a US government computer as an act of terrorism.
It didn’t matter if you were a Chinese spy stealing industrial secrets, an Islamic radical hoping to deal cyber damage to the West, or an American teenager looking to flex from his bedroom.
Robert Junior’s November 2001 visit from the FBI was a wake-up call, and he swore off hacking. Some members, like Kr0n and FonE_TonE, disappeared into the ether. If they did hack again, it’s never become public knowledge.
But other members of the group couldn’t resist the thrill hacking gave them.
Like Tommy DeVosse, aka dawgyg.
Before he’d ever met Cowhead2000, RaFa, or the rest, Tommy had already been in trouble with the FBI for hacking the South Korean general’s AOL account and sending a bomb threat to his school district. But back then he was a minor.
Tommy turned 18 in November 2001, right in the middle of his prolific website defacement campaign for World of Hell. He couldn’t stop hacking. He was hooked.
When World of Hell disbanded, Tommy gravitated towards another hacking group, this one much more politically active.
In the wake of 9/11, the hacker Jesse Tuttle, aka Hackah Jak, who had once hacked with Cowhead2000 for the group Ph33r_the_B33r, and then formed the hacking group Hackweiser, founded yet another hacking group. This one was called “the Dispatchers,” and its goal was to use its hacking powers to fight anti-American terrorism.
Tommy joined them, as did RaFa.
After 9/11, members of the Dispatchers defaced hundreds of computers throughout the Middle East, including the Iranian government’s Ministry of the Interior, as well as servers that provided Internet service to Palestinians.
Tommy couldn’t resist bragging to reporters about the Dispatcher’s capabilities.
In these articles, Tommy identified himself by his hacker handle, Dawgyg. He also kept on hacking American websites after World of Hell disbanded.
And so, on June 12th, 2002, Tommy was at his apartment with his sister, smoking weed and watching Men in Black 2, when there was a knock at the door.
Tommy went to open it, but it was yanked open, and an M16 was pointed at his face.
Between 20 and 30 agents stormed into his apartment. They confiscated every computer, computer component, CD, floppy disk, and even handwritten note. His sister sat on the couch crying, but his father, also present, just shook his head in disappointment.
Eventually, Tommy was charged with one count of violating the Computer Fraud and Abuse Act. The FBI had traced him to a hack of a website called Bank Colo.com, which was owned by the Colorado Bank and Trust Company.
Tommy plead guilty in October 2003. The judge was unsympathetic.
Mr. DeVoss, I do not believe you’re sorry for anything that you’ve done. I think the only reason you are showing any remorse whatsoever is because of the fact that you got caught.
Tommy got 27 months in federal prison, plus five years of probation. He was ordered to pay $100,000 in restitution.
And then there was RaFa.
Like we saw, RaFa was the most politically minded member of World of Hell. But like Dawgyg, he also couldn’t resist bragging about his exploits to reporters.
In the wake of World of Hell’s disbandment, RaFa told Computerworld reporter Dan Verton that he’d hacked the Pentagon and NASA, even sharing the space agency’s technical documents with Verton.
Verton published both stories. In response, NASA confirmed that the documents were genuine, but said it was “baffled” as to how RaFa got them. The Pentagon, meanwhile, contacted the Justice Department.
Like Dawgyg, Cowhead2000, and other members of World of Hell, RaFa also agreed to be interviewed for Verton’s 2002 book, “The Hacker Diaries.” World of Hell got its own chapter. In it, RaFa detailed all the hacks you’ve heard about in this episode.
He identified himself as a teenager from the American Midwest, but this was a smokescreen.
RaFa’s real identity wouldn’t be exposed until years later. In reality, he wasn’t a teenager, and he wasn’t American.
His real name was Rafael Nunez Aponte. He was born in Puerto Ordaz, Venezuela, the son of Rafael Sr. and Olga Nunez.
Rafael Sr. was a man of many talents—a pilot, an astronomer, a mathematician, and a computer programmer. He taught Rafael Jr. the basics of computer hacking at an early age. This wasn’t nearly as common for a kid in Venezuela growing up in the 90’s as it was for a kid in the US.
RaFa was in his early 20’s when he joined World of Hell in June 2001. And he was leading a double life.
Online, he was a flashy and militant hacker who’d cracked hundreds of websites.
In real life, he worked in cybersecurity. In 2001, at just 21, he got a job as a computer security specialist for CANTV, the largest Venezuelan communications company. Two years later, he became a “Certified Ethical Hacker”, which allowed him to work as a senior researcher at a company called Scientech.
He also tried to do some good to atone for his past. He joined the Computer Pedophilia Investigation Unit, or CPIU, a collective of hackers who were doxing sexual predators and publishing their identities in an online database.
He was well on his way to a career as one of Venezuela’s bright young computer experts.
But then in 2005, he got an invitation to an event being held in San Diego by the SANS Institute. Founded in 1989, and still in business today, SANS offers courses on cybersecurity training—teaching people how to defend against hackers just like Rafael. The event was a combination trade show and training course, specifically in intrusion detection.
It was a great opportunity for a Venezuelan to study at a leading American cyber school, so he jumped at the chance. Thrilled, he booked his flight.
In April 2005, he boarded a plane to Miami, where he would then travel to San Diego. But when he landed at the Miami airport, a group of men and women in business suits approached him.
Mr. Nunez Aponte? Come with us, please.
They were agents from an array of American federal agencies, like the FBI, Homeland Security, and Immigration.
Rafael realized the invitation was a trap to get him to come to the US—and he fell for it.
We still don’t know the details of how the FBI identified Rafael as RaFa, or much else about its investigation into him. But the case against Rafael hinged on his 2001 hack of the Pentagon's Defense Information Systems Agency.
The server happened to be located in Colorado, so Rafael was transferred there. The US attorney’s office alleged that not only did Rafael hack into DISA, he also deleted login information from its computers, leaving them inaccessible.
Rafael claimed that he’d left his hacking behind, that he was an ethical professional working for good.
The hacking community rallied to his defense. Shortly after his arrest, various website defacement groups hacked educational websites with messages urging the US to free Rafael.
Why the hell should you help authorities in fighting true crimes if at any moment you can get jailed for some silly crimes you have done when you were a youngster? This is what’s pissing off the community, one hacker told a reporter.
But this had no effect. Rafael remained in custody as his case dragged on. Finally in July, he pled guilty to intentionally damaging a protected computer. He was sentenced to 7 months in prison and ordered to pay $5,000 in restitution—about half what if cost to repair the DISA computer.
While Rafael waited in jail, NASA also considered charging him for hacking into its systems, a separate crime not covered in his plea deal.
In the end, NASA declined. In October, Rafael was released with time served and deported to Venezuela.
He wasn’t done hacking, but it was time to evolve. Rafael’s experience made him jaded about the possibility of using his computer skills for the greater good.
In prison, he’d done some thinking. He was one of the best hackers in Venezuela. Venezuelans needed hackers—specifically, businesspeople with not-so-upstanding reputations. And Rafael was just the right hacker for the job.
Act Three
In January 2007, about a year after Rafael Nunez Aponte returned home to Venezuela, government IT workers from different departments showed up to work and found a surprise.
Someone defaced government websites with unflattering pictures of President Hugo Chavez and Cuban President Fidel Castro.
This someone hit 23 different websites, including the webpage for the vice president, the National Guard, the investigative police, and the immigration office. In the latter case, the website had to be shut down for 24 hours before it was fixed.
It wasn’t difficult to find the culprit—he’d tagged the photos with his hacker handle, “J41ber,” as well as his home phone numbers.
Indeed, J41ber wanted to be caught. Police traced the number to a home in a poor neighborhood in the western state of Carabobo, where they found a 17-year-old.
His name has never been revealed. But investigators learned he was a just a kid enrolled in an intro to computer science course. He hacked those 23 websites in the hopes of landing a job with the telecommunications company that hosted them.
Obviously, that backfired.
And obviously, J41ber isn’t Rafael Nunez Aponte. So why are we telling you about him? Because J41ber was only the second hacker ever arrested in Venezuela, and his story is illustrative of what Venezuela’s hacking scene was like—or its lack thereof.
When we tell stories about American hackers on this show, it’s easy to take for granted how ubiquitous computers are to Americans. In the 1980’s America built the first personal computers and invented the personal computer market. This created a generation of kids who grew up with computers in their homes, which created a generation of hackers. Some white hat, some black hat, and some in between.
America was about two decades ahead of most of the rest of the world. When it came to Venezuela, in 2000 just 3.4% of households had access to the Internet. In the US at that point, it was 43.1% of households.
So, hackers like Rafael and J41ber were exceptionally rare in Venezuela in the late 1990s and early 2000s.
This made them valuable.
To give a brief and very incomplete history of Venezuela, from 1958 to the 1990’s it was one of the most stable democracies. Its economy was and is fueled by its vast oil reserves, largest in the world.
But poor living conditions created political instability. In 1983, Hugo Chavez, then a military officer, formed the leftist Revolutionary Bolivarian Movement.
In 1989, a series of deadly riots over economic reforms killed thousands of people, and helped Chavez’s movement go mainstream. In 1992, he twice attempted a coup. After the second failed coup, he was imprisoned for two years.
After prison, Chavez entered the presidential race. On the campaign trail, he promised to institute socialist reforms that would redistribute wealth and improve quality of life, as well as end corruption. He won with 56 percent of the vote.
But Chavez’s campaign promises proved empty. While he did introduce a version of socialism to Venezuela and became a leading critic of American imperialism, corruption was another story. Chavez courted favor with Venezuela’s business community by allowing corruption to flourish. This created a new economic class nicknamed “Boligarchs.”
Of course, many of these Boligarchs had business aspirations beyond Venezuela. Many had questionable business practices going back decades—which were awkward at best to explain to international business partners, especially when all those misdeeds are documented online.
That’s where Rafael came in. After his deportation from the US in 2005, he established two companies, “Clean Perception” and “Mas Que Digital.” Both claimed to offer “cybersecurity solutions.” Here’s what that looked like.
With his hacking abilities, Rafael racked up clients.
One of his alleged clients is Derwick Associates. It’s a Venezuelan energy company that builds power plants. In 2009, when Venezuela’s power grid began to fail, the Chavez government awarded Derwick hundreds of millions of dollars in contracts.
Since then, Derwick employees have been repeatedly charged with bribery, corruption, racketeering, and money laundering.
In 2013, an American businessman named Otto Reich sued two Derwick executives, Pedro Trebbau and Leopoldo Alejandro Betancort, with defamation, also accusing them of racketeering and bribery.
Soon, numerous accounts began appearing in Trebbau and Betancourt’s names, on sites Facebook, Google+, Wordpress, and many more.
With these, someone claiming to be Trebbau and Betancourt flooded those sites with banal comments. As a result, online search results for these two Derwick executives became harder to find.
These accounts were eventually traced to a Venezuelan computer user named Carlos Diaz, apparently an employee of Clean Perception. When confronted, Rafael told a reporter Diaz was an outside contractor he’d never met personally. But no trace of this Carlos Diaz existed online—not until Rafael’s conversation with a reporter. After that, dozens of accounts and websites appeared for Diaz, too.
Another of RaFa’s alleged clients? Ramiro Helmeyer.
In July 1993, a series of bombings rocked Caracas. They were delivered via envelope to various officials with the Venezuelan justice department, plus the Colombian embassy, a nursing school, and a shopping mall.
Eventually, police arrested Helmeyer for the attacks. He was a known criminal in Venezuela and wanted for both gun running and drug distribution in the US and Canada. After a two day interrogation, he confessed to orchestrating the bombings, which he said were designed to destabilize the Venezuelan stock market, allowing him and his associates to profit.
He was sentenced to 30 years in prison, but Hugo Chavez released him in 2000. At some point, he became a Clean Perception client.
As he did for the Derwick executives, Rafael allegedly flooded the Internet with benign information about Helmeyer, all to muddy the waters for those searching for information about him.
Then, after Helmeyer was released from prison, Rafael allegedly deleted all of his court records from Venezuela’s Supreme Tribunal of Justice.
Today, it’s almost impossible to find anything about him online.
But Rafael didn't just use his Internet skills to help private citizens. He also allegedly used them to help the Chavez regime, and then that of his successor, Nicolas Maduro.
One of Rafael Nunez Aponte’s targets was Lorent Saleh.
Saleh was born in Venezuela in 1988. He was 11 when Hugo Chavez took over. When he came of age, he joined a generation of Venezuelans who opposed Chavez.
Beginning in 2009, a 21-year-old Saleh began participating in high profile political protests demanding the release of political prisoners, receiving multiple beatings in the process.
Saleh traveled to several other Latin and South American countries to promote his cause. In 2014, while on a visit to Columbia, Venezuelan authorities accused Saleh of collaborating with Columbian militias harboring ambitions of invading Venezuela.
But the government didn’t just accuse him of treachery. It rolled out an elaborate public campaign against him, which included multiple videos detailing a litany of false charges against him. Venezuela’s national media networks ran them, labeling him a terrorist.
His mother Yamile would later accuse Rafael and two associates of editing, manipulating, and distributing these videos to demonizing her son.
Columbia extradited Saleh to Venezuela, where he was arrested and imprisoned in Caracas’s infamous political prison, La Tumba, or The Tomb. He would remain there for four years.
He described the experience to Human Rights Watch…
I was in a white sarcophagus, like a blind man, for months and months. The isolation, it is so strong that you even doubt if you are alive. When they take away your sounds, when you do not see colors and you are in a cold temperature that forces you to tense your body, how do you know that you are alive? I used to hit myself to feel pain. The pain was an affirmation that I was still alive.
Of course, Rafael Nunez Aponte denied any involvement in these cases, and denied that Clear Perception was involved in reputation management, or anything else nefarious.
Whatever the case, his time after his imprisonment in the US was a success—and he wasn’t finished yet.
Act Four
Leonardo Padron began his career as a writer for a popular Venezuelan soap opera. But when Twitter came online in 2006, Padron started an account criticizing Hugo Chavez, attracting 250,000 followers.
Suddenly in September 2011, his Twitter account sprang to life and Tweeted the following: “In no way have I contributed to combat racism, discrimination, cultural or alienation. My soap operas feed these evils in society.”
It was clear Padron had been hacked.
Padron’s account was one of nine belonging to anti-Chavez activists that were hacked that month. Some threatened Chavez’s opponents. Others posted Photoshopped images of Chavez’s opponents wearing Chavez’s signature red beret,
Soon after these hacks, a group called N33 claimed responsibility.
Was Rafael Nunez Aponte involved? Not directly. In the wake of these hacks, Rafael offered his expertise to Venezuelan media stations. According to his analysis, N33’s attacks were most likely the result of a Phishing campaign, and not likely the result of any kind of operation coordinated by the Chavez regime.
We don’t know the truth, but this is just one example of the public-facing endeavors Rafael Nunez Aponte engaged in after his imprisonment in the US.
He’s built a robust social media following offering basic tips on protecting yourself from hackers. He also frequently offers his analysis to the media when hackers hit targets in Venezuela, positioning himself as an expert.
And yet, accusations of reputation management and pro-regime hacking persist, from a variety of sources. According to his critics, Rafael’s client list is long and his resume nefarious.
Throughout all of these accusations, Rafael Nunez Aponte maintained his innocence.
But is he leading a double life, like he was during his World of Hell days—working in cybersecurity by day and hacking by night? We don’t know, and it’s entirely possible Rafael has taken steps to make it that way, scrubbing information about his misdeeds from the Internet, or clouding them with misinformation.
What do we make of World of Hell? In the end, while it did rack up an impressive string of hacking victories, its heyday was short lived. Less than a year after Robert Junior aka Cowhead2000 formed the group, it was disbanded.
Most American members of World of Hell escaped punishment for their activities, like Robert Junior, or avoided being identified entirely, like Kr0n or FonE_TonE. Thomas DeVosse, aka Dawgyg, faced years of legal troubles but ultimately left hacking behind too.
Rafael Nunez Aponte made different choices, but he was playing a different game. For him, hacking wasn’t a pastime. It started out as a political mission, but evolved into a vocation. Had he been born in a different country, like the US, he might have been able to parlay his computer skills into a job without any ethical complications.
But just like everyone else, hackers are shaped by their environments, and because of this…hackers shape the Internet we know today. I’m Keith Korneluk and you’ve been listening to Modem Mischief.
CREDITS
Thanks for listening to Modem Mischief. Don’t forget to hit the subscribe or follow button in your favorite podcast app so you don’t miss an episode. This show is an independent production and is wholly supported by you, our listeners and the best way to support the show is to share it. And another way to support us is on Patreon. Just go to patreon.com/modemmischief or click the link in the show notes. You can also support us through a paid subscription on Apple Podcasts. For as little as $5 a month you’ll receive an ad-free version of the show plus bonus episodes exclusive to subscribers. Modem Mischief is brought to you by Mad Dragon Productions and is created, produced and hosted by me: Keith Korneluk. This episode is written and researched by Jim Rowley. Edited, mixed and mastered by Greg Bernhard. The theme song “You Are Digital” is composed by Computerbandit. Sources for this episode are available on our website at modemmischief.com. And don’t forget to follow us on social media at @modemmischief. Thanks for listening!