Aubrey Cottle, also known by his online alias “Kirtaner”, is a name most people on the hacker scene are familiar with, since he is one of the founding cogs in the wheel of Anonymous. He now faces the possibility of a maximum of five years in prison if convicted for his role in the cyberattack against the Republican Party of Texas’s website.
While I do not know Kirtaner personally, everything I’ve learned about his involvement in the attack on the Texas GOP website through its hosting provider Epik, shows that this Canadian national staunchly stood by his actions, despite having foreknowledge that he was under FBI investigation.
I found the attack interesting because it was reminiscent of the old ways, back when hacktivism was less about achieving easy downtime by DDoSing and more about penetrating security layers.
We exfiltrated data and leaked the information for the world to see, finishing them off by raising our pirate flag, painted across the defaced websites, turning them into broadcast points for our revolutionary message.
However, in the case of Kirtaner, the only element I do not understand was his decision to brag about it publicly, fully aware it would invite a law enforcement response.
On the other hand, is Kirtaner a strategist? Or was the hacker fame farming? I ask this because the whole scope of the hacktivism campaign against the GOP website was to raise awareness that he believed Epik was “known for providing services to websites that hosted far-right, neo-Nazi and other extremist content.”
Understanding Epik
Kirtaner’s motive to target the Epik domain registrar was not without reason. There is substantial evidence that the hosting company provided services to websites known for hosting far-right, neo-Nazi, and other extremist content.
To drive the point home, the Anti-Defamation League (ADL) issued a report stating that EPik has hosted extremist groups, in addition to describing Epik as "safehaven for the extreme right", due to its willingness to provide services to such politically ideologically driven websites. This was further substantiated by The Washington Post, which reported that Epik has had a history of hosting websites that promote QAnon theorists and other extremists.
I’m not talking about your typical left versus right arguments here, but rather, the exact nature of extremist or fanatical political views that usually end up on a government watch list.
Specifically, the ADL has noted that Epik has hosted:
- Gab: A social media platform well known for congregating white supremacists, antisemites, and other extremist groups. Gab gained notoriety when it came out that the individual behind the 2018 Pittsburgh synagogue shooting had used the platform to post extremist content.
- The Daily Stormer: A neo-Nazi and white supremacist site known for its virulently racist and antisemitic content. Epik ended up canceling services to The Daily Stormer after they acquired BitMitigate, a company that had been providing services to the extremist site.
- 8chan: An imageboard infamous for providing extremist content and being connected to multiple mass shootings. Epik also provided services to 8chan for a brief time before stopping its involvement, citing the platform's role in propagating hate.
When you begin to understand Epik’s role in providing an infrastructure for hate, Kirtaner’s own actions begin to make sense, shedding light on his decision to oppose what he must have seen as nothing short of a machine amplifying hatred.
In some way, publicly boasting about his involvement could play a strategic advantage, because now, as every phase of his criminal case unfolds in the media, the reason why he did it will continue to be told, shedding light on far-right extremism.
As of April 2025, Epik came under new ownership by Registered Agents Inc. and has been publicly committed to discontinuing services for extremist platforms. In January 2024, Epik effectively discontinued its relationship with Kiwi Farms, a forum board of infamy, known for harassment campaigns, which has been linked to the suicides of at least three people who were targets of sustained abuse.
Understanding the charges
On March 28, 2025, the Department of Justice (DOJ) announced unsealed charges against Kirtaner (Aubrey Cottle), 37, of Oshawa, Ontario, in connection with the 2021 theft of data from the Texas Republican Party. The charges include defacing the party’s website and downloading a backup of its web server.
He was arrested two days earlier by Canadian authorities, who are also pursuing charges under Canadian law. According to the DOJ press release, the case originated from a criminal complaint filed in the Western District of Texas. It alleges that Cottle gained unauthorized access by hacking into a third-party hosting server containing personal information, which was subsequently made available for download online.
Virtually every news story covering the case is a copy-paste of the initial DOJ press release, which shouldn’t be surprising when the DOJ controls the narrative. However, in this instance, the official narrative is relatively straightforward, emphasizing that he allegedly admitted his involvement in the attack on social media.
To support their claims, investigators conducting a search of Cottle’s electronic devices reportedly found data downloaded from the Texas Republican Party.
While mere possession of the stolen data does not conclusively prove he carried out the attack, the evidence supporting probable cause appears strong, potentially undermining the credibility of any future innocent plea, should he choose to pursue one.
That said, the DOJ press release includes the standard disclaimer: “A complaint is merely an allegation, and the defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.”
The story doesn’t end there. While the US Justice Department seeks its share of accountability since the cyberattack occurred on US soil, Canadian authorities are also taking action.
On March 31, the Ontario Provincial Police publicly announced that Cottle has been officially charged in Canada with mischief to computer data, unauthorized use of a computer, and possession of a device to obtain unauthorized use of a computer. The agency declined to release further details, citing a court-imposed publication ban.
Publication bans are invoked to protect the identity or safety of victims, witnesses, or minors, and to ensure a fair trial. These bans prevent the media and public from broadcasting specific details such as names, testimony, and evidence.
Breaking down the events
It all started in early September 2021, when the Republican Party of Texas’s website was hit by a cyberattack affiliated with Anonymous, connected to Operation Jane, a campaign aimed at protesting Texas’s restrictive new abortion law.
On September 11, 2021, the hacktivists defaced the Texas GOP homepage, replacing it with provocative messages sure to make waves, like “JET FUEL DOESN’T MELT STEEL” and “Trans demon hackers are coming to get you.” The political motive was clear.
During this time, the hackers managed to access a backup of the party's web server and exfiltrated somewhere around 180 GB of data, including internal documents and personal information.
The leaked data soon made its way onto public servers via a BitTorrent link. Now, the party’s sensitive files were out in the open, accompanied by an ecstatic, self-congratulatory press release on 4chan, which read: “Bet you thought it was over, didn’t you? HA! HA!” The statement teased that the dump included “private documents, database, ... dank memes (?) and only Raptor Jesus knows what else.”
The breach was legitimate and independently verified by Micah Lee, director of information security and journalist at The Intercept.
To say the attack was well-known and heavily covered by the media would be an understatement - Kirtaner did a fine job talking about it on TikTok. With over 40,000 followers, he often used the platform to claim responsibility for various operations and promote Anonymous campaigns opposing the Ukraine war.
This kind of chest-thumping isn’t unusual for members of Anonymous, unless, of course, they’ve been fully de-anonymized and have no buffer against inviting legal consequences.
That same month, in a truly bizarre twist, Kirtaner dropped into a live online Q&A webinar hosted by Epik’s CEO, Rob Monster, about the breach. Here’s where things got interesting: it became clear Kirtaner was closely monitoring fallout from the attack.
As viewers watched in astonishment, Monster called him out directly in the chat and asked if he had been involved. Kirtaner’s reply was hacker-appropriate—a coy dodge that raised more questions than answers, “I would never, ever, ever, ever admit to a federal crime in a space like this.”
He didn’t outright deny it. Naturally, the encounter fed speculation about his involvement, even as he carefully avoided a public confession—at least at that point.
Admissions of responsibility
Kirtaner was generally careful about the way he said certain things that could directly implicate himself on the public stage; however, evidence shows he was far less guarded in private communication channels.
According to an FBI affidavit, Kirtaner made direct admissions involving his role in the Texas GOP/Epik hack in his messages with associates. For example, two days before the defacement (on September 9, 2021), an email was sent from Kirtaner’s account to an unknown sender, with the subject line, “oops I control the Texas GOP.” It contained instructions to “delete this message after reading.”
The statement indicates that he had obtained administrative access to the party’s web server and was bragging about it privately among friends. Yes, he openly boasted about the attacks and defended them.
This is precisely how investigators were able to tie his involvement in the attacks, followed by leaked data and digital fingerprints, which further connected Kirtaner to the crime.
On a Discord server that Kirtaner ran for several years, which was linked to his 420chan community, he bragged about being the one to supply the exploit that would later be used against Epik’s servers. According to a Discord post back in September 2021, Kirtaner wrote: “OH I GAVE THE CHILDREN THE SQLI EXPLOIT VULN GAB CODE ALREADY,” followed by “when it hits you’ll never see it attributed to me but… epik hosting’s f—ed.”
A search warrant was issued for the residence by the Provincial Police in Ontario, containing 20 terabytes of data, where he admitted responsibility for gaining root access to Epik’s network, including its virtual machines, web domains, and customer information in email correspondences.
Additionally, law enforcement seized a solid-state drive from his residence, which contained a file folder entitled “EpikFailYouLostTheGame”. This contained personal data, as well as information associated with the Texas GOP website.
By January 2022, Kirtaner seemed very aware that he was being investigated by law enforcement over the GOP hack. In a Discord post, he said, “fbi agents reading my discord logs,” defending his reasoning behind his hacking activities as political activism against far-right extremism. This is referenced in an FBI affidavit, but the full context of the statement is not publicly available.
In spite of the criminal charges he’s now facing, I don’t believe for one second that a harsh outcome will deter him from hacktivism in the future, even if he has to wait five years. In fact, if that happens, I feel this is only the beginning of his story, despite his long-standing past as an OG in the hacker community.
If prison is the outcome, I am predicting that he will see the advantage of his incarceration by becoming the ultimate insider, and experience the oppressive, totalitarian world of the US federal prison system, which will ostensibly give him a new purpose.
Your email address will not be published. Required fields are markedmarked