Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

What an Internet cyber thief is doing and how to catch them

The situation today with extremist groups using high-tech hacking and bots "isn't out of hand", but it could quickly get worse

Article comments

They're out there, says security researchers: the Chinese hackers attempting to break into US enterprises, and jihadist terrorists that brazenly post videos of sniper killings, while stealing credit-cards to launder money for funding nefarious campaigns in Mideast or Caucasus hot spots.

It's just a matter of finding them, and Dell SecureWorks researcher Joe Stewart described at the RSA Conference this week how he caught one by laboriously collecting information related to a Chinese hacker. He's calling the incident the "Sin Digoo Affair" after the misspelling of San Diego in Internet domain registrations under the fake name of "Tawnya Grilth" that he saw over and over again, which was but one clue, including many others such as malware signatures, he followed in his quest to track down an attacker based on a case of industrial espionage and botnets.

"We know we have a set of domains exclusively used for espionage activity," says Stewart. After months of sleuthing, Stewart managed to link the email used to register those domains to a multitude of other clues to follow a trail that led him to believe "Tawnya" is a Chinese hacker whose probably part of a group promoting, a site that accepts payment, including PayPal, for delivering "artificial likes, often through bots" so people can get promoted on Facebook.

Chinese espionage hacker identified but not prosecuted

Tracking this laboriously amassed evidence, including known Chinese hacker websites, Stewart thinks he has identified the espionage hacker he set out to find through his real Chinese name. Undisclosed publicly, this name and what's known about him has been turned over to the FBI, though the outcome of any meaningful prosecution of espionage activity through China may at the moment be slim. Still, Stewart wants to make the point that criminal activity related to bots can be investigated, though he emphasises what he's found is simply evidence of an individual's activity.

Another session at RSA talked about what jihadist extremists are doing today on the Web and how they launder money for terrorist causes. Mikko Hypponen, chief research officer at F-Secure, says he spent time combing the Internet to find evidence of what extremists, mostly Arab speaking but also Chechens from the Caucasus who have made terrorist attacks on Russian civilian targets, are doing in terms of sophisticated use of technology online.

"My first impression is high-tech terrorists don't exist," said Hypponen in a media briefing today. But after considerable online research, his opinion has changed. He has found evidence of a growing amount of interest in technology, encryption and hacking in online jihadist publications that now include topics such as an "Open Source Jihad" section to "Technical Mujahaden" which tells how to hide files using rootkits and steganography. He said he's also analyzed what he thinks is probably British intelligence counter-efforts to trojanize fake versions of these publications so that if they're downloaded, monitoring of possible terrorist activity could take place on whatever computer it's downloaded to.

Islamic terrorists stealing credit cards to fund activities

One of the biggest cases linking Islamic terrorists to high-tech operations like stealing credit cards through botnets that controlled thousands of victims' computers was that of London-based Tariq Al-Daour, sentenced a number of years ago after his gang was caught playing at the Absolute Poker site with stolen credit cards, mainly to launder $3.5 million in poker games, says Hypponen. He spent the money he stole on satellite phones, sleeping bags and lot of other gear he sent to support terrorist activity connected to Al Qaeda. He paid a Russian to build his software, Hypponen noted.

The situation today with extremist groups using high-tech hacking and bots "isn't out of hand," Hyponnen says. But there's mounting evidence that extremist groups are increasingly interested in high-tech, writing in their slick multimedia online publications about Apache, PGP, NMAP, and creating their own public crypto keys, right alongside instructions for bomb-building. He says it may be time to pay more attention to it.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *