Cybersecurity

A Chinese Hacker's Identity Unmasked

Cloaked by malware, aliases, and misspellings, computer spies are usually invisible. This one made a mistake. A special investigation

Cyb3rsleuth said he felt like he’d found the face of a ghost when he saw pictures on a blog linked to Zhang Changhe

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Dune Lawrence and Michael Riley

February 14, 2013 at 11:31 PM UTC

This article is for subscribers only.

BusinessWeek Cover Image (13_08, portrait_2x)

This article is part of the February 18, 2013 issue of businessweek.

Joe Stewart’s day starts at 6:30 a.m. in Myrtle Beach, S.C., with a peanut butter sandwich, a sugar-free Red Bull, and 50,000 or so pieces of malware waiting in his e-mail in-box. Stewart, 42, is the director of malware research at Dell SecureWorks, a unit of Dell, and he spends his days hunting for Internet spies. Malware is the blanket term for malicious software that lets hackers take over your computer; clients and fellow researchers constantly send Stewart suspicious specimens harvested from networks under attack. His job is to sort through the toxic haul and isolate anything he hasn’t seen before: He looks for things like software that can let hackers break into databases, control security cameras, and monitor e-mail.

Within the industry, Stewart is well-known. In 2003 he unraveled one of the first spam botnets, which let hackers commandeer tens of thousands of computers at once and order them to stuff in-boxes with millions of unwanted e-mails. He spent a decade helping to keep online criminals from breaking into bank accounts and such. In 2011, Stewart turned his sights on China. “I thought I’d have this figured out in two months,” he says. Two years later, trying to identify Chinese malware and develop countermeasures is pretty much all he does.