Hackers are often exposed by subtle breadcrumbs left behind during their hacks. These crumbs may take the shape of IP addresses, suspicious logs, personal information, leftover files/viruses or even a collection of seemingly innocuous metadata that, when added together, paints a picture of who that hacker is and what they’ve done.
Do most hackers leave a trace?
It’s very hard for even the most sophisticated hacker to go completely unnoticed. This is because infecting a target network always involves connecting with that network in some way and modifying it, which usually results in some form of evidence being visible. The weapon of choice for many amateur hackers are keyloggers and botnet worms, which have a very high chance of inadvertent exposure.
If a hacker is inside your system spying on everything you type, it’s likely that your keystrokes are being stored and sent back to them in some form. They could be using an email address or online server to accept the files, and the more amateur attacker often leaves their own credentials inside of the virus, meaning a clever security researcher can find out where the virus is calling home, possibly resulting in entire botnets being shut down or entire criminal organizations being exposed.
What about the clever hackers?
A smart hacker will ensure that their operations use a ‘one-time infrastructure’. This means that malicious files or commands won’t even touch the storage of the victims’ systems - all of the hacking will occur in temporary memory, which means it’s flushed in minutes. Any server being used as a home will be set up for one specific task and shut down immediately afterward, meaning that if their own infrastructure is exposed through the hacking, the trail points to nothing.
Are these kinds of hackers active now?
A group called MoneyTaker is infamous for wiping evidence, creating one-time infrastructures and only using the stealthiest techniques; they’ve been attacking banks for several years and very little is known about them.
Will malicious hackers be caught eventually?
Sometimes, an attacker just has to make one tiny mistake to expose themselves. There could be years of perfect operational security and hacker techniques, but there are so many factors in play that the hacker can’t control everything. They may accidentally forget to hide their IP address on a single occasion, friends or affiliates may cut a deal with enemy hackers or authorities, the servers they rely on could inadvertently leak information, or a new type of virus may catch them off guard.
Nobody can say with 100 percent certainty how many hackers are active, or which systems are compromised. We’ll likely never know about the greatest hackers of all because they’ll probably never be discovered.