Undercover cyber security agents pose as hackers for their clients and then leave a digital trail that attracts real cyber thieves and allows the undercover party to thwart the attack, according to The Wall Street Journal. The real cyber thieves unknowingly contact the cybersecurity firm and invite them into their circle. The cybersecurity team then informs law enforcement and is able to prevent a cyber attack.
Black Cube, an Israel-based cyber security firm, asked a bank client for access to internal data that looked like the spoils of a cyber theft. Black Cube left a digital trail giving the impression it hacked the bank’s networks. This attracted the attention of a group of would-be hackers and allowed Black Cube to infiltrate a group. Black Cube ultimately thwarted a cyber attack.
Black Cube agents try to turn hackers into informants to infiltrate hacker communities and learn new hacking techniques.
Other “threat intelligence” players include Diskin Advanced Technologies Ltd., also started by Israel intelligence veterans; Dallas-based iSight Partners Inc.; Netherlands-based Fox-IT Group BV; and Moscow-based Group-IB.
Group-IB has its undercover employees buy software that could be used to commit cybercrime to build credibility with hackers. The company says its clients include Citgroup Inc.’s Citibank, Novartis AG,Microsoft Corp, and Russia bank Sberbank OAO.
Group-IB gained access to a network of infected computers. The owner of the network was seeking hackers interested in stealing money. Group-IB engaged in a technical dialogue with this individual. The network eventually gave Group-IB limited access to the network’s control panel. Group-IB was able to come up with the real identities of some hackers.
As with regular undercover police work, cyber spies walk a fine line between fighting crime and committing it.
More established cybersecurity firms like Moscow-based Kaspersky Lab ZAO and Intel Corp.’s Intel Security Group don’t provide these services, The Wall Street Journal noted.