The Teen Hacker Who Threatened FBI Agents

"Allison Nixon is gonna get necklaced soon"

The death threats started appearing in April 2024. Anonymous users calling themselves "Waifu" and "Judische" began posting gruesome messages on Telegram and Discord, targeting cybersecurity researcher Allison Nixon.

"Decerebration is my fav type of brain death, thats whats gonna happen to alison Nixon," one message read. Soon, AI-generated nude photos of Nixon appeared online. But why was this 25-year-old hacker suddenly obsessed with a researcher he'd never met?

Nixon works as chief research officer at Unit 221B, a cyber investigations firm named after Sherlock Holmes's apartment. For over a decade, she's built a career tracking cybercriminals and helping get them arrested—particularly members of a loosely affiliated group of anarchic hackers called the Com.

The Teenage Cyber Empire

Most people have never heard of the Com, but cybersecurity experts consider it as dangerous as state-sponsored hackers from China or Russia. The difference? No rules, no limits.

"There's only so far that China is willing to go; there's only so far that Russia or North Korea is willing to go," explains one longtime cybercrime researcher. International laws and fears of retaliation constrain nation-states. The anarchic Com faces no such restrictions.

What started as teenagers launching simple DDoS attacks has evolved into sophisticated operations targeting AT&T, Microsoft, and Uber. During the pandemic, membership surged as isolated kids moved online for schooling. Some formed even more extreme offshoots like 764, accused of animal torture, stabbings, and school shootings.

The financial stakes have exploded too. Court records show Com-affiliated groups have stolen millions of dollars through cryptocurrency theft, ransomware, and corporate data breaches.

Birth of a Hacker Hunter

Nixon stumbled into this world by accident. In 2011, working night shifts at security firm SecureWorks, she simply googled "hacking forums" and found Hack Forums.

"It was really stupid simple," she recalls. To her amazement, hackers were openly discussing their crimes. When she mentioned the site to a colleague, he dismissed it as a place for "script kiddies"—unskilled wannabes.

But Nixon saw something others missed. These "kids" were making operational security mistakes, dropping personal details in chat logs—the city where they lived, schools they attended, places they worked. She realized she could piece together these breadcrumbs to unmask their real identities.

"A lot of people don't like to do this work of reading chat logs," she says. "Maybe my brain is built a little weird that I'm willing to do this. I have a special talent that I can wade through garbage and it doesn't bother me."

When the Hunter Becomes Hunted

In April 2024, Waifu's group pulled off their biggest heist yet: stealing over 50 billion call records from AT&T customers stored in Snowflake cloud accounts. Among those records were phone numbers belonging to FBI agents.

The hackers likely used reverse-lookup tools to identify people the agents called—including Nixon. That's when the harassment began.

But then they got reckless. After extorting nearly $400,000 from AT&T, they tried to squeeze more money out of the telecom giant. They posted threats on social media to leak the stolen records—and tagged the FBI in the post.

"It's like they were begging to be investigated," Nixon says.

The Unmasking

Nixon had actually tracked Waifu before, back in 2019 when he bragged about framing another hacker for a bomb threat. She remembered him as technically skilled but "immature, impulsive, and emotionally unstable." He boasted about staying awake for days using Adderall to hack through the night.

Her investigation method was methodical: draw a large circle around the target and all associated online personas, then narrow it down by studying their interactions. The best intelligence often came from unexpected sources.

"The enemies and the ex-girlfriends, generally speaking, are the best [for gathering intelligence]," she says with a laugh. "I love them."

Meanwhile, Waifu was conducting his own counterintelligence operation—something Nixon had never seen cybercriminals attempt before. He reached out to other researchers, trying to gather information about Nixon while planting false clues about his identity.

By July, Nixon was confident: Waifu was Connor Riley Moucka, a 25-year-old high school dropout living with his grandfather in Ontario.

The Takedown

On October 30, Royal Canadian Mounted Police arrested Moucka at his home. Nine days earlier, a plainclothes officer had visited under false pretenses to secretly photograph him and confirm his identity.

Moucka answered the door looking disheveled: "You woke me up, sir." He gave his name as Alex—he sometimes used the alias Alexander Antonin Moucka.

Prosecutors charged him with nearly two dozen counts, including conspiracy, computer intrusion, extortion, and wire fraud. They allege he and associates extorted at least $2.5 million from Snowflake breach victims. Moucka pleaded not guilty and was extradited to the US last July.

The court filings reveal disturbing details beyond the threats against Nixon. Moucka allegedly posted about becoming a serial killer, mass-mailing poison pills to Black people, and obtaining firearms to "kill Canadians."