The two weren't just able to gather information about the victims though. When the hackers started testing new strains of malware on themselves, they sent sent their own data to their command and control servers, and to Anderson and Guarnieri's servers.That way, the two were able to keep tabs on the hackers themselves collecting their computer names, IP addresses, unique identifiers of the computers, "and all this kind of stuff," the two tell me, laughing coyly, during an interview in Las Vegas.Last week, Anderson, an independent security researcher, and Guarnieri released a 50-page research paper exposing three years of Iranian hacking campaigns, during which they tracked more than 300 individual cyberattacks on activists.Their research shows that despite the frequent media portrayals of Iranian hackers focused on hacking foreign governments, companies and critical infrastructure, the hackers are more worried about spying on Iranian citizens both inside the country as well as in the diaspora, the researchers said.
"They never noticed that we were completely monitoring the whole thing for several months."
The two grew these networks by working directly with dissidents and reaching out to those communities. Anderson, for example, has become the go-to expert when it comes to Iranian internet issues. The Washington, D.C.-based researcher echoed Guarnieri's thoughts, saying that "having those trusted relationships with those communities has allowed us to sort of create our own versions of those monitoring systems."Over the years, the two have become the go-to people for Iranians who have received suspicious emails, although it's not always easy to build trust. Once, Anderson recalls, a friend of a friend put him in touch with someone who had received a potentially dangerous email. Initially, the target didn't believe him."I said, 'hey, you don't know me but you've been compromised,'" Anderson says. "Sometimes they don't believe me so in a couple of cases I had to be like, 'well, here are some files from your computer.'"
"We have access to a resource that probably no security company has, which is networks of people."