People don’t usually casually refer to committing a federal cybercrime as “my coolest hacking moment,” but that’s what musician Claire Boucher, better known as Grimes, just did.
In an interview with vanity loungeGrimes dropped the bombshell that she was responsible for the 2012 DDoS attack on former indie music snark blog Hipster Runoff that ultimately led to the site’s demise.
Grimes dove into the story after a photo of her kissing another woman at a party in New York in 2012 surfaced during the interview. The photo was posted by Hipster Runoff in 2012, which upset the then-burgeoning musician. “Back then, like before the revival era, I was canceled for that,” Grimes told Vanity Fair. “I was trying to get some integrity and start my career, and it was like ‘Grimes Gone Wild’ or something. It was this story, super wacky, mean, and it was like this meme going around all over the internet.
She also claimed the photo in question was “leaked” to Hipster Runoff, but Jackie Singh, former cybersecurity officer for Joe Biden’s 2020 presidential campaign, noted on her blog, Hacking but legal, that the photo was likely posted on the now defunct New York City nightlife site, LastNightsParty.com. “It appears to be a misrepresentation to imply that this was a private photo for which the blogger deserved compensation for posting.”
In response to the “leaked” photo, Grimes teamed up with a friend who worked in the video game industry to hit Hipster Runoff with a DDoS attack and hold the site hostage. “We were actually able to DDoS Hipster Runoff and basically blackmail them,” Grimes said as he sat down next to the catalyzing shot. “We were like, ‘We’re not going to let you put your site back up until you take down the story. And he, in fact, took down the story. It was like my hacking moment. the coolest.
Emitting a DDoS attack and extortion are federal crimes under US law carrying a combined sentence of up to 11 years in prison. In Canada, where Grimes was living at the time, those same crimes punishable by 10 years to life in prison, but it seems that Grimes and his gambling industry partner committed even more offenses during their clash with Hipster Runoff. According to a 2012 Motherboard In an interview with site owner Carlos “Carles” Perez, the cyberattack on Hipster Runoff didn’t stop at crashing the site. “My server’s disk crashed and remote backups were sabotaged,” Perez said. “My hosting company and support team say there are signs of foul play on the server, and some of the last actions before it crashed are very suspicious.”
In the interview, Perez hinted that he may know who was behind the hack at the time, but could not confirm the identity of the attacker. The cyberattack dealt a crushing blow to Perez’s “one-man operation”. Hipster Runoff could never be fully restored due to damage and the site was sold in 2015. Singh indicates that Perez migrated the site from WordPress to Drupal in 2009 as a potential cause of the backdoor in Hipster Runoff.
“In its early years, Drupal was plagued with security vulnerabilities, and had it been installed in 2009 with potentially no updates since, as noted by the site owner, the server could have been vulnerable to a vulnerability particularly nasty one called CVE-2008-6171 that could have enabled this type of hack,” Singh said.
Regardless of how Grimes and her friend were able to access and effectively kill Hipster Runoff, her spreading of the tale as a celebratory accomplishment does not go down well. “A decade later, unfazed by time and experience, Grimes remains convinced that this was a triumphant moment for her, not an ethical lapse of which she should be ashamed,” Singh said. “For someone who can’t help but rant about ‘wake up’ and ‘undo’, Grimes doesn’t seem concerned about the real risk associated with admitting crimes to a major magazine, despite the fact that Canada does not have a statute of limitations for cybercrime.