They're out there, says security researchers: the Chinese hackers attempting to break into U.S. enterprises, and jihadist terrorists that brazenly post videos of sniper killings, while stealing credit-cards to launder money for funding nefarious campaigns in Mideast or Caucasus hot spots.
It's just a matter of finding them, and Dell SecureWorks researcher Joe Stewart described at the RSA Conference this week how he caught one by laboriously collecting information related to a Chinese hacker. He's calling the incident the "Sin Digoo Affair" after the misspelling of San Diego in Internet domain registrations under the fake name of "Tawnya Grilth" that he saw over and over again, which was but one clue, including many others such as malware signatures, he followed in his quest to track down an attacker based on a case of industrial espionage and botnets.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Don't look now, but your antivirus may be killing your virtualization infrastructure. InfoWorld's Matt Prigge shows you how to detect the warning signs. ]
"We know we have a set of domains exclusively used for espionage activity," says Stewart. After months of sleuthing, Stewart managed to link the email firstname.lastname@example.org used to register those domains to a multitude of other clues to follow a trail that led him to believe "Tawnya" is a Chinese hacker whose probably part of a group promoting SocialUp.net, a site that accepts payment, including PayPal, for delivering "artificial likes, often through bots" so people can get promoted on Facebook.
More: What's hot at RSA 2012
Tracking this laboriously amassed evidence, including known Chinese hacker websites, Stewart thinks he has identified the espionage hacker he set out to find through his real Chinese name. Undisclosed publicly, this name and what's known about him has been turned over to the FBI, though the outcome of any meaningful prosecution of espionage activity through China may at the moment be slim. Still, Stewart wants to make the point that criminal activity related to bots can be investigated, though he emphasizes what he's found is simply evidence of an individual's activity.
Another session at RSA talked about what jihadist extremists are doing today on the Web and how they launder money for terrorist causes. Mikko Hypponen, chief research officer at F-Secure, says he spent time combing the Internet to find evidence of what extremists, mostly Arab speaking but also Chechens from the Caucasus who have made terrorist attacks on Russian civilian targets, are doing in terms of sophisticated use of technology online.