Secret Agent Man: Dark Knight in the Dark Web
Defcon, Las Vegas in 2002
Nicole Perlroth and Matthew Goldstein introduce us to an unusual man fighting crime on the dark net: "On the Hunt for Wall St. Hackers, but Not the Spotlight" (New York Times, November 9, 2014).
Lawrence Baldwin is a dark hero of the Internet whom you have probably never heard of[, but a] decade ago, Mr. Baldwin made a name for himself and his Atlanta-based security firm . . . . [a]nd then he seemed to disappear . . . . For the past seven years, several security consultants and former law enforcement personnel say, Mr. Baldwin has immersed himself in the so-called dark web, using what most describe as unorthodox methods to gather intelligence about online financial crime . . . . To his supporters, Mr. Baldwin, who has a degree in computer science from the University of Hartford, is something of a secret agent. "He has eyes directly on the perpetrator," said one security expert who did not want to be identified because of Mr. Baldwin's preference for a low profile . . . . [and a]nother described his work as "very cloak and dagger." All agree that the intelligence he provides is very effective. "I would take his intelligence over anyone else's any day of the week," another said . . . . All of this has created a market for a handful of consultants like Mr. Baldwin who go undercover and track the criminals' activity in real time . . . . [Thus] "Baldwin stands out because he provides actionable intelligence," said Avivah Litan, a security analyst with Gartner, the research firm. "It's exact, it's original and he barely charges for it, whereas other firms repackage intelligence from many sources" . . . . Two people familiar with his methods said that Mr. Baldwin's company maintains listening posts on Internet service provider networks and infects tools used by criminals, like underground botnets - networks of infected computers - to see what criminals are collecting and where they are collecting it from. He has also developed a web of contacts across industries and knows who is stealing information . . . . A few years ago, law enforcement officials spoke to Mr. Baldwin to ensure he understood what he could do without breaking the law, according to two people briefed on the conversation. One concern is that while Mr. Baldwin has a record of developing intelligence on hacker activity, the information cannot be used as evidence in a criminal proceeding because of his methods, and the confidential relationships he uses to gather it . . . . Early in his career he worked at BellSouth, helping to introduce its dial-up network. Immediately, hackers tried to break in. What began as a curiosity - figuring out who they were and how they attacked their victims - became his life's work . . . . Mr. Baldwin stands out as a "boy scout" who simply wants to catch criminals and routinely shares information free . . . . He works closely with the National Cyber-Forensics and Training Alliance, a nonprofit based in Pittsburgh that brings together law enforcement, private industry members, security consultants and academic scholars to share information to prevent and mitigate the threats. The group works closely with many American banks and corporations and has received contributions in recent years from Bank of America, Microsoft and Symantec.So . . . why haven't we heard much about this man? Because, in a rare answer to the query, he says:
"I'm not a press hound . . . . There are serious personal safety issues to consider."In other words, he's made a lot of enemies of the very dangerous kind, so why are we drawing attention to him?
Good question. This post will self-destruct in five seconds . . .