Allison Nixon

Allison Nixon is a cybersecurity researcher and the chief research officer and co-owner of Unit 221B, a New York City-based cybersecurity investigations firm.[1][2] She is known for her research into DDoS attribution, cybercrime attribution, and English-speaking criminal communities, particularly the loose cybercriminal collective known as The Com.[3] Her investigative work has contributed to the identification and arrest of more than two dozen cybercriminals since 2011, according to FBI officials cited in MIT Technology Review.[1]

Early career

Nixon began her cybersecurity career around 2011, working the night shift in the security operations center at Dell SecureWorks.[1] While the firm's counter-threats team focused on state-sponsored hacking groups, Nixon independently began investigating the online forums and communities where criminal hackers congregated, developing an early interest in the motivations and social dynamics of cybercriminals rather than their technical intrusion methods alone.[1]

In 2013, while employed at Integralis (which was renamed NTT Com Security later that year),[4] she presented at Black Hat USA on techniques for bypassing DDoS protection services. She subsequently joined Flashpoint, a business risk intelligence firm, where she served as director of security research.[5]

In early 2020, Nixon joined Unit 221B, a cybersecurity investigations firm named after Sherlock Holmes's address.[1]

Research and investigations

Mirai botnet

In October 2016, while serving as director of security research at Flashpoint, Nixon led the firm's investigation into a series of large DDoS attacks against DNS provider Dyn, which disrupted access to major websites including Amazon, Twitter, and Spotify.[6][7] Flashpoint confirmed the involvement of the Mirai botnet in the attacks.[7] Nixon's ongoing research contributed to the law enforcement investigation that led to the December 2017 guilty pleas of the three creators of the Mirai malware.[1][6][8] Nixon was a named subject in the resulting cover story by Andy Greenberg in Wired.[9]

The Com and Scattered Spider

Nixon has published extensive research on The Com, a loosely affiliated network of predominantly young, English-speaking cybercriminals responsible for a range of offenses including social engineering, SIM swapping, cryptocurrency theft, sextortion, swatting, and ransomware attacks.[3] She began tracking the online communities from which The Com emerged as early as 2011.[1] At Unit 221B, she built eWitness, an invitation-only platform aggregating scraped data from Telegram and Discord channels used by Com members, which is shared with other researchers and law enforcement agencies.[1]

Following the September 2023 cyberattacks on MGM Resorts International and Caesars Entertainment by Scattered Spider, a group associated with The Com, Nixon provided analysis to media outlets including the Wall Street Journal and TechCrunch.[10] She has characterized Scattered Spider and related groups as Western, predominantly young cybercriminals who deliberately recruit minors due to the more lenient legal consequences they face.[10][11]

In a June 2025 presentation at the Sleuthcon cybersecurity conference, Nixon described The Com as a youth subculture whose members are drawn in by financial incentives and peer influence, with criminal activity escalating from financially motivated fraud to violence and sextortion.[3]

Snowflake data breaches and Moucka case

In April 2024, Nixon became the target of death threats posted on Telegram and Discord by a person using the handles "Waifu" and "Judische," later identified as Connor Riley Moucka, a Canadian national.[1] Moucka was accused of involvement in a series of data breaches targeting customers of Snowflake, a cloud data platform, and of extorting victims for millions of dollars in Bitcoin.[2] After the threats drew her attention, Nixon and Unit 221B, working with Mandiant and other partners, helped to identify Moucka's real identity, which was passed to law enforcement.[2] Moucka was arrested in Kitchener, Ontario, in October 2024 and faces 20 federal charges in the United States, including conspiracy, computer fraud, wire fraud, extortion, and aggravated identity theft.[2]

Media appearances

Nixon has appeared on 60 Minutes in a 2024 segment on Scattered Spider and its connection to the casino cyberattacks.[11] She was featured in The New York Times Presents episode "The Teenager Who Hacked Twitter" (2020), about the 2020 Twitter hack.[12] She also appeared in the documentary series Most Wanted: Teen Hacker (2025).[12]

In February 2026, MIT Technology Review published a feature profile on Nixon detailing her career, her role in pursuing members of The Com, and the death threats she received from cybercriminals whose identities she helped expose.[1] She has been cited in reporting by Brian Krebs at Krebs on Security on topics including Mirai, LAPSUS$, SIM swapping, T-Mobile breaches, and DDoS-for-hire services.[13]

References

  1. ^ a b c d e f g h i j Zetter, Kim (February 16, 2026). "Hackers made death threats against this security researcher. Big mistake". MIT Technology Review. Retrieved March 7, 2026.
  2. ^ a b c d "Alleged Canadian hacker unmasked after threatening cybersecurity researcher". CTV News. June 11, 2025. Retrieved March 7, 2026.
  3. ^ a b c Johnson, Derek B. (June 9, 2025). "Internet infamy drives The Com's crime sprees". CyberScoop. Retrieved March 7, 2026.
  4. ^ "Allison Nixon – Black Hat USA 2013". Black Hat Briefings. 2013. Retrieved March 7, 2026.
  5. ^ "IoT Botnets: Why the Next Mirai Could Be Worse". BankInfoSecurity. Retrieved March 7, 2026.
  6. ^ a b Krebs, Brian (January 2018). "Expert: IoT Botnets the Work of a 'Vast Minority'". Krebs on Security. Retrieved March 7, 2026.
  7. ^ a b "Threat Seeker – Allison Nixon". SC Media. 2018. Retrieved March 7, 2026.
  8. ^ "Justice Department Announces Charges and Guilty Pleas in Three Computer Crime Cases Involving Significant Cyber Attacks". United States Department of Justice. December 13, 2017. Retrieved March 7, 2026.
  9. ^ Greenberg, Andy (November 14, 2023). "The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story". Wired. Retrieved March 7, 2026.
  10. ^ a b Page, Carly; Whittaker, Zack (September 14, 2023). "Hackers claim MGM cyberattack as outage drags into fourth day". TechCrunch. Retrieved March 7, 2026.
  11. ^ a b "Cybersecurity investigators worry ransomware attacks may worsen as young, Western hackers work with Russians". CBS News. June 1, 2025. Retrieved March 7, 2026.
  12. ^ a b "Allison Nixon". IMDb. Retrieved March 7, 2026.
  13. ^ "Tag: Allison Nixon". Krebs on Security. Retrieved March 7, 2026.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.