“History is much decried; it is a tissue of errors, we are told, no doubt correctly; and rival historians expose each other’s blunders with gratification. Yet the worst historian has a clearer view of the period he studies than the best of us can hope to form of that in which we live. The obscurest epoch is to-day; and that for a thousand reasons of incohate tendency, conflicting report, and sheer mass and multiplicity of experience; but chiefly, perhaps, by reason of an insidious shifting of landmarks.” – Robert Louis Stevenson
To say that there is a law enforcement manhunt on for the individuals responsible for posting credit report information on public figures and celebrities at the rogue site exposed.su would be a major understatement. I like to think that when that investigation is completed, some of the information I’ve helped to uncover about those affiliated with the site will come to light. For now, however, I’m content to retrace some of my footwork this past weekend that went into tracking individuals who may have been responsible for attacking my site and SWATing my home last Thursday.
I state upfront that the information in this piece is certainly not the whole story (most news reporting is, at best, a snapshot in time, a first rough draft of history). While the clues I’ve uncovered thus far point to the role of a single individual, this person is likely part of a larger group involved in hacking and SWATing activity.
In my story last week, I posted a copy of the internal database for booter.tw, one of several fee-for-service “booter” sites. Booter sites are perhaps most popular among online gaming enthusiasts, who like to use them to knock opponents offline; but they are frequently also used to launch debilitating attacks on Web sites. That leaked booter.tw database shows that the denial-of-service attack that hit my site last week was paid for by a booter.tw user with the account name “countonme,” and using the address “countonme@gmail.com.”
Since the attack, I reached out to the proprietor of booter.tw, a hacker who uses the nickname “Askaa.” He informed me that the individual who launched the attack on my site was a hacker who used the screen name Phobia. “Phobia hacked into the countonme account to make it look like the according user attacked you,” Askaa said in a brief interview over Skype instant message. Askaa declined to say why he was so confident of this information.
RealTeamHype’s Youtube page before the videos were deleted on Sunday.
Separately, over the weekend I received an email from a person who claimed to have direct knowledge of the attacks (perhaps because he, too, was involved). This individual said those who attacked my site were a group of young online video game enthusiasts who were upset that earlier in the week I’d written about ssndob.ru, a site that sells access to peoples’ credit files, Social Security numbers and other sensitive information.
According to this source, the hackers in this case belong to a four-man Xbox live gamer team that calls itself “Team Hype,” which until this past weekend had posted a number of videos to their own youtube.com channel, RealTeamHype (more on what happened to these videos in a moment).
According to the anonymous source, Team Hype consists of hackers who use the nicknames “Trojan,” “Shadow,” Convict,” and “Phobia.” The source said the group used SSNs from ssndob.ru to hijack “gamertags,” online personas tied to Xbox Live game accounts. In this case, specifically from Microsoft employees who work on the Xbox Live gaming platform. Some of the group members then sell those accounts to other Xbox Live players.
“They hack/social engineer Gamertags off Microsoft employees by using SSNs,” the source wrote. “I didn’t DDoS your site and I didn’t SWAT you, Phobia has been telling everyone he did. The method he released he said he gets SSNs, then calls phone companies and redirects the number and than gets xbox phone support to call number and confirm. I heard he got pissed that you released the site he uses. Also Trojan told a buddie of mines ‘fear'(on AIM) something about a dead body in your closet about your swat.”
Snippet from @PhobiaTheGod’s now-closed Twitter account
The source said Phobia used the Twitter account @PhobiaTheGod (now closed, but partially available here and at this cache), and that Phobia’s personal information — including real name, address and phone number — had been “doxed” or released onto Pastebin-like sites some time ago. It didn’t take long to locate this profile at skidpaste.org (“skid” is a diminutive reference to the term “script kiddies,” referring to relatively unskilled young hackers who conduct most of their exploits using automated tools without understanding how those tools actually do the dirty work).
Having watched most of the videos at RealTeamHype’s youtube channel, it appeared that my source was telling the truth about the hijacked accounts: In fact, the videos at that channel documented such hijackings in progress using desktop screen-grabbing software. The videos even showed conversations with other team members in instant message windows in the background.
But I was reluctant to put much stock in the information until the source sent me a piece of information that only the attackers and my ISP would have known. On Friday, I received a call from Cox Communications, my Internet service provider. They wanted to know why I had paid $3,000 toward my account using several different credit card numbers. I assured them that I hadn’t made that payment. Then I heard from a member of Cox’s security team, who asked if I’d reset my password and if I’d indeed asked to cancel my Internet service. He was unsurprised to learn that I hadn’t. Apparently, hackers reset the password to my Cox email account by working out the answer to my secret question (this account is separate from my Cox user account, was set up over 10 years ago, and has never been used for anything remotely interesting or sensitive).
The source told me via email: “Hey brian, i just spoke to fear he told me phobia and his buddies were telling him that they hacked your cox email and paid your cox bill with hacked credit card, im not sure if this is true but im letting you know.”
I decided to give a call to the phone number included in the doxed records for Phobia, which rang at a home in Milford, Ct. A 20-year-old named Ryan Stevenson picked up the phone. After introducing myself, I asked Ryan if he knew anything about booter.tw, and he said he didn’t bother with booter sites because they were lame.
I then asked if he was part of a Xbox gaming group called TeamHype. He said yes, but that he hadn’t been associated with that group for six months. When I asked why, he said that his teammates had repeatedly called his house posing as the police, and had even SWATed his home — something his father confirmed by interjecting over Ryan’s voice. I told Ryan I found this strange, since the youtube channel for TeamHype’s video channel was created on Dec. 26, 2012, and his youtube.com account “Phobia” had uploaded videos of Microsoft Xbox accounts being hijacked as recently as February 2013. What’s more, those videos (like the one reproduced here) show Phobia sending shouts out to his buddies.
Then I remembered where I’d heard the nickname “Phobia”: In a terrifying tale by Mat Honan, a wired.com reporter who woke up one day last year to find his Macbook and other Apple devices being remotely wiped of their data after hackers managed to commandeer his Apple iCloud account. According to Honan’s story, “How Apple and Amazon Security Flaws Led to My Epic Hacking,” a hacker named Phobia reached out to him shortly after the incident. “Phobia was able to reveal enough detail about the hack and my compromised accounts that it became clear he was, at the very least, a party to how it went down,” Honan wrote of his ordeal. “I agreed not to press charges, and in return he laid out exactly how the hack worked.”
I asked Ryan if he knew Mat Honan. Here’s a snippet of our conversation:
BK: I’m looking at a story in Wired magazine from Mat Honan about how his Apple iCloud account was hacked. Do you know this guy?
RS: Yeah, I used to.
BK: Uh huh. And is Honan referring to you in this article?
RS: Yeah.
BK Yes?
RS: Uh huh.
BK: Did anything bad ever happen to you because of this?
RS: No.
BK: So, this was your doing with the Mat Honan hack, but you say you would never use a site like a stresser or…
RS: Yeah, I would never do that. That’s stupid.
BK: …or hack a reporter’s account or launch a denial of service attack against a reporter, or SWAT his house….
RS: <extended silence>
BK: So what’s the point of hacking a reporter’s iCloud account? Why’d you do that?
RS: Just to prove a point that, like…the security is breachable.
BK: Are you still on twitter?
RS: Yeah. But I changed my username yesterday.
BK: Really? Why?
RS: Because I don’t want to deal with people anymore. People call my house and pretend to be the police and stuff.
BK: Yeah, I know what you mean. So, what was your old Twitter account name?
RS: I think you know.
BK: PhobiaTheGod?
RS: Uh-huh.
BK: So what’s your new Twitter handle?
RS: <extended silence>
BK: Look, did you launch the attack on my site or not? Some of your gaming buddies sure seem ready to throw you under the bus for it.
RS: I didn’t even know who you were until someone tweeted your site. I just went to it to see what it was about.
At this point, Ryan’s dad grabs the phone and tries to tell me that his son didn’t really say that he hacked Mat Honan’s iCloud account, but that what he really said was he only knew the guy who hacked Honan’s account. Ryan’s dad goes on to explain that his son is basically a good kid who fell in with the wrong crowd, and that his son wouldn’t stoop to hacking other people, and certainly not to sending SWAT teams or any of that nonsense.
I decide to share with Ryan’s dad the URL for the TeamHype channel at youtube.com, and I can hear the father taking notes on the other end of the line. From the racket in the background noise behind the voice of Ryan’s dad, it’s clear that someone is furiously banging away at a computer keyboard. My suspicions are confirmed when I refresh the TeamHype youtube channel and find all of the videos have been deleted (the one above was cached in my window so I was able to re-record it).
This entire episode is giving me flashbacks that date back almost a decade, when I began communicating with a hacker group that called itself Team Defonic. These young men positively lived to hack into and post online personal data and photos belonging to celebrities and public figures. They also were obsessed with plundering databases for Social Security numbers and other sensitive information. Most of them were later arrested and jailed for their roles in breaking into Paris Hilton’s cell phone and hacking into accounts at Accurint, a law enforcement database run by data aggregator LexisNexis.
Stay tuned for more on this developing story. Meantime, many thanks again to all of you who’ve expressed concern or reached out via Twitter, Facebook (and Paypal!) to voice support and solidarity.
Brian,
Glad everything is working out, he couldn’t get his mommy on the phone too, maybe daddy can bring him snacks when he’s in lockup. Your a better dude than me if he had put my family in danger I’d been knocking on his door.
Keep kicking ass and outing idiots!
“…Ryan’s dad grabs the phone…” That’s funny and frightening at the same time.
I never know what I’m going to see when I come to this site, and I am never disappointed. Great read, as always.
I’m glad you and your family are safe, Brian. Please be careful while carrying on the good fight. I have grown virtually very fond of you. 🙂 God bless you and your work.
Seconded.
Take care, I was glad to hear that at least someone in the local police force could make sense of things, but the timing of that SWAT event at your home plus the increase in gun owndership could have been a sad confluence.
Keep asking those great questions!
Its funny how many of these people are just socially awkward teenagers who have nothing better to do but grief other people. I think a large part of it is jealousy. They are just mad that they are not more important than they actually are as “I can see it, why can’t everyone else?”.
Of course then their parents get involved saying how they are just “good kids” without knowing anything they are actually up to. To an outsider coming into this story it’s sad, but mostly funny and pathetic.
Ever checked unemployment rates…? 😥
I bet the 20yr old is making more $$$/month than Krebs is /year.
Brian Krebs in already a legend in his field, yet I’ve never heard of the vast majority of people on the Forbes 400 ( the definitive list of wealth in America.)
Кто не будЬ, кто сделал очень мало денег, однажды сказал, что жизнь человека не зависит от изобилия его имения.
It’s never been a secret that making money illegally is a lot easier than working for a living.
Judging by the contents of the booter.tw database, total income since January was just over $8,000. Overall, a pretty paltry sum.
Stealing isn’t making money. It’s just stealing.
Then how come he’s living in Daddy’s basement?
That’s not really a hard thing to do if you can code and lack ethics 😉
The worrying part here is that any antisocial kid living in their parents basement can launch these type of attacks.
Hey if they are hacking Microsoft employee accounts, sick Big Bill’s lawyers on them, they’ll be wishing the police showed up first lol!
Without going into to much boring detail; I’m convinced there are insider criminals in the Microsoft partner network. Try to complain about it, and you get your phone calls dropped, and email attacked, crackers take over your computer and abscond with files, and snail mail complaints go unaddressed over there. No wonder they are losing market share to Google and other competitors.
Yes this is the problem. These Russians and chinese need insiders, and its Americans aiding and abetting these hackers.
Just like this kid is really hiring the russians and other hackers to do the dirty work for him, who are in turn also end up hacking and using him.
Its the same thing with these russians robbing banks and hacking microsoft. They keep saying they are getting people through emails and their java or adobe. But i wouldn’t doubt its someone on the inside 90% of the time with a thumbdrive. Same goes for all these game companies.
Look how microsoft just patched that hole last update, where someone can take over your computer in seconds just by sticking a thumb drive in it…..which has been around since the beginning of windows. Which they now just finally found….hmmm….. And didn’t even matter if you had your pc locked or sleeping or required password……
Thats why, now even American citizens are included on the kill list. Now that american corporations and gov’t sites are getting abused. All i know is this guy John Brennan is no joke. And hes mostly a genius analyst working with an ever growing clandestine hit squad. These hackers should be scared imo.
We didn’t go to iraq for sadam, Like John Mccain himself said, we went there for OIL! And your naive if you think the US won’t take hacks on major US corporations seriously, or that we only have a kill list all of a sudden now because of Al Qaeda.
I mean think how scary the times are becoming, if they planted viruses in facebook, apple and microsoft.(like they did to nbc.com) They just tried to spy on everyone in the world.
Please, America is a world champion even in espinage and hacking. (Beside Facebook, iOS and Windows are mal- and spyware themselves…)
The point is cybercrime is globalized and law enforcement lags behind.
@JCitizen:
There are insider criminals all around but the real shame is that most companies (and authorities) fail in basic security so far.
An amazing story, I can’t wait to see the screen play. Brian you’re like Serpico, a little crazy and convicted with principle. Stay Safe.
“I can’t wait to see the screen play.” Same here, the movie would be great with the SWATing as the opening scene. I want Kevin Spacey to play Ryan’s dad, a suburban Keyser Söze. Casting all of the hackers would require looking in some really “dark” places. Lindsay Lohan could be cast as something in what currently sounds like an all male cast. One of the hackers must have a sister. With the proper casting, the movie could become an instant classic, the Goodfellas of the digital age.
“From the racket in the background noise behind the voice of Ryan’s dad, it’s clear that someone is furiously banging away at a computer keyboard.” Doesn’t it warm you heart to see father and son working together to destroy the evidence.
@Brian: you need an agent.
Great story, and it’s amazing what twisted kids do for “fun”. Keep up the great work!
I hope Mr Krebbs got permission before he taped (assumed) the conversation with this dumb kid. In many states, it’s illegal to record a phone conversation without the other persons authorized consent. I can’t for the follow up to this story !
One of my first jobs at The Washington Post in the newsroom was in dictation, taking stories from reporters in war zones where you’d better get the copy right the first time through because you may not have the reporter on the phone long enough to ask them to repeat themselves. I got the job because I type about 140-160 WPM with almost no errors.
I’m fully aware of the laws in certain states (including Ct which is two-party). Also, Mr. Stevenson talks very slowly.
Wow! what a huge honor it is for you to return my last post. I only posted about the privacy laws with regards to recording conversations, because in the state of Pennsylvania it is a criminal offense if you record any conversation without the other person consent.
I was born in Connecticut and know the town of Milford very well. It’s a real nice beach community with all the big box retail stores and a huge mall on the Boston Post Road.
I need to check my grammar more on my posts!
Phishing researcher
John, you do realize you just doxxed yourself?
And whilst I have your attention, what was the name of your first pet?
Trust me , it’s not a any name for any pet
Okay Nick I just did a ” Internet Sleuth ” on you. You are now doxxed , but not PWNed :–)
Lets see now your mother’s maiden name is………. LOL
Those laws may be affected by a recent case law. See ACLU v. Alvarez (US Seventh Circuit Court of Appeals). The US Supreme Court refused to review the decision, so it stands.
Essentially, the decision prevents Illinois’ prosecution of people recording the police in a public area. It doesn’t seem like too much of a stretch to see it applied to similar, non-police cases.
Please do your best to make sure this scumbag is prosecuted. If the guy who embarrassed AT&T by publishing personal user info their website was giving up got 3.5 years, two major hacks and more importantly putting several peoples lives in danger by swatting should earn this loser real jail time.
If I were that dad…You’re out of this house!
Krebs, please…
No internal info and you’d still be eating donuts and buying a new Mac…
Good story. I guess its true. 🙂
BK I’ didn’t mention I’ve had similar experiences. I’ve even had a cop wake me up out of bed and stick a gun right on my forehead asking me for my id…. I’ve had police kick in my door and slam me on the floor holding me down outside my apartment while they searched my house, because someone gave a false report. I’m constantly getting stopped on the street, I was even told recenlty i’m not allowed in the local parks.
Recently the swat team came with 30 police and rifles and a battering ram to my next door neighbors house last month….LMAO Actually this has happened to 4 houses around me in the past few years, and I don’t even live in a bad neighborhood. And i’m a goody two shoe 🙂
Two detectives came to my house after some hackers were threatening my life online over the summer… Its too funny. They thought i was a terrorist, i’m thinking it was the hackers that did something…. but once they saw the American flag outside the door and realized my family has been here for almost 50 years, they just stopped and gave me their card to call in case of emergency….lol
I would say theres nothing to worry about Brian. I don’t think they would risk too much. These guys like to keep their distance. They don’t like anything too real or close. They have just pretty much done all they can do to stop you. Most of these hacker types are just pathological lying scared shit talking nerds who don’t even know themselves anymore. Even the adults are like kids.
We need more people like you. Keep exposing them. I salute you!
Rich.
True!
Kids these days.
There are no other words, this so absurd.
Keep up the good work.
It’s always the same parent accuse, ” my kid was hanging out with the wrong crowd” You mean hanging out with people who have real good computer or internet skills is the “wrong crowd” Now, I may be older but when I was growing up the wrong crowd was people who did illegal drugs. So when did the “wrong crowd” become related to computer activity? To me it’s not the ‘wrong crowd’ , it’s people with intentional criminal intent trying to influence others. The phase “wrong crowd” is way to broad because it can be stereotypical to any group of people regardless if they do illegal activity or not.
I guess when the brave Ryan Stevenson of Milford CT, hiding behind his keyboard says “Come and get me Biatch” he should be careful of what he wishes for. This low rent loser, a dirty skidmark on society’s underwear, and his pals, will be doing well deserved jail time.
Most of the people in Milford Connecticut are middle and upper middle class working people. I don’t remember any trashy areas in that town, not even in the Devon Section. Most of Milford and Orange for that matter are subsidized by the tax revenue from all the retail outlets on the Post Road (Route 1). This young kid is not from a low income family and may have gone to some pretty good schools in that area. Look at the income statistics for the town of Milford Ct. you may be quite surprised . Don’t think for one minute that due to the tragedy in Sandy Hook that the people are trash because that’s far from the truth. Maybe if this kid was from the inner city of New Haven or Bridgeport maybe I would agree, but once you get out into the suburbs then things are a lot different.
John, “low rent” is a description of this guys character, or lack thereof, not his socio-economic status. But thanks for addressing your misunderstanding and sharing your insight all the same.
Thanks I just don’t like seeing people trashing the citizens of Connecticut over this young kids B.S.
Maybe this kid should have spent more time at the Connecticut Post Mall (Now the Westfield Mall) instead of spending way to much time on the internet.
Confident, cocky, lazy, dead.
Now that he’s been identified, someone should drag him out into the street and shoot him. THAT would be a nice lesson for all the other hackers out there. IT is great when you hide behind a curtain of anonymity….but when you lose it?
I tell you something Brain ,If you can’t stand the heat, get out of the kitchen .Simple .))
Знаю-знаю, что выставляя очередной рецепт выпечки с яблоками, я подвергаю себя риску быть обруганной и оскандаленной. Но вы сначала попробуйте этот рецепт, а уже затем ругайтесь, и я уверена, что вам расхочется критиковать рецепт, но захочется еще кусочек этого необычного пирога. “А что в нем необычного?”- спросите вы. А то, что теста почти нет в пироге, потому что яблоки впитывают в себя все тесто, получается что-то вроде яблочного облака с хрустящей корочкой. Заинтриговала????
Мне нравится использовать Google Translate тоже. Ерунда, мальков рыб, сыр квадратов.
Это забавная игра, я хотел бы тоже играем! Дети в эти дни и их компьютеры … Что такое Россия для “качая головой”?
每個人都在某些時候失敗。
” Ryan’s dad goes on to explain that his son is basically a good kid who fell in with the wrong crowd, and that his son wouldn’t stoop to hacking other people, and certainly not to sending SWAT teams or any of that nonsense.”
Sounds like Ryan’s dad is in a severe state of denial.
“Sounds like Ryan’s dad is in a severe state of denial.”
Isn’t that in Egypt?
When you started talking about a hacker called Phobia I too thought that it might be the same person. Ha ha it was!
Matt Honan should have burned him!
Its all fun and games till someone gets his iPhone, iPad, and MacBook Air remotely wiped! (Not Funny at all!)
Real men: 1; Skids: 0; Well played, sir, well played! Of course it seems a bit of youthful tribalism did play a part, but ultimately one should not be playing with tools one doesn’t understand or people one doesn’t know; especially in a very, very connected world where true privacy is an ever more precious commodity.
A 20 year old full-time gamer whose dad picks up the phone and supervises his conversations.
Yep, this isn’t some normal adult you’re dealing with.
This is a truly chilling story. Brian, please be careful. I’m glad it turned out well, but the potential for disaster was great, as it always is when high emotion, guns, and false accusations are present.
After my relief at the safe outcome and pleasure at learning that you had identified and outed the kiddie involved (may his judge be old, grizzled, smart, and totally without humor when young Master Stevenson is hauled into court), my thoughts turned to what we have wrought with our wondrous internet.
I am old enough to remember when people like this kid would have been spending their time tipping cows and prank calling bars looking for Prince Albert in the can. Those were simple days. Now it is all too easy for the mentally ill, criminally inclined, sexual deviants, and stupid kids to find each other on the internet and band together to create more and more advanced havoc. When they identify others with like deviances the dynamic seems to be that they band together and give each other permission to do ever more outrageous acts. Girls bullying rape victims in Ohio, child pornographers, identity thieves, idiots who endanger lives by SWATting… all occuply the dark side of our net.
I wish I knew how to solve this so your experience is never replicated, but as they say, “you can’t legislate stupid.” Alas.
I do have to admit this is a fascinating read, but I disagree slightly with picking on kids. Next time, just let karma play out.
He is one lucky arse as I’ve already cut a fingers off of kids that thought they were something special.
Brian,
Thank you for sharing these stories, they’re fascinating. Please do be careful.
In response to ‘watice’s’ post. The young man on the phone was described as being 20. He is an adult and therefore Brian did nothing wrong with chasing him down and questioning him. I am more concerned with the father of this man. It sounds as if he might be in denial that his son is a repeat felon. Albeit a gifted felon, but a felon nonetheless.
As it turns out, Milford, CT is not that far from me. Would you like me to drive over there and beat this jerk senseless with his own keyboard? Just kidding. It sounds like this guy needs some guidance. He certainly has skills.
“He certainly has skills.”
What skills? He picked up a phone and talked to an hourly worker following bad procedures.
Oh wait, you must mean that he dialed 3 numbers on his phone (911) and using a technique he found on youtube (an educated guess) spoofed someone’s home phone number.
It’s taken me awhile to figure that “skills” are things developed over time, usually long periods of time. This guy is 20, the only skills he’s developed are the ones that likely makes him unemployed, going nowhere, and setting a bad example for his fellow humans.
This reminds me a lot of Kevin Mitnick’s book, Ghost in the Wires. Kevin wrote something about Tsutomu Shimomura giving him a head nod as if to say “I respect your skill.” (I’m paraphrasing from memory)
I found this to be a very weird part of the book and it left me thinking…what skills would he respect, your ability to put yourself before everyone else in the universe? My guess is that Shimomura was probably thinking something more like “Hello fellow human being, I acknowledge your presence in this world because that’s what people do when they see other people.”
Skills. Please.
His more then likely just another script kiddie that brags about what he can do using other people’s software to do his dirty work.
I agree that it takes years to be good at something. It took me over ten years to get good enough where I could take down websites sites and servers with confidence. I don’t need to brag about what I can do. To me it’s not important to brag about what you can do, it’s the evidence that proves the point that you can do things in a ethical way without causing anyone and or internet equipment any harm.
Doing the things the ethical way, is the RIGHT way. No bragging is required
Keep up the goood work! Sounds like the dad was scared out of his mind that someone would take his son to jail.
You can say what you want about me Mr Krebs. Let your anger come out of you, and let your self esteem boost your confidence level. you have no idea on what you are doing , stay to your blogs and let people praise you. All i have to say is that i never swatted you, never hit your website off, never hacked your email. I have nothing against you at all, ill leave it at that. To the people who are posting these dumb comments about me / my family, I can tell you guys have nothing better to do.
thread closed -Phobia
“Mr Krebs”
What was the name of that movie from 1970? Oh, yeah, “They Call Me Mister Krebs!”
I’m guessing this isn’t really “the” Ryan, but if it is let’s assume he’s innocent. Brian, present your evidence to the authorities. If they’re ignoring or not giving this priority you have an audience here which would probably be willing to advocate on your behalf — I know I would. The worst part about this incident is the SWATing — and unfortunately that’s the only part probably likely to interest the police/FBI. Who can we call or write to to raise the visibility of this, so an investigation and prosecution is pursued? I think your best best is to emphasize to the police that they could have shot an innocent person and that whoever did the SWATing was putting lives at stake. Maybe work with Matt from wired to nail him.
Unrelated to the current story. Here’s a clever new way to redirect users. It’s very simple and comes with a demonstration.
http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html