They are out there, says securityresearchers: the Chinese hackers trying to break into U.S.enterprises, and jihadist terrorists that brazenly post videos ofsniper killings, although stealing credit-cards to launder money forfunding nefarious campaigns in Mideast or Caucasus hot spots.
It is only a matter of detecting them,and Dell SecureWorks researcher Joe Stewart described at the RSAConference this week how he caught one by laboriously gatheringinformation related to a Chinese hacker. He is calling the incidentthe "Sin Digoo Affair" after the misspelling of San Diegoin Internet domain registrations under the fake name of "TawnyaGrilth" that he saw above and above again, which was but oneclue, having many others such as malware signatures, he followed inhis quest to track down an attacker depended upon a case ofindustrial espionage and botnets.
Tracking this laboriously amassedevidence, having experienced Chinese hacker websites, Stewart thinkshe has identified the espionage hacker he set out to detect via hisactual Chinese name. Undisclosed publicly, this name and what isexperienced about him has been turned above to the FBI, while theoutcome of any meaningful prosecution of espionage activity throughChina may at the moment be slim. However, Stewart needs to create thepoint that criminal activity related to bots can be investigated,while he emphasizes what he has detected is easily evidence of anindividual's activity.
Another session at RSA talked aboutwhat jihadist ultras are doing today with the Web and how theylaunder money for terrorist causes. Mikko Hypponen, chief researchofficer at F-Secure, tells he spent time combing the Internet todetect evidence of what extremists, mostly Arab speaking but evenChechens from the Caucasus who have created terrorist attacks withRussian civilian targets, are doing in terms of sophisticated use oftechnology online.
"My first impression is high-techterrorists don't exist," said Hypponen in a media briefingtoday. But later considerable online research, his view has altered.He has detected evidence of a growing amount of interest intechnology, encryption and hacking in online jihadist publicationsthat now have topics such as an "Open Source Jihad" sectionto "Technical Mujahaden" which tells how to hide filesusing rootkits and steganography.