After watching a YouTube video a few nights ago
about how one particular hacker uses HUMINT to infiltrate jihadist websites and
his opinions about a certain other hacker that uses a different approach in the
war against these same jihadist, I decided to write a little something about
it. For now I’ll just call them hacker 1 and hacker 2 (in no particular order).
This will be a non-technical article and concise, so don’t nitpick, just get
the main points.
Before I start, I am making the assumption
that hacker 1 and hacker 2 are not involved with the government in any way,
like being directly connected to them through orders, pay or by any other
means. As far as I am concerned, these two hackers are freelance, doing what
they are doing for the love of our country and the safety of its people, both
here and abroad.
Hacker 1’s MO is to develop various online
identities using his knowledge of the Arab language and culture, the finer
points of the Koran and lower level contacts he has made over several months.
Hacker 1 then uses all of this cyber cred to infiltrate jihadist based
websites, slowly gaining their confidence in hopes that he can get close enough
to some of the power players on these sites, in hopes of gleaning some information
that may be of use to the federal authorities.
Now this kind of intelligence gather is
extremely difficult to pull off, taking a good amount of dedication, knowledge
and patience, but the payoff can be worth it if the bait is taken and hacker 1
is welcomed into one of these jihadist communities. However, even though
extreme measures are taken to infiltrate one of these sites, success is, by no
means guaranteed. Hacker 1 may spends months trying to get accepted into one of
these tight-knit online communities, only to find out that this particular
group is just of bunch of big mouths, doing nothing but bloviating about the
acts they would like to commit, without any real commitment or funding to
actually follow through with any kind of threats made.
A dead end, so start all over again or maybe
use this same persona to try to move into another site that is actually serious
about the acts they intend to commit. Either way, it’s still just another shot
in the dark (albeit an educated shot) in the hope of finding some real
actionable intel. (I’m not even going to go into how some real actionable intel
can be transferred to federal authorities, making sure it gets to the right
people so it can be acted upon, that’s beyond the scope of this article.)
So, hacker 1 spends a tremendous amount of
time and resources just trying to get in the front door of some of this sites,
without even knowing if he’s is going to gain any type of information that can
be used to thwart an attack or operation, although with proper recon, he will
have a fairly good idea if he’s on the right track. But, when he does hit pay
dirt, this kind of intel can be useful in many ways and, in the end, could
possibly prevent another tragic terrorist attack.
Risk = low.
Reward = potentially high.
Success = somewhat random.
Now hacker 2 has just as much desire to have
the same effect as hacker 1, he just goes about it in an entirely different
manner. His method is much more direct and technical, but that does not mean
that his research is any less taxing. Understanding the language, the culture,
the intent behind certain website and forums is just a crucial in his targeting
as it is for hacker 1, so we are already seeing some similarities between the
two right from the start.
Hacker 2, some would say, takes a more heavy
handed approach, though no less elegant, when it comes to dealing with these
same sites that deal in hate and destruction. Hacker 2 will do a lot of the
same research as hacker 1, finding people have these fundamentalist ideas and
trace them to the some of the same sites that hacker 1 is targeting. However,
once these sites are identified, the research of both hackers diverge, in that
hacker 2 will start analyzing the technical aspects of the site, like who is hosting
the site, what operating system they are using and then researching the
vulnerabilities that will allow hacker 2 to breach the site, gain information
about the users of a particular site, then, ultimately taking it down
permanently or getting them kicked off the hosting domain.
Now even with some of the same research techniques
that hacker 1 uses, success is by no means guaranteed, however, leveraging some
of the new tools available on the web, hacker 2 can make some logical
assumptions that hacker 1, while using these same new methods, must further
study before actually deciding whether or not to pursue some of these same sites,
just purely due to the extraordinary time hacker 1 has to invest in a target. A
decided advantage for hacker 2 as far as target selection goes, in that he can
be relatively sure that his target is involved in some nefarious activity and
act out on that intel in a rather shorter life cycle.
However, even though hacker 2 can strike more
quickly and more decisively, the risks are much greater, in that most of the
time hacker 2 is attacking a system directly, thereby exposing himself to
discovery and ultimately being ‘made’ or his true identity being discovered,
with the possibility of criminal charges, death threats or both.
Risk: High.
Reward = potentially high.
Success = somewhat random as well.
As I said in the beginning, both hacker 1 and
hacker 2 have many of the same goals in mind, which is a credit to both of
them, however, there are those times when both of their paths cross,
unbeknownst to either of them. For instance, hacker 1 has spent months gaining
access to a particular site, only to find out, that within a few weeks’ time,
hacker 2 has targeted this site and subsequently takes said site down. Now
hacker 2 had no idea that hacker 1, a member of the site, was infiltrating this
site, but by taking the site down has destroyed months of work by hacker 1. And
thus, an animosity develops, even though nothing was intentional as neither of
them were aware that they were both targeting the same site, through different
methods.
At the outset, hacker 1 and hacker 2 don’t
know each other at all, but because hacker 2’s approach is much more
straightforward, hacker 2 can announce the particular site he has taken down
and on the internet, it doesn’t take long for hacker 1 to realize who just blew
his op, unintentional or not. I’m no hacker by any stretch of the imagination,
but people are people and when someone thinks they have been slighted, then
tempers flare, words are exchanged and suddenly, two people who are on the same
side are now having issues with one another, even though neither of them even
know each other or what their overarching goals are.
So what’s the solution? Seems logical to me,
just talk to one another. Both have the same goals, just use different
techniques to achieve their goals. They don’t have to know each other, or even
like each other, but in order to avoid the type of overlapping that can occur,
especially with such a limited target field, communication is a must.
Two sides of the same coin…