On the Dark Web, nobody knows you’re a woman, reports Bradley Barth.
When former President Barack Obama instituted sanctions against Russia last December over its election interference, one of the organizations on his blacklist was highly unusual. Not so much for the actions it was accused of, but for who was running the ship.
Zorsecurity (aka Esage Labs), a company founded by female hacker Alisa Esage Shevchenko, was banned from conducting business in the U.S. for allegedly providing technical research and development to the same Russian intelligence military agency that is accused of hacking the Democratic National Committee (DNC).
Shevchenko, who in the past has been credited for disclosing a number of dangerous zero-day software vulnerabilities, has vociferously maintained her innocence both in media reports and on her personal Twitter account, claiming that she has been scapegoated. (SC Media attempted to reach out to her via email for further comment.)
But regardless of whether the hat she wears is actually white, black or gray, what cannot be disputed is that it is historically rare for a female hacker to earn this kind of notoriety. Indeed, while the number of women professionals in cybersecurity remains disproportionately low, the gap between male and female bad actors (whether confirmed or alleged) may be even greater.
“The perception is that the cybercrime underground is more dominated by men, and this is also the case in all global arrests related to cybercrime,” says Bob McArdle, director of cybercrime research for Trend Micro. “Of the public cases of female hackers that have been convicted, they have often had more of a supporting role than a directing role in the operation.”
“But it is also common for the media to then portray them as hot or sexy, or ‘geeky and loner’ in order to sell the image of the female hacker – and even elevate their roles in the crime to make it appear more important,” McArdle (right) adds.
With that said, however, in the last few months there have been a few notable examples of women making waves as alleged cybercriminals.
For instance, FireEye’s manager of threat intelligence, Nalani Fraser, attributed certain APT activity to female hackers. “We believe one female hacker, in particular, is part of one of the most sophisticated APT groups we track,” says Fraser. “We assess this group was responsible for several high-profile cyberespionage-related intrusions. The associated female is well educated (she has a master’s degree in computer science), proficient and highly skilled. Like her male counterparts, she has significant coding experience, including developing exploit code, holds a number of technical certifications and has won awards for her computer-related work.”
Moreover, Peter Stephenson. SC Media’s technology editor, a security researcher and cryptographer, reported there are “quite a few” women in the hacktivist organization Anonymous, citing intel from Judy Traub, program manager at the SC Labs.
There’s also Francesca Maria Occhionero, who along with her brother was arrested in January 2017 and charged with disseminating a malware program called EyePyramid that was used to hack the email accounts of Italian politicians, Vatican cardinals and the president of the European Central Bank.
And in another male-female pairing, a Swedish woman and her British husband were arrested in the U.K. in January 2016 for allegedly infecting Washington DC’s CCTV cameras with ransomware in the days leading up to President Donald Trump’s inauguration. (Neither suspect has been publicly named by authorities.)
Speaking of Trump, a piece on the Palmer Report, a liberally slanted website, speculated that a female could be among the actors posing as Guccifer 2.0, an online persona that investigators believe is a front for Russia’s DNC hackers. This Ms. Guccifer theory, which lacks corroboration, came about after Trump confidant Roger Stone at one point referred to Guccifer 2.0 as “her” while publicly discussing his Twitter exchange with the persona in a TV interview.
On the other hand, Guccifer 2.0 once insisted in a WordPress post that he is a man, adding: “I’ve never met a female hacker of the highest level. Girls, don’t get offended, I love you.”
One of the earliest known female hackers was Susan Headley, also known as Susy Thunder, a member of the Cyberpunks hacking group, known for her social engineering schemes in the late 1970s and early 1980s.
So how many female black hats are actually out there today? Hard to say – quantifying them is frankly all but impossible. After all, on the cybercriminal dark web, anonymity is invaluable and revealing that you’re a woman might be counterproductive if your preference is to hide among the shadows. Indeed, FireEye’s Fraser notes that many hackers offering their services or responding to hiring notices “highlight their skills and expertise with little regard to gender.”
Similarly, gender doesn’t play a huge factor either when purchasing goods and services on the dark web, says Alex Karlinsky (left), cyber intelligence lead at dark web monitoring and intel gathering company Sixgill. “However, in circles where reputation matters – for example, the Russian underground – we’ve encountered several actors claiming to be female who had considerable traction,” says Karlinsky. “But I’d say that happens maybe once or twice per source, and is not common at all.”
“It is unusual for a woman to identify herself as such on the dark web, agreed SC’s Stephenson. “I can only think of one… People in the underground stick to handles and don’t try to dig into each other unless there is a feud that results in doxxing.”
Clouding matters further is the reality that on the dark web, not everyone is who they claim to be. In some cases, dark web denizens will even swap digital gender identities.
McArdle tells SC that male cybercriminals will sometimes use female identities to “avoid detection or confuse law enforcement investigation efforts,” as well as to provoke responses from fellow underground hackers, especially interested young males. At the same time, McArdle continues, women on the dark web “often assume neutral or male personas to avoid unwanted attention from the male-dominated, and often sexist, culture of these communities.”
Karlinsky, too, says he has “encountered cases where female hackers would specifically pretend to be male in order to not arouse suspicion or attract attention.”
According to Karlinsky, some hackers view the possibility of female black hats as a point of intrigue. “There’s definitely chat regarding the topic,” says Karlinsky. “I’d say the most common points of discussion would be cybercriminals occasionally trying to find out if the source they’re currently in contains a female audience. They find it cool and interesting that a woman would be proficient in this supposedly all-male trade. This happened in more than one darknet source, so it’s amusing to see every now and then.”