At 10:55 a.m on April 30, 2021, all television screens and classroom projectors in six schools in Cook County, Illinois, began monitoring. Screens that were off turn on. Projectors that were already on were automatically switched to HDMI input. “Please wait for an important announcement,” read a message that flashed across the screens. A five-minute timer, counting down to zero, sat below the ominous message.
A teacher in a classroom tried to turn off the projector with the infrared remote, but it was useless. “They advanced on our projector,” the teacher, caught on video, told the students. The group speculated that it could be a message from President Joe Biden, otherwise known as “big brother.” The same scene was being repeated in dozens of classrooms in the 12,000-student Illinois School District 214. In the classrooms and hallways, more than 500 screens showed the countdown. The system had been hijacked.
In the corner of a classroom was Minh Duong, a senior about to graduate. Duong sat pouring over his laptop, chatting with three other friends (Shapes, Jimmy, and Green) in the Encrypted Messaging Element, making sure the last of his custom code was running properly. As the countdown hit zero, a grainy, swirling Rick Astley burst into the opening notes of “Never Gonna Give You Up.”
“I was walking down the hall and everybody was kind of laughing, it was kind of funny to see,” Duong, who also goes by the moniker WhiteHoodHacker, tells WIRED. Later that day, at 2:05 p.m., Duong and his friends took over the schools’ public address systems and played the song one last time.
The elaborate high school graduation prank, dubbed The Big Rick by its architects, was one of the biggest ever, and took months of planning. “I was actually very hesitant to do the whole district,” Duong says.
In the process, the group broke into the school’s computer systems; repurposed software used to monitor student computers; discovered a new vulnerability (and reported it); they wrote their own scripts; they secretly tested their system at night; and managed to avoid detection on the school network. Many of the techniques were not sophisticated, but virtually all were illegal.
Minh Duong started hacking his school during his first year when he was about 14 years old. “I didn’t understand basic ethics or responsible disclosure and took every opportunity to break something,” he writes in a blog post describing the rickroll. (Duong recently introduced Big Rick at the Def Con hacker conference, where he revealed new details about the incident.) During his freshman year, using a computer in a closet next to the computer lab , began scanning the school’s internal network, looking for connected devices, eventually laying the groundwork for the rickroll years later.
Duong, now 19, says he was able to access Internet-connected security cameras throughout the school, and posted a photo of himself in his eventual blog post. (He says the problem was reported and access was shut down, and he was caught and told to stop scanning the school network.)