Look Into The World Of A Security Expert And See How They Are Able To Find The Bad Guys

The internet is a large and vast place.

Luckily for us, it is easy to navigate around.

We have places that will help us navigate the net such as Google and other link providers.

Search engines are not the only places that index the links of web sites though as you have places such as directories, which Yahoo used to be, that also do it.

uncovering the bad guys isn't as easy as you many think

uncovering the bad guys isn't as easy as you many think

In Cyberspace, No-One Can Hear You Lurk

But there is also another part of the internet that few people know about.

It is where people who do not want to be found lurk at.

It is called the darknet and it is a part of the internet that is never indexed.

This is where you will find the most exciting parts of the internet.

To quote the movie “Hackers”, these are where the keyboard samurai (aka ‘hackers’) like to hang out at.

This is especially true for black hat hackers but even though these places are secret, there are still a group of people who know how to find them and try to stop the bad guys before they launch their next terrible attack.

Security experts know full well about these dark pools.

Even though they are on a part of the internet that most people do not go down, it is still part of the normal net.

It uses the same IP addresses that every other site uses.

If you are going to be a computer security expert then you must be able to venture down these dark holes; if you want to be able to stop the next big attack then this is the place that you have to be – you are not going to find out anything lurking on Yahoo messenger.

Instead, you have to be where the action is and most of the time this in the darknet.

But the dark net is not the only place where you are going to find the bad guys and it is not the only way that you can track them down either.

Sometimes you have to do a little bit of digital forensics to be able to find where the bad guys are at.

You can do that by learning how to read the code that they put out there for their attacks.

Reading The Code

Most programmers and even some hackers do not know that there is an art to reading code after it has been compiled.

The whole purpose of compiling a program is so that it gets translated into machine code and it is able to run faster.

Of course not all program languages follow this paradigm.

The ones that don’t are what you would call an interpreted language; those are languages that are made so that the person can write the code quick and easily and not have to worry about the time it takes the compiler to go through its paces.

Most hackers use a compiled language such as C or C++ because they are able to make the programs smaller and fit into less memory on the machine they are attacking.

The less memory you are taking up, the less likely someone is going to notice you are there.

Also, with these types of compiled languages you are able to control the memory which makes it easier to form an attack.

Since the languages are compiled, to be able to read them a security expert has to use a program called a decompiler.

The Decompiler In Action

When some people hear the word decompiler they believe that it is going to show the source code of the program again.

That is not what happens.

The decompiler allows you to see the assembly code that the program is running on.

From there a security expert who is good at assembly will be able to see little signatures that might give away who the hacker is or at least where the attack came from.

They can do this by seeing if the person used certain functions, if there are any strings in a foreign language and other little things that can tell more about the person who made the program.

Work such as this is long and tedious and is only done by people who love the job as there is so much to study before you can get to this point.

You have to have good working knowledge of software program construction, the operating system, and the processor underneath.

These factors all form together for you to be able to find out some things about the program.

Finding The Bad Guys

Finding out what is inside the program is only the first step.

Next you must be able to find out how the program was delivered in the first place.

What nodes on the internet did it take to get here?

This is when the attacker is finally caught.

In this stage of operation, everything can be exposed.

The network is the most telling of the whole process but you may have to deal with other countries to find out who did it.

Hopefully you now realise that there is a lot that goes on when trying to find the bad guys.

It is hard work but some people love it.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] to get. But there are other ways to be able to see how they think. Sometimes you have to be able to sit in the bad guys shoes themselves so that you can see why they do what they do. So you need to be able to practice being […]

  2. […] This post was mentioned on Twitter by Lee, Joe Burton. Joe Burton said: internetcrimes.net Look Into The World Of A Security Expert And See How They Are Able … http://bit.ly/aUAdqs computer forensics […]

Speak Your Mind