简体中文
Security researcher Liam O'Murchu lives a double life. And sometimes a triple life. Now and then he divides himself even more thinly.
Living multiple lives is part of his job with security firm Symantec, which also involves being a covert part of the forums, chat boards and discussion rooms that comprise the net's underground economy.
It is there that deals are done that lead to companies being hacked, websites knocked offline and booby-trapped emails spammed out to millions.
Exploit kits are bought and sold, allowing less proficient attackers to pay their better-skilled brethren for access to tools that make it simple to hunt out and infect vulnerable victims,
"You can see what tools are being released, what people are interested in, how they are making their money and maybe politically how they are motivated," he said.
The monitoring encompasses all levels of cyber-crime - from sites that cater for beginners and unskilled "script kiddies" to the higher-level groups where the pro criminals gather.
It's in these that Mr O'Murchu and his colleagues exchange banter with other members to gather information that can help when a big attack is under way or a novel threat hits lots of the PCs that Symantec is helping to protect.
Dutch police infiltrated and then closed the Hansa web marketplace
For instance, he said, if 500,000 machines are enrolled overnight into a botnet - a network of hijacked PCs that can be used to spread spam or conduct other types of computer crime - he will dig into the incident and find out how they were caught out.
"If we discovered that it was distributed via spam, via web exploit packs and compromised websites, we might discover that those compromised websites were actually sold in the underground," he explained.
"Then we'll go and find out who is selling them, how you pay for them and how you sign up."
The result might mean Symantec stops the malware spreading or develops defences that can guide customers to protect themselves.
Hiding out
Mr O'Murchu has seen many changes ripple through the underground in the years he has been immersed in it - many of them in response to action by law enforcement that took down sites or led to arrests.
A big change occurred last year, after Russian police arrested 50 people thought to be behind several large malware campaigns.
It turned out, he said, that they also ran and sold an "exploit kit" that gave subscribers access to a large and growing library of software vulnerabilities that could be used to gain access to a lot of different companies.
"We believe that the businessman behind that group had been buying exploits to put into the packs," he said.
The wave of arrests "spooked" the businessman backer, who promptly disappeared and took his wallet with him.
"That took a lot of the money out of the community, so now we don't see so many exploit packs being used," he said.
The packs still available sell to the professional criminals who pay up to $10,000 (£7,700) a month to get a steady stream of software bugs they can exploit for their own ends - be it to inveigle their way into a target organisation or to make malware even more effective.
(BBC)
