Prepare to feel old. The latest computer hacker to generate a national controversy isn’t a rogue CIA employee or even a college student at MIT. He’s 12 years old—and he just changed the way we think about our security online. But Jeremy Baxter didn’t steal NSA secrets or embezzle from a hedge fund; his aims were higher. Nine years short of his 21st birthday, the computer whiz decided he was going to try to visit budlight.com.
Nope, you didn’t read that wrong. Jeremy set his sights on the strictly adults-only official home page for the alcoholic beverage Bud Light. But even more amazingly? He pulled it off.
“It was easy,” Jeremy says, with the nonchalance of a seasoned pro.
The budlight.com official home page, as with all websites for alcohol and tobacco products, is secured by a seemingly impenetrable age verification protocol that requires all users to manually input their age in order to prove they’re over 21—and thus legally able to look at pictures of beer, beer logos, and related merchandise.
But budlight.com never counted on Jeremy. A self-taught prodigy, Jeremy was immersed in the world of computers at an early age, from using his family’s computer to talk to friends and complete schoolwork to receiving his own personal laptop for his 10th birthday. “I like hanging out on the internet; it’s fun,” he told us—in a bit of an understatement.
So, how did he bypass the age gate? Well, you’d have to ask the wunderkind himself: “Basically, I moved the year down to make it seem like I was older than I was.”
“I thought it would be suspicious if it said I was exactly 21, so I changed the month and day too. I made sure not to even use my real birthday, just in case they were tracking it.”
If this sounds confusing, you weren’t the only one caught off-guard.
“It was like something out of The Matrix,” said Bud Light chief digital security officer Sharon Odell. “We could see that Jeremy’s IP address was visiting budlight.com and pumping out multiple page views, but we couldn’t figure out how he bypassed the age gate to begin with.”
With the Bud Light internal security staff scrambling to figure out what was going on, Jeremy was free to do something other kids his age only dream about—check out Bud Light’s line of spin-off beverages, watch a few streaming commercials, and even get some of the details about an NFL-sponsored sweepstakes. “You had to be 21 to enter that too,” said Jeremy. Not that it would’ve stopped him.
What this means for all of our online security remains to be seen. Will this affect the freedom of law-abiding adults to interact with their favorite beer brands online?
“We definitely need to assess the situation and make some changes,” says Odell, who has already introduced further measures, like adding an “Are You Sure?” button after users input their age. “Although we should’ve known something was up when he said he was born in 1904.”