Inside the World’s Biggest Hacker Rickroll
At 10:55 am on April 30, 2021, all the TV screens and classroom projectors at six schools in Cook County, Illinois, started controlling themselves. Screens that were turned off powered up. Projectors that were already on automatically switched to the HDMI input. “Please standby for an important announcement,” read a message that flashed up on the displays. A five-minute timer, counting down to zero, sat under the ominous message.
A teacher in one classroom tried to turn the projector off using the infrared remote, but it was useless. “They overtook our projector,” the teacher, caught on videotold students. The group speculated that it could be a message from President Joe Biden, failing that, “big brother.” The same scene was repeating itself across dozens of classrooms in Illinois’ school district 214—home to 12,000 students. In classrooms and hallways, more than 500 screens displayed the countdown. The system had been hijacked.
Tucked in the corner of one classroom was Minh Duong, a senior on the verge of graduating. Duong sat pouring over his laptop, chatting with three other friends—Shapes, Jimmy, and Green—on encrypted messenger Element, making sure the last of his custom code executed correctly. As the countdown hit zero, a grainy, gyrating Rick Astley burst into the first notes of “Never Gonna Give You Up.”
“I was walking down the hallway, and everyone was kind of laughing—it was kind of fun to watch,” Duong, who also goes by the moniker WhiteHoodHackertells WIRED. Later that day, at 2:05 pm, Duong and his friends took over the schools’ PA systems and played the song one last time.
The elaborate high school graduation prank—dubbed The Big Rick by its architects—was one of the largest rickrolls to ever take place, taking months of planning to pull off. “I was actually extremely hesitant about doing the entire district,” Duong says.
During the process, the group broke into the school’s IT systems; repurposed software used to monitor students’ computers; discovered a new vulnerability (and reported it); wrote their own scripts; secretly tested their system at night; and managed to avoid detection in the school’s network. Many of the techniques were not sophisticated, but they were pretty much all illegal.
Minh Duong started hacking his school during his freshman year when he was about 14. “I didn’t understand basic ethics or responsible disclosure and jumped at every opportunity to break something,” he writes in a blog post describing the rickroll. (Duong recently presented the Big Rick at the Def Con hacker conferencewhere he revealed new details about the incident.) During his freshman year, using a computer in a cupboard next to the IT classroom, he started scanning the school’s internal network, looking for connected devices and ultimately laying the groundwork for the rickroll years later .
Duong, now 19, says he was able to access internet-connected security cameras throughout the school, posting a picture of himself in his eventual blog post. (He says the issue was reported and access was shut down—and he was caught and told to stop scanning the school’s network.)