get user-agent info from twitter, or provoke them into visiting a link, and possibly load malware. no browser is really safe in a targetted attack
This is certainly the most direct way. I'd be pushing exploits from the twitter data center and sharing links to funny/cool #antisec whatever in irc hangouts. The client is almost always the weakest link here, and with people using multiple devices you get lucky once or twice and get some malware on a phone or pc.
If you're investigating foreign hackers on foreign soil you have a lot of leeway in terms of back hacking them, the US is definitely using this kind of approach in anti-terror.
Once you get the right guy and know it's him, share the details with the local authorities and let them figure out what legal info they have to build a case now that they know who they're after.
The other way I'd do it is with a fleshed out honeypot. Set up something tempting with two stages of flaws and some good documents. Bring the first flaw to on of the farm irc channels with something semi-juicy you got out of it. They'll probe the rest of the system and find the second dangled SQLi flaw and some juicy data. If you can set up and watch them in advance some mistakes will generally be made, and whatever documents and executables you leave to get stolen will probably end up being handled in an unsafe fashion. Think how tempting a VPN software token authenticator would be to run, and I highly doubt that stuff would get RE'd before it got run. If you can get them to voluntarily run some software they stole from you you won't be needing a warrant in advance.
This is certainly the most direct way. I'd be pushing exploits from the twitter data center and sharing links to funny/cool #antisec whatever in irc hangouts. The client is almost always the weakest link here, and with people using multiple devices you get lucky once or twice and get some malware on a phone or pc.
If you're investigating foreign hackers on foreign soil you have a lot of leeway in terms of back hacking them, the US is definitely using this kind of approach in anti-terror.
Once you get the right guy and know it's him, share the details with the local authorities and let them figure out what legal info they have to build a case now that they know who they're after.
The other way I'd do it is with a fleshed out honeypot. Set up something tempting with two stages of flaws and some good documents. Bring the first flaw to on of the farm irc channels with something semi-juicy you got out of it. They'll probe the rest of the system and find the second dangled SQLi flaw and some juicy data. If you can set up and watch them in advance some mistakes will generally be made, and whatever documents and executables you leave to get stolen will probably end up being handled in an unsafe fashion. Think how tempting a VPN software token authenticator would be to run, and I highly doubt that stuff would get RE'd before it got run. If you can get them to voluntarily run some software they stole from you you won't be needing a warrant in advance.