Hooded Man Taking Off His Face Mask, Revealing Spooky Faceless Person Behind

Photo via igorstevanovic/Shutterstock.com (Licensed)

Why unmasking cybersecurity experts is so dangerous

Some heroes don’t want the world to know their names.


Ben Dickson



A pseudonymous cybersecurity expert saved the day on Friday, stopping the spread of a massive ransomware attack that chaotically infected 200,000 computers across more than a hundred countries.

You many now even know his name—and that’s a problem.

Ransomware is a dangerous type of malware that encrypts your file and—as the name implies—forces you to pay a ransom you for the decryption key. Once the damage is done, even removing the virus won’t help recover your files. MalwareTech’s courageous and lucky efforts spared thousands of users from falling victim to the attack.

Then, British tabloids decided to paint a target on MalwareTech’s chest by revealing the identity of the person behind the account despite his attempts to remain anonymous.

MalwareTech’s name, photograph, and life details—one tabloid strangely devoted ample space describing the researcher’s love of pizza—are now easily available for anyone on the internet to find. While becoming “internet famous” might sound great to some, it is decidedly terrible for someone in MalwareTech’s position.

The exposure of cybersecurity researchers can have dire repercussions. Remember, in the case of MalwareTech, this is a person who just dealt a huge blow to the business of the hackers behind the attack, costing the criminals real money. Under such circumstances, the cybercriminals would want nothing more than to retaliate against the person who foiled their plot.

It’s happened before.

Last September, the website of journalist and cybersecurity expert Brian Krebs was hit by a massive distributed denial-of-service (DDoS) attack, which was allegedly in response to a story in which he exposed two Israeli hackers who were later arrested. DDoS attacks involve shutting down servers by overloading them with fake traffic coming from botnets, an army of compromised computers taking commands from hackers.

In 2013, Krebs became the first journalist to be targeted by a “swatting” scam, a vicious hoax in which hackers use special techniques to make emergency calls that appear to come from the target’s phone number. As a result, his house was falsely raided by the police. In another case, hackers sent heroin to his house in an attempt to frame him for drug charges.

Hackers are not the only entities cybersecurity experts must worry about. There are several cases where companies and government agencies have pressed charges against white hat hackers for having found and exposed holes in their systems.

The result: Many researchers have gone incognito, publishing their research under nicknames. SwiftOnSecurity, Stack, KaputSkiy, and the humorous account Internet of Shit are some of these pseudonymous researchers who have gained acclaim and recognition from the community and media.

MalwareTech was also part of that mysterious pack—until he was exposed in the weekend that followed the WannaCry ransomware attack thanks to unscrupulous reporters willing to throw their subject out to the wolves just to get the story.

In an interview with MailOnline, the cybersecurity expert said he fears he could face future revenge from the hackers he has exposed after his name was posted on the internet.

“I’ve seen posts about the terrible things people have done to him, and for me, in future, it could be the same things,” he said, an apparent reference to Krebs.

He’s about to find out how well-placed those fears are.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

The Daily Dot