Cybercrime and Hunting Cyber Criminal's

The author, Vinny Troia, has tracked threat actors across the Internet for several years now, culminating in the unmasking of one of the primary members of a cybercrime group called The Dark Overlord, that’s been stealing organizations’ data and selling them on the black market since 2016. 

The group later changed their tactics to terrorizing victims with all kinds of threats and extorting them for money. 


Vinny spent two years following this group, culminating in the attribution of 36 shared aliases to its three core members, Chris Meunier, Dennis Karvouniaris, and Nathan Wyatt, who has since been arrested and extradited to the US for trial. 


The book takes us through a maze of deception spanning social media, black hat forums, to underground cybercrime markets. Along the way you learn about network discovery methods, psychology, people searching, geolocating, data mining, and OSINT automation techniques. 


Rather than just a laundry list of tools, the author generously shares his arsenal of methods and the process he used to track down targets. This is so much more helpful than a lot of guides and manuals out there that don’t really focus on the mental workflow and the how of getting from point A to point B in an investigation. 


He also scatters gems of wisdom from a dozen other experts like John Strand, Leslie Car hart, and Chris Hadnagy. 


Their commentaries are often personalized, real-world experiences you’ll be hard-pressed to find in other places. You learn a bit about the hacker mindset as well as reading through Vinny’s investigative journey. 


He describes himself as a “puzzle junkie”, who’s relentless when it comes to finding answers to complex problems, even if it means sleepless nights awake in the morning cranking away at something. This attitude is key for professionals in the cybersecurity field since a lot of the work is troubleshooting and solving problems, which usually involves seriously grokking how a system works, from its computer network to its social network components


Take offense and defense, for instance. Offensive cyber is about understanding what the rules of a system are, then figuring out a way to circumvent them. 


Defensive cyber is the same, except with the extra burden of having to understand the mindsets of your adversaries too, along with possible ways to circumvent them. 


Another part of the book I appreciate is its pragmatic approach to explaining cryptocurrencies. Unlike all the media out there discussing whether or not some coin’s value is going to the moon or all the technical wonders of distributed ledger technology, the book focuses on the investigative aspects of cryptocurrencies when they’re used in economic transactions for scams and cybercrime markets on the darknet. 


Tracing these transactions to find out which entities own which wallets is essential to tracking the people in the online underground. 


What’s interesting about digital investigations is that they can be remarkably similar to those in the offline world. Real investigations are dirty since you’ve gotta build a web of aliases and deep cover stories for each. 


High-fidelity threat Intel comes from actively working your way into cybercrime groups as a trusted insider, to gather more information. Direct communications with threat actors can reveal valuable intelligence on their modus operandi and internal structures. 


This might bring you into gray areas since the people you’re collaborating with usually value money over moral or legal boundaries and expect you to do the same. 


If you don’t play the game, you’ll be discovered and outed as an investigator. It’s just like the drug gang that makes everyone involved partake in the drugs, to try and sniff out any feds. 


But just as how advanced persistent threats or APTs can eventually penetrate a computer network, this book shows us how an advanced persistent investigator can do the same on a target. If you’re patient and resolved, cybercrime networks slip up from time to time and reveal vulnerabilities too


Once you’ve latched on, cybercriminals will often give away the greatest clues about their identities simply out of fear and self-preservation. Which is exactly what ends up happening towards the end of Vinny’s marathon. 


When it comes to cyber investigations, there are a few main themes he unveils for readers. The first and foremost is that vanity always trumps OPSEC. Cyber folks spend a huge amount of time learning and perfecting their craft.


The desire for respect among a community of peers is an undeniable part of the lifestyle. This holds true whether you’re on the right side or wrong side of the law. It’s hard not to like attention and recognition for your work, whether you’re a script kiddie or a time-seasoned professional. 

Young aspiring hackers engaging in cybercrime may find it more difficult to avoid bragging about their exploits online and might be more willing to vocalize their activities to journalists. 


The second theme is the importance of having access to a deep, rich pool of historical data as the foundation of any successful investigation. 


The nature of the Internet is that identifiers like domain names or IP addresses inevitably change over time, so researching current data is guaranteed to miss clues, especially if your cybercrime target is actively cleaning up their past and hiding their tracks with disinformation. 


However, people do leave trails of their activities going back years and decades, since it’s hard to practice operational security when you’re a newbie just starting to learn about it. When this historical data gets stitched together, you can contend with even the most skilled researchers out there.

 

Oftentimes, access to this data isn’t for free and you need to pay for premium datasets to get historical stuff like website registrations or their snapshots overtime. 


When you do stumble across something like a private picture or message, it’s always important to keep meticulous documentation for future reference, since it may not be there later. The third theme is to never rely on a single technique to obtain answers. You might get lucky with even outdated tools that have never produced good results. 


Anything from a recycled profile icon or username can be a valuable piece of the puzzle in an investigation, so you want to exhaust everything at your disposal to draw out more Intel. Cybercrime pays well; very well actually, but only for a short period of time since it’s really hard to execute your online personas flawlessly and compartmentalize everything. 


Building a meaningful operation requires enlisting a team of people to work with you, which requires trust. Trust is most vulnerable when stakes and emotions run high. Jealousy, betrayal, and feuds happen among black hat circles too, which often leads to their downfall. 


One aspect of the book I kind of wished was included is some kind of advice for younger kids trying to learn more about cyber Oftentimes, it’s the black hat communities that are their gateways into this field, which always creates opportunities for going to the dark side and getting involved in more serious cybercrime activity. 


I certainly got started out on the wrong foot in the hacking scene, a long long time ago, before eventually making my way to the light side. 


Mentorship, both formal and informal, can help steer people in the right direction towards creative productivity rather than creative thievery and destruction. One thing I’m curious to see is the fallout of cybercrime behavior in the years to come since this book definitely reveals a lot of sources and methods used. 


While it raises the bar to be a cybercriminal, it also raises the bar for investigators too, as people adapt to their tradecraft accordingly. It’s the cat and mouse game we’ll never see an end to. So that’s it for my thoughts on Hunting Cyber Criminals. 


All in all, go grab a copy of the book for use as a desk reference. I’ve learned a lot of valuable lessons from it and hope that you will too. Thanks so much for reading, 

Post a Comment

Please do not enter any spam link in the comment box.

Previous Post Next Post