Inside the World’s Biggest Hacker, Rickroll

At 10:55 a.m. on April 30, 2021, all television screens and classroom projectors at six schools in Cook County, Illinois began controlling themselves. The screens that were off have turned on again. Projectors that were already on are automatically switched to the HDMI input. “Please wait for an important announcement,” read a message that flashed across the screens. A five-minute timer, counting down to zero, sat below the disturbing message.

A teacher in a class tried to turn off the projector using the infrared remote control, but it didn’t help. “They have passed our spotlight”, the teacher, caught on video, say the students. The group speculated that it could be a message from President Joe Biden, failing that, “big brother”. The same scene was repeated in dozens of classrooms in Illinois’ school district 214– which houses 12,000 students. In classrooms and hallways, more than 500 screens showed the countdown. The system had been hacked.

Tucked away in the corner of a classroom was Minh Duong, a senior about to graduate. Duong sat on his laptop, chatting with three other friends – Shapes, Jimmy and Green – on the Element encrypted messenger, making sure the last of his custom code was running properly. As the countdown reached zero, a gritty, spinning Rick Astley burst into the opening notes of “Never Gonna Give You Up.”

“I was walking down the hall and everyone was laughing a bit – it was quite fun to watch,” Duong, who also goes by the nickname WhiteHood Hacker, says WIRED. Later that day, at 2:05 p.m., Duong and his friends took over the school PA systems and played the song one last time.

The elaborate high school graduation prank – dubbed The Big Rick by its architects – was one of the greatest rickrolls never take place, taking months of planning to pull off. “I was actually extremely hesitant to do the whole district,” Duong says.

In the process, the group broke into the school’s computer systems; repurposed software used to monitor student computers; discovered a new vulnerability (and reported it); wrote their own scripts; secretly tested their system at night; and managed to avoid detection in the school network. Most of the techniques weren’t sophisticated, but they were pretty much all illegal.