My hint would be: before decentralized worms, there were IRC hubs. The 'owners' would typically use their native language for the various commands (I know English is used in more than the US, but..). Most of the time, they wouldn't even hide their host name on the IRC server.
I guess from a 'being legal' POV: anyone could infect themselves with the same root kit that's on a honeypot and find out quite a bit about the organizers.
My hint would be: before decentralized worms, there were IRC hubs. The 'owners' would typically use their native language for the various commands (I know English is used in more than the US, but..). Most of the time, they wouldn't even hide their host name on the IRC server.
I guess from a 'being legal' POV: anyone could infect themselves with the same root kit that's on a honeypot and find out quite a bit about the organizers.