On the Dark Web, nobody knows you're a woman, reports Bradley Barth.
When former President Barack Obama instituted sanctions against Russia last December over its election interference, one of the organizations on his blacklist was highly unusual. Not so much for the actions it was accused of, but for who was running the ship.
Zorsecurity (aka Esage Labs), a company founded by female hacker Alisa Esage Shevchenko, was banned from conducting business in the U.S. for allegedly providing technical research and development to the same Russian intelligence military agency that is accused of hacking the Democratic National Committee (DNC).
Shevchenko, who in the past has been credited for disclosing a number of dangerous zero-day software vulnerabilities, has vociferously maintained her innocence both in media reports and on her personal Twitter account, claiming that she has been scapegoated. (SC Media attempted to reach out to her via email for further comment.)
But regardless of whether the hat she wears is actually white, black or gray, what cannot be disputed is that it is historically rare for a female hacker to earn this kind of notoriety. Indeed, while the number of women professionals in cybersecurity remains disproportionately low, the gap between male and female bad actors (whether confirmed or alleged) may be even greater.
“The perception is that the cybercrime underground is more dominated by men, and this is also the case in all global arrests related to cybercrime,” says Bob McArdle, director of cybercrime research for Trend Micro. “Of the public cases of female hackers that have been convicted, they have often had more of a supporting role than a directing role in the operation.”
“But it is also common for the media to then portray them as hot or sexy, or ‘geeky and loner' in order to sell the image of the female hacker – and even elevate their roles in the crime to make it appear more important,” McArdle (right) adds.
With that said, however, in the last few months there have been a few notable examples of women making waves as alleged cybercriminals.
For instance, FireEye's manager of threat intelligence, Nalani Fraser, attributed certain APT activity to female hackers. “We believe one female hacker, in particular, is part of one of the most sophisticated APT groups we track,” says Fraser. “We assess this group was responsible for several high-profile cyberespionage-related intrusions. The associated female is well educated (she has a master's degree in computer science), proficient and highly skilled. Like her male counterparts, she has significant coding experience, including developing exploit code, holds a number of technical certifications and has won awards for her computer-related work.”
Moreover, Peter Stephenson. SC Media's technology editor, a security researcher and cryptographer, reported there are “quite a few” women in the hacktivist organization Anonymous, citing intel from Judy Traub, program manager at the SC Labs.
There's also Francesca Maria Occhionero, who along with her brother was arrested in January 2017 and charged with disseminating a malware program called EyePyramid that was used to hack the email accounts of Italian politicians, Vatican cardinals and the president of the European Central Bank.
And in another male-female pairing, a Swedish woman and her British husband were arrested in the U.K. in January 2016 for allegedly infecting Washington DC's CCTV cameras with ransomware in the days leading up to President Donald Trump's inauguration. (Neither suspect has been publicly named by authorities.)
Speaking of Trump, a piece on the Palmer Report, a liberally slanted website, speculated that a female could be among the actors posing as Guccifer 2.0, an online persona that investigators believe is a front for Russia's DNC hackers. This Ms. Guccifer theory, which lacks corroboration, came about after Trump confidant Roger Stone at one point referred to Guccifer 2.0 as “her” while publicly discussing his Twitter exchange with the persona in a TV interview.