Interview with a DDoS troll: Meet 'the Gods of the Internet'

DDoS attacks are a way to keep corrupt corporations honest, according to an anonymous member of DerpTrolling, who gives us an inside look at the self-proclaimed gods of the Internet.

Michelle Starr Science editor
Michelle Starr is CNET's science editor, and she hopes to get you as enthralled with the wonders of the universe as she is. When she's not daydreaming about flying through space, she's daydreaming about bats.
Michelle Starr
5 min read

The Preiser Project, CC BY 2.0

The man behind the curtain

One of the first things he says is that he absolutely cannot offer proof.

This makes a disappointing amount of sense: he is a self-confessed DDoS troll, a member of the infamous group DerpTrolling. Since distributed denial-of-service attacks could be considered a federal crime under US law -- and, indeed, are an offence in many locations around the globe, including the UK and Australia -- he, understandably, won't give a name, location or even rough age. As a corollary, we have no way of knowing that he is who he says he is.

We'll call him Incognito. To talk to him, we plug into a private chat session from opposite sides of the globe (as indicated by time zones) using an encrypted Chrome add-on.

"I've seen Anonymous at its best," he tells us. "I participated in their major DDoS attacks against Visa and PayPal, although the role DerpTrolling played in those attacks is pretty much unknown. I've seen the rise and fall of LulzSec. So let's just say I am old enough to know how to stay hidden."

One thing is clear from the outset: Incognito believes that what DerpTrolling does is for the good of everyone.

"DerpTrolling as a group shows the world, particularly the gaming community, how big companies and corporations such as Riot or Blizzard only care about money," he explains. "Our methods are forcing big companies and corporations to upgrade their servers and make sure their clients are their top priority."

DerpTrolling has been around since around 2011 or so, and Incognito has been a member since the beginning. Its method of attack, as mentioned above, is DDoS -- overloading servers with external communication requests, rendering the target systems unusable for a period of time. DerpTrolling has attacked several high-profile servers over the years, including those of League of Legends, World of Tanks, EVE Online, DoTA 2, Blizzard, RuneScape and, more recently, Xbox Live and the Nintendo Web store.


Although their actions may appear inscrutably juvenile and unwarranted -- done for, as the saying goes, the lulz -- the team identifies rather strongly with Richard Stallman's assessment of DDoS as a form of protest against what it perceives as a callous disregard for gamers on the part of games publishers.

"A company that doesn't care only for money would make the effort, which includes time and money, to make sure their servers aren't able to be crippled by a simple DDoS attack," Incognito said. "We decided to take action because, if we had the capability to stop corporate greed and we did nothing, that in itself is a crime. We thought DDoS attacks were appropriate because they do not affect customers in a monetary way, unlike leaking data -- although we are not opposed to leaking data."

Lines in the sand

He is careful to point out that DerpTrolling is against doxxing -- that is, the leaking of information about a specific individual, such as address, phone number, Social Security number, credit card and bank account details -- and swatting, a term for calling the police to the home of said doxxed individual for spurious reasons.

In one of the most famous incidents involving the group, though, one particular individual was doxxed and swatted -- Twitch streamer PhantomL0rd. While DerpTrolling was attacking Battle.net, EA.com, Club Penguin and Riot, it was allegedly because those were games PhantomL0rd was playing. At some point during the DDoS activities, PhantomL0rd was doxxed on several gaming websites -- and then someone called the police to his home, accusing the streamer of holding five people hostage.

Incognito is cagey about the incident, and won't comment on why the group targeted PhantomL0rd or what precisely DerpTrolling did do -- only saying that there is no hard evidence connecting DerpTrolling to the actions. "Yes, Phantoml0rd was doxxed and swatted," he said. "But we never threatened to harm him physically and we have never taken credit for that attack."

He seems determined to impress that there are lines DerpTrolling won't cross -- that what the group does, it does for the good of all. As an example, he mentions that the group is sitting on what could have been a significant customer data leak.

"We are currently in possession of over 800,000 usernames and passwords from the 2K gaming studio. As of right now, our members as a whole have decided that leaking data is not what we do, and therefore we will not leak such damaging data," he said, adding that he had contacted 2K to inform the publisher of the vulnerability in its system -- and received no response.

"I personally contacted them over a month ago. I did not send them an anonymous letter, I made sure they understood exactly who I was. And offered plenty of proof."

Unless the data is actually leaked, he believes that gaming companies are unlikely to spend the money to issue a fix. CNET has contacted 2K for comment and will update when we receive a reply.

Incognito also goes out of his way to dissociate DerpTrolling's activities from those of LizardSquad, the group that claimed responsibility for calling a bomb threat on a plane carrying Sony Online Entertainment president John Smedley.

"I want to make it absolutely clear that DerpTrolling is in no way affiliated with LizardSquad," he said. Although LizardSquad had requested that the two groups work together, DerpTrolling had refused, he said. "LizardSquad is a run by an extremist hacker who has close ties to UGNazi. You could say that the ISISGang is the elite 'leaders' of LizardSquad. We have no wish to associate with any individual or group that has ties with such extremists."

ISISGang has been accused of making prank calls that see their targets swatted and posing as Middle Eastern terrorists, while UGNazi is allegedly responsible for several doxxings and data leaks. Incognito seems quite firm that DerpTrolling wishes to commit no actual harm.

The end and the means

DerpTrolling has more up its sleeve. Attacks on Xbox Live and the Nintendo Web store on Saturday, September 28 were "test fire" for "upcoming attacks", Incognito says -- although he won't go into any further detail about that. Nor is it easy to guess who the targets might be. DerpTrolling allows the community to select targets much of the time, Incognito said, via text or tweet.

The fact that sometimes the attacks achieve a result justifies the work in his view; Incognito says that League of Legends and Xbox Live have both upgraded their servers in response to DerpTrolling DDoS attacks -- in spite of negative public opinion.

"The public will always have an opinion that is based on what the media feeds them," he says. "Children do not know what is best for them. We are basically the Gods of the Internet, we know what is best for them."

When asked if DDoS is a snake chasing its own tail -- that is, if no one engaged in DDoS attacks, then companies would not have to dedicate resources to protecting against them -- he once again pleads no comment.

There is a condition under which DerpTrolling will cease operations: "If the presidents of Sony and Microsoft will wear a shoe on their heads, then DerpTrolling will disband and we will not attack any more servers."

As for Incognito himself, we suspect he might be around for a long time. When asked if he himself would ever hang up his hat, he seems baffled by the question.

"Why would I want to stop?"