GET THE FREE NATIONAL CYBER SECURITY APP FOR YOUR PHONE AND TABLET
THE internet is sometimes described as the Wild West. And in this metaphor, Ken Westin is the biggest sheriff in town.
He’s a professional cyber stalker who tracks down criminals using the trail left by their digital fingerprints.
“I’m a hunter,” he told news.com.au. “I like looking at data and drawing a connection.”
According to Mr Westin, every contact a person has with a computer device leaves a trace and he’s developed a range of tools that harness techniques such as Wi-Fi geolocation and data mining to suck up the information and use it to track them down.
Last week he gave a talk detailing his style of cyber vigilantism at the 2015 DEF CON Hacker conference. He named his seminar “confessions of a professional cyber stalker.”
It might seem like an unflattering label at first but it’s one that he’s adopted enthusiastically as he uses his power for good. For Ken Westin it’s all about “making the internet a safer place.”
People in his line of work spend a lot of time on the dark web. “We can think like a criminal and that helps us get them,” he said.
There’s a sea of data floating around the digital world and Mr Westin uses an array of open source software, specifically designed malware and hardware built into computer devices to collect it and track down targets.
Malware, such as computer viruses and Trojans, are used almost unanimously for nefarious purposes to infect computer devices to enrich their creator. But he’s turned that notion upside down and enjoys every minute of it.
“I have a knack for it,” he admits.
Mr Westin founded a small start-up company called GadgetTrak. The company focuses on finding ways to booby trap laptops, smartphones and other devices.
A person can download a certain type of program and activate it remotely if their device is stolen. At that point, the tech would kick in and gather streams of data.
In his role at GadgetTrak he would frequently work with law enforcement agents to stalk a target. “Sometimes law enforcement get a little lazy, or simply don’t know how to (track the devices),” he said.
He once tracked a stolen laptop 3,000 km from Oregon to Missouri. The person who ended up with the computer changed the device’s username which Mr Westin was able to gather, among other information, by using the software.
He then found the man on MySpace found out what he was interested in, tracked down a photo of his car with the licence plate number and eventually went to police with a bevy of data. Police moved on the man and ultimately discovered a crime syndicate that would load a truck full of stolen goods in Portland and drive it to Missouri to exchange them.
One of the most successful tools he’s helped develop is a search engine to mine photos for the raw date hidden in them.
Most camera brands such as Canon, Nikon, Kodak and Pentax embed the serial number of the camera in the metadata of the photos. This information remains in the photos posted online to certain picture sharing sites such as Flickr or Twitter.
Facebook removes the data from the online photos but still keeps it, and has access to it.
In one case a professional photographer named John Heller had his $9,000 camera stolen. Weeks later, Mr Westin identified photos on Flickr posted by another professional photographer that contained the camera’s serial number. That person had bought it from a guy on eBay, who had himself bought it from a guy on Craigslist. “When police went to his house, they found it was full of stolen gear,” Mr Westin said.
These days he works for a company called Tripwire in a role which his colleagues refer to as a “cyber criminologist,” he said.
While he spends a lot of his days chasing digital bad guys, he holds a certain level of respect for their craft.
“Sometimes I find these things and I’m not even mad,” he said. “I’m amazed at the level of ingenuity of some of these hackers.”
For his part, he is glad he lives in a country where he can use his skill set for good, practical purposes. But he feels for those in other countries who don’t have the same opportunities.
“It’s not meant to be malicious,” he said of most hackers. “At the end of the day it comes down to providing for their families … There has to be a level of empathy there.”
As the world becomes more and more digital, the greater the need is for people in Mr Westin’s line of work.
According to him, the digital universe has doubled every two years and may increased 10-fold between 2013 and 2020 from 4.4 trillion to 44 trillion gigabytes.
The bigger the playing field, the more likely there’ll be those looking to exploit it. And that means more work for the sheriff.
“There’s definitely job security in security,” he said.