Living more than one lives is a part of his process with protection firm Symantec, which also involves being a covert part of the forums, chat boards and discussion rooms that contain the net's underground economic system.
It is there that deals are finished that lead to corporations being hacked, web sites knocked offline and booby-trapped emails spammed out to millions. Exploit kits are offered and sold, allowing much less talented attackers to pay their better-skilled brethren for get entry to to gear that make it easy to hunt out and infect prone victims,
"You can see what equipment are being released, what people are interested by, how they're making their money and maybe politically how they're motivated," he stated.
The monitoring encompasses all ranges of cyber-crime - from web sites that cater for beginners and unskilled "script kiddies" to the better-stage businesses in which the seasoned criminals acquire.
It's in these that Mr O'Murchu and his colleagues trade banter with different participants to collect facts that could assist whilst a big assault is below way or a unique chance hits masses of the PCs that Symantec is assisting to guard
For instance, he stated, if 500,000 machines are enrolled overnight right into a botnet - a network of hijacked PCs that may be used to unfold spam or behavior different forms of computer crime - he'll dig into the incident and discover how they had been caught out.
"If we observed that it was disbursed thru unsolicited mail, through net exploit packs and compromised websites, we would discover that the ones compromised websites were virtually sold inside the underground," he defined.
"Then we'll move and discover who's promoting them, how you pay for them and the way you join up."
DIY ransomware is "clean to apply and unfastened"
How long until Ukraine is hacked again?
Pay your fare the usage of a 3-d face map
Cash system hacked in 5 minutes
The result would possibly suggest Symantec stops the malware spreading or develops defences that may manual clients to shield themselves.
Hiding out
Mr O'Murchu has visible many modifications ripple thru the underground within the years he has been immersed in it - lots of them in response to action by using regulation enforcement that took down websites or brought about arrests.
A huge exchange passed off remaining 12 months, after Russian police arrested 50 humans idea to be in the back of numerous big malware campaigns. It became out, he stated, that in addition they ran and bought an "take advantage of package" that gave subscribers get right of entry to to a large and growing library of software vulnerabilities that would be used to benefit access to quite a few specific businesses.
"We believe that the businessman behind that organization had been shopping for exploits to put into the packs," he stated.
The wave of arrests "spooked" the businessman backer, who promptly disappeared and took his wallet with him.
"That took a variety of the cash out of the network, so now we do not see such a lot of exploit packs getting used," he stated.
The packs still available promote to the expert criminals who pay as much as $10,000 (£7,seven hundred) a month to get a consistent flow of software insects they could take advantage of for his or her very own ends - be it to inveigle their manner into a goal company or to make malware even extra powerful.
Tracking the top cyber-criminals, via Andrei Barysevich
"We attain get right of entry to to the maximum secretive groups - the closed discussion businesses that you will not be capable of discover through Google.
"When you get get admission to you create one or more personas and assign criteria to them. You may be a hacker, a forger or a DDoS attacker. To build those personas takes time.
"We see whilst criminals get get right of entry to to a organisation but not sufficient to advantage treasured information and then visit the network and say: "I even have got this a ways but want assist to head similarly."
"In loads of instances we can get data for the victim to find out how the culprit got get entry to and patch it earlier than they get at the facts.
"The legality may be a trouble for every body that is not experienced. We recognize how to manipulate the mind-set of the criminals to avoid this. It's a lengthy technique.
"Where the criminals make errors is whilst they're inexperienced, once they first enter the area of cyber-crime and feature little idea of operational protection.
"Sometimes they use the equal person call this is connected with their Skype account, Facebook account or Russian VK pages.
"We have an in depth listing of profiles where we define the most valuable information about the maximum prolific actors. In some instances we will verify who is in the back of a particular alias."
Andrei Barysevich is director of advanced series, Recorded Future
Backers with coins who bankroll development paintings by using criminal hackers are increasingly more commonplace, said Mr O'Murchu.
"You basically get start-up agencies operating in those forums," he said. "You have a financer come in and he would lower back some venture and you will have 10-to-15 humans running on that."
"He could use that as a revenue generator," he delivered. "They put humans on the venture and resell that at the underground at a profit. It's only a matter of whether they can mark it up sufficient."
Paranoia justified
Arrests of hackers and raids on well-known forums have driven a growing sense of paranoia many of the population of the crook underground, stated Mr O'Murchu.
"The people in those boards understand that they may be being watched and that what they speak approximately, in the event that they communicate about some thing specific, could be tied lower back to them," he said.
"The those who are doing this at the top stage recognize the stakes," he said. "And they take into account that the police can come busting thru their door at any time, so they're truely very, very careful approximately who they let in and who they speak to."
Some of that paranoia is justified, he stated, because protection researchers and law enforcement officials looking the boards are just anticipating the horrific guys to make a mistake.
credit : www.bbc.com/news/technologyHiding out among the net's criminal class
