U.S. News


As Attacks Rise, These Security Experts Are Hunting Cyber Criminals

They use false personas cultivated over the past five to 10 years. And some of them trace problems from the cyberworld to the physical.
Posted at 6:48 PM, Jul 08, 2021
and last updated 2021-07-08 18:48:27-04

Cybersecurity expert Tyler Robinson was in an online forum, watching, when a hacker bragged about selling the data of 700 million LinkedIn users, just days ago. This is the story of people who build false identities to hunt cybercriminals, screen to screen. 

"Real trust within these groups can take a very long time, depending on the level of access and information provided to you, you're probably not going to do that within a year or even two years," says Tyler Robinson, CEO and founder of Dark Element. "Many of our personas have been cultivated and curated over the last five to 10 years." 

Even though the private sector owns and operates nearly 90% of critical U.S. infrastructure, things like pipelines and cell phone towers, American companies don’t rely on the government for protection -- they go to people like Robinson, who maintains dozens of personas. 

"It does take a lot of back story where we are providing dogs, pictures of food, different work-related topics, as well as the technical topics. You have credit cards, you've got cell phone numbers you have to maintain," Robinson says. 

The more detailed the persona, the better. 

"When we have major efforts that we're going at, we do use a screenwriting tool and the tool helps you build your characters. It helps you get into your motivation for each one. It builds a little dossier," says Chief Intelligence Officer of Treadstone 71 Jeffrey Bardin.

Bardin focuses on cybercriminals in the Middle East and Africa who may be tied to foreign intelligence services. Besides a screenwriting program, he uses translation software and personality tests. But first, Bardin builds detailed profiles of targets, like this one -- blurred for security:

"We're look at everything from age and birth date and birth location and parents' information and upbringing, schooling and education -- we'll look at their current locations, where they live, where they work. We'll look at their activities outside of work," Bardin says.

These experts have provided information on high-profile ransomware and supply chain attacks you’ve heard about in the headlines -- for both private companies and federal agencies. They’re bound by non-disclosure agreements, but share alarming trends: 

Robinson found criminals targeting products that companies often turn to for security -- like threat emulation software Cobalt Strike. Bardin traced a path from the cyberworld to the physical...

Former hackers in Iran shutting down their groups and traveling overseas under the guise of leisure. Instead he says they’re collecting information on dissidents for Iranian intelligence services. And the consequences for dissidents can be disturbing:

"Cyber disinformation, misinformation and character assassination, but eventually into physical termination. Killing somebody," he says. 

Even sharing some tactics with Newsy means Bardin will consider modifying his methods so adversaries don’t catch on. 

It’s a job that never ends.