Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Inner World of Gov-Sponsored White-Hat Hacking

Posted by samzenpus on from the good-guy's-bad-guys dept.

romanval writes "Anonymous leaked emails of white-hat hacker firm HBGary shows how it develops and markets products to government agencies. From the article: 'In 2009, HBGary had partnered with the Advanced Information Systems group of defense contractor General Dynamics to work on a project euphemistically known as "Task B." The team had a simple mission: slip a piece of stealth software onto a target laptop without the owner's knowledge. They focused on ports—a laptop's interfaces to the world around it—including the familiar USB port, the less-common PCMCIA Type II card slot, the smaller ExpressCard slot, WiFi, and Firewire. No laptop would have all of these, but most recent machines would have at least two.'"

27 of 146 comments (clear)

  1. Black hat not White by Anonymous Coward · · Score: 5, Insightful

    A 'White Hat' hacker is someone who aims to improve security; HBGary are aiming to take advantage of exploits in order to hack into computers, for mining personal information. They are most definitely 'Black Hat'.

    1. Re:Black hat not White by Purist · · Score: 4, Funny
      The work was being done for a government agency. White Hat.

      :-)

      --
      I used to fear clowns...but I'm discovering that chimps are far, far, worse.
    2. Re:Black hat not White by Anonymous Coward · · Score: 3, Informative

      It's very simple. Once you discover an exploit in someones code, you can choose to either inform them so they can fix it (White Hat) or withhold the discovery for personal gain (Black Hat).

    3. Re:Black hat not White by phunster · · Score: 5, Insightful

      Richard Nixon said "If the President does it, it is legal." We all know how that worked out for him. It sounds like you are substituting "government agency" for "President." No one is above the law, not a President, and not a government agency. Black Hat is Black Hat no matter who is doing it, or who they are doing it for.

    4. Re:Black hat not White by Anonymous Coward · · Score: 5, Insightful

      No HBGary belongs to a completely new category of hackers. Neither 'black hat' not 'white hat', but 'ass hat'

    5. Re:Black hat not White by Divide+By+Zero · · Score: 5, Insightful
      It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.

      White Hat can be "evil", Black Hat can be "good". Value judgments are independent of the definition - are you there to improve bad security or exploit it?

      --
      Dare to Hope. Prepare to be Disappointed.
    6. Re:Black hat not White by Blue+Stone · · Score: 4, Interesting

      I guess here at /. the 'editorial' policy is to provoke discussion regardless of the intellectually dishonest manner that's used. Summaries and titles that distort the original article seem to be more and more prevalent in order, I'd take a wild guess at, to provoke comments.

      Ladies and gentlement, we are being trolled by the management.

      A sad state of affairs.

      --
      Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
    7. Re:Black hat not White by russotto · · Score: 2

      So hacking into the government systems of an oppressive government in order to cause it damage somehow as part of a larger campaign to topple it without invading and killing lots of people would be "evil"?

      No, but it would be "black hat" by the computer security definition.

      HBGary seems to me to be in the same ethical position as any weapons manufacturer.

    8. Re:Black hat not White by Corbets · · Score: 4, Insightful

      It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.

      Not quite. If they REQUEST that you "hack" them and you do so, you're a white hat. If you do it without being asked, then you're a black hat. Walking through the door later is a CYA technique only.

    9. Re:Black hat not White by DavidTC · · Score: 2

      Actually, the distinctions are:

      white hat - attacks with permission(Or attacks own computer.), informs target/manufacturers afterward of security holes and how to fix, if they see a way
      gray hat - attacks without permission, informs target of hole and how to fix afterward. Often, these are hackers who noticed a security flaw by accident in someone else's system and were unable to get them to fix it, so does this to force them to, often by causing them public embarrassment but little or no damage.
      black hat - attacks without permission for some other purpose, not only does not inform target of how to how to fix, but often does not want target to know they were compromised.

      And this is definitely black hat stuff this article is talking about.

      --
      If corporations are people, aren't stockholders guilty of slavery?
    10. Re:Black hat not White by Securityemo · · Score: 2

      From a cynical perspective, yes, but it could also just be a person who is naive about not being considered a threat or a target of a lawsuit regarding cleanup fees.

      --
      Emotions! In your brain!
    11. Re:Black hat not White by Jeremiah+Cornelius · · Score: 5, Insightful

      HBGary is Black Hat. And Mercenary. They are a boot on the neck of the American people.

      Is torture "White Hat Interrogation" when done by the US, as opposed to the former DDR?

      No. Only if your name is Rumsfeld, Gonzalez or Yoo, would you disagree.

      HBGary is a fascist tool - more akin to the "Ministry of Information" of Brazil , than any recognisable "White Hat" group - say Rapid7.

      HBGary trades in 0-Days for profit, to organisations which act without regard to Constitutional provisions. They advertise tools and methodology to conduct PsyOps and openly advocate methods to subvert the democratic properties of modern public communications channels.

      HBGary colludes with insiders to use Government power to cement corporate advantage over the interests of the citizens and tax-payers of the United States, in the name of "national security".

      They are a fraud and a blight on the purported claims of a free and open society. Like in the movie "Brazil", the methods of Mr. Barr have identified individuals in error. In the age of Abdulrahman Zeitoun and Bradley Manning, the consequences are quite possibly as dire for those individuals, as they were for Mr. Buttle and Sam Lowery.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    12. Re:Black hat not White by AftanGustur · · Score: 2

      The work was being done for a government agency. White Hat.

      :-)

      By that definition the Chinese hackers that were involved in Operation NightDragon were probably also "Wiite hats"

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    13. Re:Black hat not White by DavidTC · · Score: 2

      ciabs, you are retarded, and I suspect your problem is that you think I responded to you in my original post.

      I did not. I responded to a post that said 'It's very simple. Once you discover an exploit in someones code, you can choose to either inform them so they can fix it (White Hat) or withhold the discovery for personal gain (Black Hat).'

      That was the post. You, in response to that, told a stupid little story about getting root. Likewise, I responded to that with a clarification of the terms.

      You took my response to the original post and hallucinated I responded to you, and, because you have some sort of brain trouble and cannot quote, you did not even manage to make your misunderstanding clear.

      In short: Learn how the goddamn internet works.

      --
      If corporations are people, aren't stockholders guilty of slavery?
    14. Re:Black hat not White by tick-tock-atona · · Score: 3, Insightful

      Richard Nixon said "If the President does it, it is legal." We all know how that worked out for him. It sounds like you are substituting "government agency" for "President." No one is above the law, not a President, and not a government agency. Black Hat is Black Hat no matter who is doing it, or who they are doing it for.

      Actually, in the US today, the President and government agencies *are* above the law.

      Yesterday, in South Carolina, an Obama-appointed federal judge dismissed a lawsuit brought by Padilla against former Bush officials Donald Rumsfeld, John Ashcroft, Paul Wolfowitz and others. That suit alleges that those officials knowingly violated Padilla's Constitutional rights by ordering his due-process-free detention and torture. In dismissing Padilla's lawsuit, the court's opinion relied on the same now-depressingly-familiar weapons routinely used by our political class to immunize itself from judicial scrutiny: national security would be undermined by allowing Padilla to sue; "government officials could be distracted from their vital duties to attend depositions or respond to other discovery requests"; "a trial on the merits would be an international spectacle with Padilla, a convicted terrorist, summoning America's present and former leaders to a federal courthouse to answer his charges"; the litigation would risk disclosure of vital state secrets; and "discovery procedures could be used by our enemies to obtain valuable intelligence."

      In other words, our political officials are Too Important, and engaged in far Too Weighty Matters in Keeping Us Safe, to subject them to the annoyance of the rule of law. It's much more important to allow them to Fight The Terrorists without restraints than to bother them with claims that they broke the law and violated the rights guaranteed by the U.S. Constitution.

      Fortunately, other countries are not so squeamish about prosecuting war crimes, which is why Bush et al. will likely never set foot in the EU again.

      Goodbye, leaders of the free world. It was nice while it lasted.

  2. Why "White hat"? by Goglu · · Score: 5, Insightful

    Why would this qualify as "white hat"? Because they sell their solutions to corporations? Corporations are often no better than the mafia: check how well established and still active corporations helped bring Hitler to power.

    What would it be called if they sold their solutions to the "legitimate" government of Saudi Arabia? Or to Hamas (who was elected as the representatives of the Palestinian people)? Would it still be "White hat"?

    I propose that "White hat hacking" be reserved only to those who use their skills for the good of the community as a whole. Just my 2 cents.

  3. Good Thing by Wicked+Zen · · Score: 5, Funny

    ~Well, it's a good damn thing they're developing these products for the government, and not like, someone we can't trust to use them responsibly.~

  4. White-hat? I don't think so by moonbender · · Score: 4, Insightful

    White-hat? Hacking doesn't automatically get a white hat just because it's done for your favorite government (or other organisation). Developing malware and rootkits destined for actual use is black hat hacking, plain and simple. HBGary did both black and white hat stuff.

    --
    Switch back to Slashdot's D1 system.
  5. "Greg Hoglund" not "HBGary" by Securityemo · · Score: 3, Insightful

    Greg Hoglund is a leading expert on rootkits, and per the article it was he who did all the developement and research. If the article tells the truth, the firm sold advanced rootkits to the US government, and the latest iteration would have been one that used advanced memory management techniques to jump around in process memory and do it's thing without using any OS-managed structures, thus evading detection. I don't grok this at all, but it sounds like an advanced version of a technique I read about where the malware extracted the code from DLL files and ran things without having to go through the OS. So that part was entirely llegit, but the social networks part (which the government apparently wasn't at all interested in, presumably because they already got a contract with those Palantir guys) was evidently a catastrophe in the making.

    --
    Emotions! In your brain!
  6. submitter here by romanval · · Score: 4, Informative

    I was gonna put quotes (") around "white hat" but I was out of space. Slashdot needs to accept longer titles.

    This title for was difficult to make because the TFA has subject matter that's all over the map: Collections of 0-day unpublished exploit vectors, rootkits with keyboard loggers disguising payload as ad click tracking data, and social network tracking via bot accounts. Tough to summarize in just 50 characters.

  7. black, white, gray... by DEmmons · · Score: 3, Informative
    It was my understanding, gleaned from sources including the good old Jargon File, that one of the most agreed upon standards for hat color definition is a combination of permission and intention:
    • White Hats are hired or are granted permission to attempt to crack a system's security by the owner(s), usually for the purpose of auditing security, discovering vulnerabilities, and understanding how to fix or minimize them.
    • Gray Hats crack security without authorization, but have no ill intentions once they succeed. These are either practicing their art for practice's sake, doing the owners a favor (unsolicited) by letting them know where the vulnerabilities are so they can fix it, or most likely both.
    • Black Hats crack security maliciously, for a wide variety of reasons - some personal, some financial, and some political. They intend to steal, vandalize, or otherwise harm the owners. Self-styled hacktivists may be an exception to some as they have intentions that they may believe are good, but in general fit here because they have niether the permission nor the intention of doing any good for the system's owners. This is probably the case for Cyber Warriors as well - those who are cracking security by order from their government, as soldiers in an online (but very real) war, or as spies. in these cases, it could mean that even a black hat isn't necessarily evil - and anyway, determining good and evil are probably outside of the scope of the discussion.

    This is, of course, not the only way in which these terms are used, and they do in fact derive from the old spaghetti western convention of good guys in white cowboy hats, and bad guys in black. Technically, HBGary in TFA was not asked to do any form of cracking, just to develop tools and strategies. These tools, of course, were obviously for government-sanctioned attacks, and would have ended up in the hands of cyber warriors / spies. In use, it would probably qualify as a black-hat operation, although ostensibly for the cause of good if the ultimate goal is to thwart terrorists (though it must be kept in mind that many terrorists believe they are on the side of good. it's a strange world).

  8. funny name (sort of ) by roman_mir · · Score: 2

    It's sort of ironic that another product with the same name (Plan B) is used to get rid of unwanted 'intrusion', not promote it...

    --
    You can't handle the truth.
  9. Pedants ruined this discussion by Anonymous Coward · · Score: 2, Insightful

    I'd read TFA earlier. I decided to read the discussion here to see what interesting thoughts people might have on the topic, only to find page after page of arguments about hat colors. WTF? Pedants very rarely ever add to the discussion. Their comments seem mostly intended to inflate their own sense of superiority, and sadly often derail the discussion here as so many readers seem inclined to try to prove they are smarter. I'm sure someone will post a snarky reply that I must be new here. I'm not. I learn something every day reading here. However, this has got to be one of the most vacuous discussions I've seen related to what is a technically interesting topic that deserved better.

    1. Re:Pedants ruined this discussion by mug+funky · · Score: 3, Insightful

      the HBGary sockpuppets are all over /.

      didn't you know?

      btw, how much do labour unions suck? OMG i like totally need to tweet some fox news links right now.

      i like BP. i think the government is being overly harsh.

      Obama is a muslim and wasn't born in america

      AGW is a myth perpertrated by the illuminati and terrorists to make us give up our guns. think about it.

    2. Re:Pedants ruined this discussion by Rick17JJ · · Score: 2

      I was also hopping for some discussion of more substance, than just arguing about hat colors. Below are several things from article that I would have liked to have seen discussed:

      1. Near the end of the article, it mentioned that HBGary had been hacked by Anonymous. If experts like HBGary can not protect themselves from hackers, how can the rest of us mere mortals ever defend ourselves? There was also another recent article on the Ars Technia website that focused on the hacking of HBGary by Anonymous.

      2. The article also mentioned the revolving door of employment between the highest levels of government and corporate offices. That makes me wonder if there any large corporations might possibly secretly be using that type of software to spy on competitors.

      3. Have they also targeted various other operating systems such as Mac OS, Linux, FreeBSD (or not)?

      Those are the kinds of things that I would have liked to have seen discussed instead of the stupid argument about hat colors

      Are there really that many Slashdot readers wanting to argue about hat colors? Perhaps the government or HBGary might have created many of vacuous posts, through fake accounts, and then tried to keep the discussion focused on hat colors instead of anything of more substance. If the government has hundreds of fake Facebook accounts, perhaps they also might have hundreds of fake Slashdot accounts. I assume that is what mug funky meant when he said that "HBGary sockpuppets are all over /.

  10. Re:they take knolwedge form black hats by Jeremiah+Cornelius · · Score: 4, Interesting

    Ahhh... Let's cook-up another "Twitter Revolution".

    "But for a defense contractor with ties to the federal government, Hunton & Williams, DOD, NSA, and the CIA - whose enemies are labor unions, progressive organizations, journalists, and progressive bloggers, a persona apparently goes far beyond creating a mere sockpuppet.

    According to an embedded MS Word document found in one of the HB Gary emails, it involves creating an army of sockpuppets, with sophisticated "persona management" software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online."

    http://www.dailykos.com/story/2011/02/16/945768/-The-HB-Gary-Email-That-Should-Concern-Us-All

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  11. Nixon by ThatsNotPudding · · Score: 2

    He was just ahead of his time. Now, honesty is a vice and expediency is a virtue.