The Inner World of Gov-Sponsored White-Hat Hacking

← Back to Stories (view on slashdot.org)

The Inner World of Gov-Sponsored White-Hat Hacking

Posted by samzenpus on Sunday February 20, 2011 @02:59AM from the good-guy's-bad-guys dept.

romanval writes "Anonymous leaked emails of white-hat hacker firm HBGary shows how it develops and markets products to government agencies. From the article: 'In 2009, HBGary had partnered with the Advanced Information Systems group of defense contractor General Dynamics to work on a project euphemistically known as "Task B." The team had a simple mission: slip a piece of stealth software onto a target laptop without the owner's knowledge. They focused on ports—a laptop's interfaces to the world around it—including the familiar USB port, the less-common PCMCIA Type II card slot, the smaller ExpressCard slot, WiFi, and Firewire. No laptop would have all of these, but most recent machines would have at least two.'"

13 of 146 comments (clear)

Min score:

Reason:

Sort:

Black hat not White by Anonymous Coward · 2011-02-20 03:04 · Score: 5, Insightful

A 'White Hat' hacker is someone who aims to improve security; HBGary are aiming to take advantage of exploits in order to hack into computers, for mining personal information. They are most definitely 'Black Hat'.
1. Re:Black hat not White by Purist · 2011-02-20 03:25 · Score: 4, Funny
  
  The work was being done for a government agency. White Hat.
  :-)
  
  --
  I used to fear clowns...but I'm discovering that chimps are far, far, worse.
2. Re:Black hat not White by phunster · 2011-02-20 03:35 · Score: 5, Insightful
  
  Richard Nixon said "If the President does it, it is legal." We all know how that worked out for him. It sounds like you are substituting "government agency" for "President." No one is above the law, not a President, and not a government agency. Black Hat is Black Hat no matter who is doing it, or who they are doing it for.
3. Re:Black hat not White by Anonymous Coward · 2011-02-20 03:55 · Score: 5, Insightful
  
  No HBGary belongs to a completely new category of hackers. Neither 'black hat' not 'white hat', but 'ass hat'
4. Re:Black hat not White by Divide+By+Zero · 2011-02-20 03:59 · Score: 5, Insightful
  
  It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.
  White Hat can be "evil", Black Hat can be "good". Value judgments are independent of the definition - are you there to improve bad security or exploit it?
  
  --
  Dare to Hope. Prepare to be Disappointed.
5. Re:Black hat not White by Blue+Stone · 2011-02-20 04:34 · Score: 4, Interesting
  
  I guess here at /. the 'editorial' policy is to provoke discussion regardless of the intellectually dishonest manner that's used. Summaries and titles that distort the original article seem to be more and more prevalent in order, I'd take a wild guess at, to provoke comments.
  Ladies and gentlement, we are being trolled by the management.
  A sad state of affairs.
  
  --
  Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
6. Re:Black hat not White by Corbets · 2011-02-20 05:58 · Score: 4, Insightful
  
  It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.
  
  Not quite. If they REQUEST that you "hack" them and you do so, you're a white hat. If you do it without being asked, then you're a black hat. Walking through the door later is a CYA technique only.
7. Re:Black hat not White by Jeremiah+Cornelius · 2011-02-20 06:35 · Score: 5, Insightful
  
  HBGary is Black Hat. And Mercenary. They are a boot on the neck of the American people.
  Is torture "White Hat Interrogation" when done by the US, as opposed to the former DDR?
  No. Only if your name is Rumsfeld, Gonzalez or Yoo, would you disagree.
  HBGary is a fascist tool - more akin to the "Ministry of Information" of Brazil , than any recognisable "White Hat" group - say Rapid7.
  HBGary trades in 0-Days for profit, to organisations which act without regard to Constitutional provisions. They advertise tools and methodology to conduct PsyOps and openly advocate methods to subvert the democratic properties of modern public communications channels.
  HBGary colludes with insiders to use Government power to cement corporate advantage over the interests of the citizens and tax-payers of the United States, in the name of "national security".
  They are a fraud and a blight on the purported claims of a free and open society. Like in the movie "Brazil", the methods of Mr. Barr have identified individuals in error. In the age of Abdulrahman Zeitoun and Bradley Manning, the consequences are quite possibly as dire for those individuals, as they were for Mr. Buttle and Sam Lowery.
  
  --
  "Flyin' in just a sweet place,
  Never been known to fail..."
Why "White hat"? by Goglu · 2011-02-20 03:09 · Score: 5, Insightful

Why would this qualify as "white hat"? Because they sell their solutions to corporations? Corporations are often no better than the mafia: check how well established and still active corporations helped bring Hitler to power.

What would it be called if they sold their solutions to the "legitimate" government of Saudi Arabia? Or to Hamas (who was elected as the representatives of the Palestinian people)? Would it still be "White hat"?

I propose that "White hat hacking" be reserved only to those who use their skills for the good of the community as a whole. Just my 2 cents.
Good Thing by Wicked+Zen · 2011-02-20 03:15 · Score: 5, Funny

~Well, it's a good damn thing they're developing these products for the government, and not like, someone we can't trust to use them responsibly.~
White-hat? I don't think so by moonbender · 2011-02-20 03:15 · Score: 4, Insightful

White-hat? Hacking doesn't automatically get a white hat just because it's done for your favorite government (or other organisation). Developing malware and rootkits destined for actual use is black hat hacking, plain and simple. HBGary did both black and white hat stuff.

--
Switch back to Slashdot's D1 system.
submitter here by romanval · 2011-02-20 04:20 · Score: 4, Informative

I was gonna put quotes (") around "white hat" but I was out of space. Slashdot needs to accept longer titles.
This title for was difficult to make because the TFA has subject matter that's all over the map: Collections of 0-day unpublished exploit vectors, rootkits with keyboard loggers disguising payload as ad click tracking data, and social network tracking via bot accounts. Tough to summarize in just 50 characters.
Re:they take knolwedge form black hats by Jeremiah+Cornelius · 2011-02-20 07:03 · Score: 4, Interesting

Ahhh... Let's cook-up another "Twitter Revolution".
"But for a defense contractor with ties to the federal government, Hunton & Williams, DOD, NSA, and the CIA - whose enemies are labor unions, progressive organizations, journalists, and progressive bloggers, a persona apparently goes far beyond creating a mere sockpuppet.
According to an embedded MS Word document found in one of the HB Gary emails, it involves creating an army of sockpuppets, with sophisticated "persona management" software that allows a small team of only a few people to appear to be many, while keeping the personas from accidentally cross-contaminating each other. Then, to top it off, the team can actually automate some functions so one persona can appear to be an entire Brooks Brothers riot online."
http://www.dailykos.com/story/2011/02/16/945768/-The-HB-Gary-Email-That-Should-Concern-Us-All

--
"Flyin' in just a sweet place,
Never been known to fail..."