I. Are they black or white? Analyze the information in the text given above and answer the question.
- Vladimir Levin allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used is unknown.
- Mark Russinovich is an expert on Windows architecture and programming; noted for identifying the limited differences between Windows NT Server and Workstation, and discovering the 2005 Sony Rootkit software.
- H. D. Moore is a vulnerability researcher and author of the Metasploit penetration testing tool.
- Gary McKinnon (Solo) hacked into computer networks owned by NASA, the US Army, US Navy, Department of Defense and the US Air Force, and also one belonging to The Pentagon.
- Frank Lebron flooded many large P2P networks with trojans, viruses, and worms. Arrested and charged by the FBI.
- Michał Zalewski is a prominent security researcher and author of “Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks”.
II. Put the following hacker’s activity characteristics in the correct box.
Might break into computer systems to heighten awareness of security flaws, won’t announce vulnerabilities until company is ready or found to be unresponsive, hacks systems for own gain or for malicious reasons, releases exploit code that isn’t easily modified for hacking security, will only attack systems when authorized by the owner, keeps vulnerability information to trade with other black hats on closed lists.
|
White hats |
Grey hats |
Black hats |
Ideology |
works to secure computer systems without breaking into them
|
|
Cares more about controlling systems and accessing protected information than about securing computers |
Information handling |
|
announces vulnerability publicly without informing software company, or on the same day that software company is notified |
|
Use of code |
will show software maker - but no one else – how to exploit vulnerability |
|
Won’t publish publicly, instead keeps for own use. |
Hacking ethics |
|
explores holes, then notifies owner of system that it’s vulnerable |
|
III. Comment on the following quotations:
1. “We choose the term “grey hat” to represent the independent researcher who didn’t have a vested interest in any particular company or product”
Chris Wysopal,
Director of research and development group for security firm @Stake
2. “We are reaching a crossroad where decisions have to be made… Are they going to continue to function as a security consultant or go to the dark side?”
Howard Schmidt,
Vice-chairman White House’s Critical infrastructure Protection Board
3. “If you’re grey, you are black”
Peter Lindstrom,
Director of security strategies, the Hurwitz Group
4. "No matter what color your hat, you need to realize that there is a greater dependency on networks today."
Howard Schmidt,
Vice-chairman White House’s Critical infrastructure Protection Board
5. "Companies say, 'We don't hire hackers.' But you go there and they have a room full of them"
md5,
A member of the GhettoHackers, a Seattle-area group of white hats
:-0 Perhaps white and black colors are just shades of grey…
%-) Only God knows…
IV. Outline a profile of a modern hacker. It might be a white hat, a black hat or a grey hat hacker. Mind the following aspects:
1) background, education, job
2) age, gender, marital status
3) appearance
4) features of character, manner of behavior
5) personal contacts, friends
6) professional skills, experience
Jigsaw Activities
Work in pairs. Student A read the information about the “414” hacker group. Student B read the information about the “Cult of the Dead Cow” hacker group. Ask each other the questions and complete the chart given below the text.