40
forums. Among these white hat hackers are cybersecurity
experts Alex Heid and Shawn Cozzolino.
Both cyber spies have colorful backgrounds.
Heid is the chief security officer at SecurityScorecard,
a company that provides cybersecurity ratings
for organizations worldwide. Cozzolino—whose
resume includes a stint as a counter-terrorism
expert at U.S. Homeland Security—is the surveillance
and human intelligence team lead in the
Counter Threat Unit of Secureworks, which protects
customer networks and information assets
from cybercrime.
“Our team here at Secureworks is all former
military and intelligence professionals,” Cozzolino
says. “We’ve created personas that we’ve built up
over many years to gain a reputation as legitimate
black hat hackers in the underground community.
This way, we can engage in discussions with threat
actors in forums in Russia, Europe, and the Middle
East. Over time, we build up a rapport.”
The world in which they operate is a deeply layered
labyrinth. But, if approached correctly, it can
reveal vital intelligence to scores of individuals and
organizations. So how do these white hat hackers
go about it?
“IT’S LIKE CATFISHING”
Like Cozzolino, Heid took years to create his darknet
facade. “Any time I had access to a computer in
my software coding class in high school, I hacked
it to leverage information to help me do better in
class,” he says. “Back then, in the ’90s, hacker
culture wasn’t about theft or destruction. That
came later on when criminal groups began using
hacking methodologies to steal data and shut down
networks.”
Heid attended Barbara Goleman Senior High
School, a Florida-based technology school that
had one of the few high-speed broadband internet
connections at that time. “Every other school in
the area had dial-up,” he recalls. “Given my tinkering,
my teacher eventually made me the unofficial
systems administrator in the lab. I guess you could
say I’ve always been a white hat hacker.”
In 2008, Heid and his friend, James Ball, created
HackMiami as a physical hacker space. Ball had
become famous in hacking circles for infiltrating an
online Al Qaeda forum, while Heid had earned cred
for hacking the stealthy Zeus botnet in Russia.
Today, HackMiami is an annual conference that
brings together hundreds of the sharpest minds in
the digital underground and information security
world—an eclectic mix of white hat hackers, black
hat hackers, spammers, law enforcement, military
and threat intelligence analysts, and security
recruiting firms.
Both Heid and Cozzolino describe the work they
do as intelligence gathering. “It’s like ‘catfishing’
on a dating app, where a person creates a fake
profile using a photo of someone else who is a lot
better looking,” says Cozzolino, with a laugh. “You
start slowly, laying your bait by pretending you’re
just another threat actor. In earning credibility with
the cybercriminals, patience is key. Gradually, you
gain the trust of the real threat actors.”
Hesitant to share the trade-craft methods he
uses to build a reputation, Cozzolino compares
what he does to being an undercover detective.
“You’re in the field acting like a low-level drug dealer,”
he explains, “talking with real drug dealers with
the ultimate goal of finding the kingpin.”
Heid doesn’t divulge specifics of his persona-building
approach either, other than commenting
that it took years to cement his credibility. He
started out in the early 1990s by attending textbased
hacker forums in internet relay chat rooms,
then graduated to underground web forums on the
darknet.
“I’m now circling around spaces like jabbers,
which are encrypted chat rooms on the darknet,”
he says. “They’re tougher to penetrate, requiring a
bigger effort to hide one’s true identity.”
AMONG THIEVES
Like traditional forums on the internet, each darknet
forum typically has an administrator, a modera-