White Hat + Black Hat = Grey Hat

5:39 AM ---


Were done discussing the White and Black Hat Hacker, now we are going to hybrid those two that will fall under the Grey Hat Hacker (or Gray Hat Hacker). Grey Hat Hacker based on SecPoint website: What is a Grey Hat?, “In the hacking community, a grey hat refers to a proficient and tech-savvy hacker who is ambivalent enough to sometimes use his program manipulating skills to act illegally in either good or ill will.” “Their intentions for hacking don't usually delve into any of the traditional well-intentioned or maliciously driven extremes; that is, they may or may not commit crimes from time to time during the course of their digital undertakings, so they're not exclusively indulging on any one type of activity like their security-improving or network-destroying counterparts would.” From this, Grey Hat Hackers are in between the two and it is in grey hat hacker hands what he or she will prefer to be. But can you imagine what can grey hat hacker really do? And why they chose to be in between those two? (White and Black Hat Hacker).

Another lines from SecPoint website: What is a Grey Hat?, “One of the reasons why a grey hat would categorize himself as "grey" is to distance himself from the two opposing hacker spectrum white and black, constructive or malicious. For instance, even though a grey hat could gain unauthorized access to a network (an illegal crime in most jurisdictions), he could, at the same time, provide a patch for the exposed vulnerability that allowed him access in the first place without compromising the system he invaded. Also, grey hats may or may not disclose vulnerabilities to the administrators or the general public, or they could even sell them to either white hats or black hats if they so choose.” Here, grey hat hackers are still cracker on which they also exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners but what they do is that they act without malicious intent and their goal is to improve system and network security. However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. Unlike white hat hacker who alerts system owners and vendors of a vulnerability without actually exploiting it in public. (Based on SearchSecurity: gray hat or grey hat).

On this part, Grey hat hacker are considered also as one of the ethical hackers in the hackers’ community. They are the one who mostly formed group of hacktivist on which from forums, to organizations, this group also lead into Hacktivist world on which they have their own set of rules and hack into some systems as a form of protest. One of those famous known group on which can also be considered part of this are the Anonymous. We can see lot of them do protest on the government websites. They also have this kind of quotations, The Mentor quotes: “We explore and you call us criminals.  We seek after knowledge and you call us criminals...Yes, I am a criminal.  My crime is that of curiosity...My crime is that of outsmarting you, something that you will never forgive me for (Mentor, para. 9).” This is an informal attempt to record some kind of record of motivation can be found in the short essay titled "The Conscience of a Hacker" written on January 8th, 1986 and published in the online hacker magazine Phrack, more famously known as "The Hacker Manifesto". The essay became a cornerstone of hacker culture and is probably still the most well-known essay on hacking in existence.

Hacktivism which is still under this grey hat hacker is the development and use of technology to foster human rights and the open exchange of information, or more simply 'hacking for political purposes'. Brought into the mainstream by the hacker group Cult of the Dead Cow (cDc) in the mid-1990s and widely defined as a form of grey-hat hacking due to its sometimes quasi-legal nature, the term 'hacktivism' is often abused misused similar to its cousin 'hacking'; this leads to a dirtying of the public perception of the word. However, the genesis of 'hacktivism' was a benign one. We can see lot of anonymous now a days on the internet since technology runs fast. Communicating and expressing one’s self or as a group which is against the political state of the country can be done now through online. And by using the hacking tools and skills they have, they show it in public. Mostly of the domains they used were from the government websites since their request will be heard directly from all those government sectors. Around the globe, there are lot of Anonymous groups and they do this things not just for their own privileges but also for other people in worldwide web community.

http://news.cnet.com/8301-27080_3-20051482-245.html

Sony sites offline after Anonymous attack threats


Moreover with this Anonymous, “Beginning in 2008, Anonymous started promoting collaborative global hacktivism by performing combined protests to promote freedom of Internet speech. Anonymous group activities are managed by unidentified yet self-attributed Anonymous members. Internet forums and image boards are key sources for Anonymous recruitment, as well as wikis and other Internet Relay Chat (IRC) networks. Anonymous uses such mediums to communicate and organize protests.” We cannot really dictate anonymous as a black hat hacker or even white hat hacker because he or she may use his or her skills for legal or illegal acts, but not for personal gains. Grey hackers use their skills in order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it. While I’m searching for some reading about this grey hat hackers, I found a website on which they are into grey hat but for security purposes and group of grey hat hacker community. It is the Greyhat Security. The site show their legal purpose and uses of their website and the two main purposes of it were Education and Teach advanced techniques to legal Penetration Testers. You can view and read it here: Legal for further research about that website.

Lastly, Grey or Gray Hat Hacking also have a book about ethical hacking. Based on reviews about this book (Gray Hat Hacking: The Ethical Hacker’s Handbook), “It is an ethical hacker’s handbook which combines a highly pedagogical approach with advanced knowledge of security vulnerability, discovery, and exploitation. The process of discovering and exploiting security vulnerabilities is a multiphase one: first, a series of laws must be considered and addressed, to avoid legal prosecution. Next, a network must be scanned, and potentially vulnerable machines detected. The final phase is exploitation, where vulnerable applications are injected with user-controlled data, and the underlying machine is “owned.” These phases are common to both black hats and professional penetration testers, hired for assessment and testing purposes. The authors describe all of these phases in great detail.” Being ethical in what we do is really important because it is where other people and society measures on how you respect yourself as an individual.
Posted by Unknown at 5:39 AM 3 comments

The Black Hat: As learning for Evil?

2:48 AM ---


Welcome to our new topic and it is about Black Hat Hacker. From the previous article I posted here, it is about the white hat hacker who are called as the good guys on which they hack to identify security weaknesses and they expose the security flaws in such a way as to alert the owner that there is a breach so they can fix it before a black hat hacker can take advantage of it. So from this, black hat hackers are considered as the bad guys. Based on the Security News: What’s a Blackhat Hacker?, this group of hackers are also known as crackers or dark-side hackers. Crackers break things and they are computer security hackers that break into computers and networks or also create computer viruses. But why do they do this? What do you think are the reasons why the hackers on this group use learning for evil? Let’s try to go for some further research.

I love to watch some good movies when I am not busy. Usually when there is no exam or class on the next day. Some of it are kind of intelligence type, something suspense and have some strategic analysis on their mission and more into technology. Mission: Impossible - Ghost Protocol which was released last 2011 is one of those movies I watched and it is really exciting because you can see how those gadgets can be used as a way to hack some information and to get the files they needed on their mission. They used lot of Apple products and they installed applications on it to be able to use those devices for the attack. As the new chapters of our life continues, we gained more and more knowledge each day and we cannot choose right away if we are going to use it on good or bad way but still we have our own choice and will. We also think about the consequences what might happen to us if we are going to do those things which are bad. But did you imagined what are running on those black hat hackers mind when they are attacking systems and other government properties?  They inflict major damage on both individual computer users and large organizations by stealing personal financial information, compromising the security of major systems, or shutting down or altering the function of websites and networks based on the definition of What does Black Hat Hacker mean? by Technopedia.

Some of the black hat hackers are teenagers and the way how they used their skills are still in the process of lack of intelligence. They create malicious malwares that attack other system and steal some information through web. With the use of internet and technology they can even access and manipulate information in each company’s databases. There are also some black hat who are wannabes and from this they can get training about their skills on some underground hacker forums so we can see, we really cannot control those skills hackers on their learning ways of becoming a black hat hacker because they can find other organization and meet people who are also interested on this so while the training continues, many becomes more knowledgeable to become notorious black hat hacker. There is an article by Anthony M. Freed which is Black Hat Wannabes Get Training on Underground Hacker Forums. Here other hacking tools and how they can be used are shared to those members who want to become black hat hackers. It’s like turning your skills into a full-time criminal operation just as what Mr. Freed said on his article, “Underground forums are providing education on how to become a better, and more malicious, attacker. Researchers combed one of the largest known hacker forums plus a few smaller ones and discovered that nearly one-third of all the discussion threads were dedicated to hacker training, relaying tips and tricks of the trade for those seeking to sharpen their skills and build some street cred.”

While searching some good articles to read for my new post, I found a list of Top 10 Notorious Black Hat Hackers. Their pictures and description about their selves were listed on that website. It is amazing how they do those hacking from teens to adults. I don’t really admire them to the point I also want to become like them but from the skills they had. They really know how to access and gain information just from the codes and networks. Yes they earned lot of money and skills but mostly of the black hat hackers found their selves guilty and in prison. They spend mostly of their lives facing the consequences they have made. But not all black hat hackers really ended up like that because there are some who landed legit jobs in their own career path of choice. This is from the Mashable website on which Jolie O'Dell posted an article about How 7 Black Hat hackers Landed Legit Jobs. So from this, white hat hackers are also black hat hackers before but they just chose not to be black hat hackers forever. They got hired as IT security consultant and now doing their skills to secure information security of the company.

I believed on what Partha Dasgupta wrote on his article Bad Hacker, Good Hacker, “The attacks on the Internet are made possible by an ancient design error. The Internet was not designed to be a large public network. It was designed to be a closed network used by trustworthy people inside the US military and universities. Today the vulnerabilities are causing heartburn for all those who depend on the network. The hackers are running amok, and the fear of legal action is not enough of a deterrence (the challenge is to cause harm and not get caught). The solution? Who knows?” From his statement I can say that, with this kind of black hat hackers running on cyber world, we cannot really find what can be the solution because we don’t even know to whom we are going to believe and put more trust about security and privacy but for only reasons why this people form is also because of what the society has. It’s not the society that dictates but the scenarios on which came to their minds and set to live on their own rules.



Posted by Unknown at 2:48 AM 0 comments
Subscribe to: Posts (Atom)