Hackers sell out and go corporate as cyber crime becomes shift work

Question of the Day

Is it still considered bad form to talk politics during a social gathering?

View results

Online hackers are leaving surprising clues for cyber sleuths based on the time of their attacks — a trail suggesting the computer criminals are punching a clock for shift work.

The new research on cyber sleuthing patterns may change the notion of hackers as counterculture rebels — more importantly help cybersecurity experts halt online assaults and hit back.

Chinese hackers, for instance, are on a Monday-Friday, 9 a.m. to 5 p.m. schedule, Beijing time, indicating they are likely paid employees based in that time zone.

Researchers at Analysis Intelligence, a company that analyzes cyber threats, looked at “the temporal signature of activities by hacker groups and use[d] those to discern their pattern of life – basically their work week – for matching with national work weeks/schedules” across the globe, they write in a new posting on their site.

For instance, activities of the Syrian Electronic Army, a hacker group linked to the regime in Damascus, start with a bang on Sunday, the beginning of the work week in Syria.

They taper off to almost nothing by Friday and Saturday, the weekend in Syria and 14 other Muslim countries. Israel also has a Friday-Saturday weekend.

The al-Qasam Cyber Fighters, a group believed to be sponsored by Iran, shows the most activity Monday-Wednesday, when banking business in the West is at its peak, but is also active Saturday and Sunday.

The weekend in Iran is Thursday and Friday, when the group’s activities are at a low ebb.

Both these groups show a temporal signature matching that of “a regular state-employed hacker week in the Middle East.”

By contrast, hacking carried out in the name of Anonymous, the anarchistic, leaderless online alliance, peaks at the weekend “which indicates that they are mostly students or western people with ‘normal jobs’ that use weekends for hacking,” the researchers determined.

To get the temporal signatures, researchers analyzed information from their Recorded Future database — a massive collection of reports about hacking from dozens of public sources compiled by their firm.

“Obviously it’s only one signal, but potentially a quite interesting one,” the researchers conclude.


© Copyright 2014 The Washington Times, LLC. Click here for reprint permission.

About the Author
Shaun Waterman

Shaun Waterman

Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...

Latest Stories

Latest Blog Entries

blog comments powered by Disqus
TWT Video Picks