Protajskom bielych klobukov - whitehatov su samozrejme blackhati - cierne klobuky. Ale nie su uplnym protajskom, pretoze, co sa technik a schopnosti tyka, nemozno povedat, ze by boli slabi. Su rovnako schopni ako biele klobuky, ale narozdiel od nich si uvedomili, ze znalosti vydane niekomu zadarmo rovna sa penazenka splachnuta v zachode.
Spravidla po objaveni zranitelneho miesta v systeme sa ho snazia nejakym sposobom spenazit. Ak sa bezpecnostna chyba tyka rozsirenych systemov, o to lepsie. Samozrejme zavisi aj na zavaznosti daneho objavu. Svoje poznatky potom predavaju na ciernom trhu ludom, ktori su spojeni so zlocinom , ci inymi nezakonnymi aktivitami (spammeri, botmastri a podobni...) a samozrejme za to dostanu zaplatene tak, ze sa ich naklady na pracu vratia. Pripadne v ramci komunity zdielaju poznatky a vymienaju exploity (a tu musim vysvetlit co to je exploit - citajte potom hviezdicku * ).
Bartrovy obchod vzdy na internete fungoval. Takym sposobom potom moze dojst aj k zverejneniu bezpecnostnej chyby: siri sa medzi komunitou, ale niekto nie je celkom cierny a informaciu niekde zverejni. Bezpecnostna chyba sa stava verejnou, vyrobca po horuckovitej praci zverejni zaplatu a admini horuckovito plataju (aspon teda ti svedomiti). Ti nesvedomiti si maju vstupit do svedomia, a ak ziadne nemaju, potom nech idu od IT prec.
*exploit je programcek, pripadne retazec, pomocou ktoreho je mozne zranitelne miesto vyuzit, aby sa utocnik dostal do systemu, pripadne zabranil funkcii atd...
Pri blackhatoch sme sa dotkli aj temy, ze niekto nie je celkom cierny. Ano, mame aj ine "klobuky", sive - greyhats, modre - bluehats, a dokonca ziadne - no-hats. Specifikom su greyhats, ktori najdenu bezpecnostnu chybu predaju legalnemu kupcovi, ale dostanu za nu omnoho viac. Miestom na predaj exploitov (alebo PoC - proof of concept - funkcna vzorka) bol vynikajuci internetovy projekt WabiSabiLabi- bohuzial talianska jurisdikcia mala celkom iny nazor a sefa zatkla, obvinila z digitalnych zlocinov v predchadzajucich projektoch a zamestnaniach, ktore sa neskor nedokazali a clovek je dnes volny. Biznis vsak umrel - kazdy zverejnil spravy o tom, ze cloveka zavreli, ale uz nik nezverejnil spravu, ze clovek je volny a bol zbaveny obvineni. Ked sa vsak obszrieme za kolko sa predavali niektore exploity - 2600EUR, 5000EUR, slabsie za 500EUR... vsetko formou aukcie legalnemu kupujucemu.
Par slov k motivacii utocnika. Peniaze su jednym z hlavnych faktorov na ktore sa pozera. Dnes sa kradnu cisla kreditnych kariet, bankove udaje atd... Co vam budem, priatelia, vysvetlovat, je to fakt, ktory sa menit nebude. Prikladom snad moze byt phishing mail tzv "Drahousek", mozno si spomeniete a pousmejete sa rovnako ako ja, ked na to spominam....
V niektorych pripadoch sa vsak stretavame s patriotizmom (hlavne u tureckych a kurdskych utocnikov), ci dokonca nabozenskym extremizmom (moslimsky narod). Nezriedka sa stretneme s protiamerickymi vyjadreniami (uplne bezne je f*ck Bush - tymto pozdravujem pracovnikov Echelonu :) ), su spojene nezriedka s nabozenskym extremizmom.
Niektori su stale detmi a chcu byt najlepsi, pripadne sa bavia utokmi, niektori maju pocit, musia napadnuty system osetrit...
Aj dnes si dame poeziu - Mentorov manifest (v povodnom zneni). Jedna jedina veta stoji za vsetko: mozete zastavit toto individuum ale nezastavite nas vsetkych.
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.
"This is it... this is where I belong..."
I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
Komentáre
:)
haluznik
fajné fajné
To WabiSabiLabi prečo vnímaš akože bol dobrý prostriedok ?
Jo a máš predstavu ako by bieloklobúčnici mohli byť finančne ohodnotený ? aby sa im to vyplatilo ...
sygon
wabisabilabi bol dobrym prostriedkom, pretoze:
1.ten co objavil zranitelne miesto mohol na tom zarobit dobre peniaze legalnym sposobom
2.firma, vyvijajuca software (napriklad micro$oft) ma dost dukatov na to, aby zaplatila za dieru, ktoru objavil niekto, aj 3000EUR. ty predsa za kopiu windowsov zaplatis cca 2500SKK a ocakavas kvalitny system, miesto toho ta ako zakaznika obtazuje stale nejaka aktualizacia, nezriedka kriticka. ale na tebe M$ uz zarobil, tak preco by nemal dat par dolarov niekomu, kto mu vlastne pomaha?
Whitehati budu dobre ohodnoteni, len ak ich najme firma priamo ale to stratia mozno status whitehata...