Robert M Lee, the CEO of cyber security company Dragos, recently found himself in a precarious situation. A criminal hacking group had gained access to Dragos’s employee email account and threatened to release the company’s data unless a ransom was paid. But Lee refused to negotiate, prompting the hackers to escalate their tactics. They managed to find personal information about Lee’s son, including his passport, school, and telephone number. The message was clear: pay up or put your family at risk.
According to several western cyber security professionals, online threats have become increasingly real in recent times. These professionals are often called in by companies to combat hacking groups, but they themselves have become targets. In Lee’s case, the criminal group that targeted him was known for “swatting” – a dangerous practice where someone falsely reports an armed attack, leading to a SWAT team being dispatched to the victim’s home.
The threats faced by cyber security professionals are varied and inventive. For example, one Ukrainian hacker sent a gram of heroin to the home of Brian Krebs, a journalist turned cyber security analyst. They even went so far as to have a florist deliver a giant bouquet in the shape of a cross to Krebs’s home. Other victims have been instructed to send money to the bank accounts of cyber security professionals in an attempt to frame them. In another case, a North Korean hacking group posed as security researchers on LinkedIn and sent malware disguised as an encryption key to their contacts.
Charles Carmakal, the CTO for Mandiant Consulting, which investigates major breaches, including those at the State Department and other US agencies, emphasized the need for cyber security professionals to prioritize their own safety. He mentioned that he avoids visiting certain countries due to his outspokenness about offensive operations from those nations. The ability of criminals based in eastern Europe, China, or North Korea to target professionals in western countries highlights the transnational nature of the cyber security industry, which profits billions of dollars from its victims.
Carmakal also noted that these threats often come from criminal groups rather than governments. These groups consist of young individuals with no rules of engagement and an unlimited amount of free time. They bring real pain to their victims and make the threats feel very tangible.
The situation is even more alarming for professionals outside the US. One researcher, who chose to remain anonymous, described coming home to find his house meticulously searched by well-trained individuals. They disabled his home security system but missed a nanny-cam his wife had placed in the living room. Prior to this incident, he had identified a Russian government agency responsible for an espionage operation against a Nato government’s email systems. As a result of the search, his bank account was hacked, his company’s tax documents were altered and released on the dark web, and his family photographs were traded as trophies among hacker networks.
Another researcher from a different eastern European country shared a similar experience. He was followed on a skiing trip, received threatening phone calls, and had to deal with the fallout after his wife received doctored pictures of him with a female employee. This researcher described the situation as textbook harassment and extortion.
Cybersecurity analysts try to avoid provoking or mocking the hackers they identify, focusing their reports on the technical aspects of the breaches. Some, like Rafe Pilling from SecureWorks, protect their junior employees by acting as the face of the organization.
However, some analysts have warned that the involvement of western companies in Ukraine’s cyber security exacerbates the situation. Ukraine has faced relentless and sophisticated cyber attacks, and these analysts fear that someone may eventually lose their life as a result.
In conclusion, cyber security professionals are facing increasingly real threats as criminals target them personally in response to their efforts to combat hacking groups. The transnational nature of the industry allows criminals from various countries to target professionals in western countries. These criminals, often young individuals with no rules of engagement, bring significant harm to their victims. It is crucial for cyber security professionals to prioritize their own safety and take precautions to protect themselves and their families.