Forgot your password?
typodupeerror
Government Security Your Rights Online

The Inner World of Gov-Sponsored White-Hat Hacking 146

Posted by samzenpus
from the good-guy's-bad-guys dept.
romanval writes "Anonymous leaked emails of white-hat hacker firm HBGary shows how it develops and markets products to government agencies. From the article: 'In 2009, HBGary had partnered with the Advanced Information Systems group of defense contractor General Dynamics to work on a project euphemistically known as "Task B." The team had a simple mission: slip a piece of stealth software onto a target laptop without the owner's knowledge. They focused on ports—a laptop's interfaces to the world around it—including the familiar USB port, the less-common PCMCIA Type II card slot, the smaller ExpressCard slot, WiFi, and Firewire. No laptop would have all of these, but most recent machines would have at least two.'"
This discussion has been archived. No new comments can be posted.

The Inner World of Gov-Sponsored White-Hat Hacking

Comments Filter:
  • by Anonymous Coward on Sunday February 20, 2011 @11:04AM (#35259720)

    A 'White Hat' hacker is someone who aims to improve security; HBGary are aiming to take advantage of exploits in order to hack into computers, for mining personal information. They are most definitely 'Black Hat'.

    • by Purist (716624) on Sunday February 20, 2011 @11:25AM (#35259828)
      The work was being done for a government agency. White Hat.

      :-)

      • by phunster (701222) on Sunday February 20, 2011 @11:35AM (#35259876)

        Richard Nixon said "If the President does it, it is legal." We all know how that worked out for him. It sounds like you are substituting "government agency" for "President." No one is above the law, not a President, and not a government agency. Black Hat is Black Hat no matter who is doing it, or who they are doing it for.

        • Re: (Score:2, Interesting)

          by Securityemo (1407943)
          So hacking into the government systems of an oppressive government in order to cause it damage somehow as part of a larger campaign to topple it without invading and killing lots of people would be "evil"?
          • by Divide By Zero (70303) on Sunday February 20, 2011 @11:59AM (#35259976)
            It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.

            White Hat can be "evil", Black Hat can be "good". Value judgments are independent of the definition - are you there to improve bad security or exploit it?

            • by Corbets (169101) on Sunday February 20, 2011 @01:58PM (#35260586) Homepage

              It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.

              Not quite. If they REQUEST that you "hack" them and you do so, you're a white hat. If you do it without being asked, then you're a black hat. Walking through the door later is a CYA technique only.

              • From a cynical perspective, yes, but it could also just be a person who is naive about not being considered a threat or a target of a lawsuit regarding cleanup fees.
              • It's nothing to do with "good" or "evil", it's what you do with the results. If you hack, say, Hamas, and then use that information to your advantage, you are Black Hat. If you hack Hamas, then walk in through their front door with a report of how you owned them (pwned, pwnz0red, whatever) and how they can fix their systems, you are White Hat.

                Not quite. If they REQUEST that you "hack" them and you do so, you're a white hat. If you do it without being asked, then you're a black hat. Walking through the door later is a CYA technique only.

                i have to agree here. HBgary seems black hat to me.
                The way i have always understood it: Black hat: exploits security flaws.
                Whi

            • If you break the law period, you're a Black Hat.
              If you follow the law period, you're a White Hat.

              What HBGaryFederal did was not against the law. If they were contractors for federal agencies, they have the authority of the FBI which means they have the legal authority to do these types of searches.

              I don't necessarily like it. The Patriot Act and many other Bush era laws were set in place that we don't like. But the law specifically says the government can do practically anything it wants to us in a time of

          • by eggled (1135799)
            Yes. Albeit the lesser of two evils, and infinitely preferable in the scenario you propose.

            White hat hackers tend to work "for the good of all". Black hats exploit weaknesses to subvert protective measures for their own (or their organization's) benefits. The goal of white hats is to close security loopholes. Black hats exploit those loopholes.
            • by Jeremiah Cornelius (137) on Sunday February 20, 2011 @02:35PM (#35260816) Homepage Journal

              HBGary is Black Hat. And Mercenary. They are a boot on the neck of the American people.

              Is torture "White Hat Interrogation" when done by the US, as opposed to the former DDR?

              No. Only if your name is Rumsfeld, Gonzalez or Yoo, would you disagree.

              HBGary is a fascist tool - more akin to the "Ministry of Information" of Brazil [wikimedia.org], than any recognisable "White Hat" group - say Rapid7 [wikimedia.org].

              HBGary trades in 0-Days for profit, to organisations which act without regard to Constitutional provisions. They advertise tools and methodology to conduct PsyOps and openly advocate methods to subvert the democratic properties of modern public communications channels.

              HBGary colludes with insiders to use Government power to cement corporate advantage over the interests of the citizens and tax-payers of the United States, in the name of "national security".

              They are a fraud and a blight on the purported claims of a free and open society. Like in the movie "Brazil", the methods of Mr. Barr have identified individuals in error. In the age of Abdulrahman Zeitoun [guardian.co.uk] and Bradley Manning, the consequences are quite possibly as dire for those individuals, as they were for Mr. Buttle and Sam Lowery.

              • If HBGaryFederal is Black Hat and working in the interest of protecting the security of the US Government, then the US Government is also Black Hat. Correct?

                • Black is 3 shades lighter and brighter, than the colour of the US hat.

                  Anyone who operates "Delta Forces" and runs "Black Sites" and commits the horrors of a Guernica, on a daily basis?

                  The answer is not that the US wears a "Black Hat". It is that the US has a Black Heart.

          • by russotto (537200)

            So hacking into the government systems of an oppressive government in order to cause it damage somehow as part of a larger campaign to topple it without invading and killing lots of people would be "evil"?

            No, but it would be "black hat" by the computer security definition.

            HBGary seems to me to be in the same ethical position as any weapons manufacturer.

          • Yes - maliciously interfering with the infrastructure of a sovereign nation is an act of war. Doing it surreptitiously through civilian channels makes it terrorism.
        • by tick-tock-atona (1145909) on Sunday February 20, 2011 @08:46PM (#35263472)

          Richard Nixon said "If the President does it, it is legal." We all know how that worked out for him. It sounds like you are substituting "government agency" for "President." No one is above the law, not a President, and not a government agency. Black Hat is Black Hat no matter who is doing it, or who they are doing it for.

          Actually, in the US today, the President and government agencies *are* above the law [salon.com].

          Yesterday, in South Carolina, an Obama-appointed federal judge dismissed a lawsuit brought by Padilla against former Bush officials Donald Rumsfeld, John Ashcroft, Paul Wolfowitz and others. That suit alleges that those officials knowingly violated Padilla's Constitutional rights by ordering his due-process-free detention and torture. In dismissing Padilla's lawsuit, the court's opinion relied on the same now-depressingly-familiar weapons routinely used by our political class to immunize itself from judicial scrutiny: national security would be undermined by allowing Padilla to sue; "government officials could be distracted from their vital duties to attend depositions or respond to other discovery requests"; "a trial on the merits would be an international spectacle with Padilla, a convicted terrorist, summoning America's present and former leaders to a federal courthouse to answer his charges"; the litigation would risk disclosure of vital state secrets; and "discovery procedures could be used by our enemies to obtain valuable intelligence."

          In other words, our political officials are Too Important, and engaged in far Too Weighty Matters in Keeping Us Safe, to subject them to the annoyance of the rule of law. It's much more important to allow them to Fight The Terrorists without restraints than to bother them with claims that they broke the law and violated the rights guaranteed by the U.S. Constitution.

          Fortunately, other countries are not so squeamish about prosecuting war crimes, which is why Bush et al. will likely never set foot in the EU again [salon.com].

          Goodbye, leaders of the free world. It was nice while it lasted.

          • by sznupi (719324)
            I assume that by "while it lasted" you mean "while the concept had great PR"? (which included also comparative advantage with many more places - but such advantage doesn't mean much in general, especially considering the mode of creation of some lesser [chomsky.info] places [wikipedia.org] in particular; but places populated with lesser people, so the PR could work well... comparably)
        • He was just ahead of his time. Now, honesty is a vice and expediency is a virtue.
      • by gmuslera (3436)
        So if that activities ended in a blood bath somehow, would end being called Red Hat?

        Still, probably from which government was that agency will change the color of the hat too.
      • by AftanGustur (7715)

        The work was being done for a government agency. White Hat.

        :-)

        By that definition the Chinese hackers that were involved in Operation NightDragon [infosecisland.com] were probably also "Wiite hats"

        • by elucido (870205) *

          The work was being done for a government agency. White Hat.

          :-)

          By that definition the Chinese hackers that were involved in Operation NightDragon [infosecisland.com] were probably also "Wiite hats"

          To the Chinese yes they'd be the White Hats. To the rest of the world they'd be something else.

      • by WorBlux (1751716)
        The owners authorization is what's relevant, not the government's (Government being nothing more than a group of men and women who do business at the barrel of a gun)
      • by rtb61 (674572)

        Your countries espionage White hats would be other countries Black Hats as there are always many more other countries and you would also consider other countries White Hat espionage agents as Black Hats, the numbers are definitely for Black Hats as the appropriate nomenclature.

        Time of course to point out the stupid. You also would be giving away dangerous technology that once discovered could and would be used against you. Now to make that even worse, you can not defend against the attack without alertin

        • Your countries espionage White hats would be other countries Black Hats as there are always many more other countries and you would also consider other countries White Hat espionage agents as Black Hats, the numbers are definitely for Black Hats as the appropriate nomenclature.

          Time of course to point out the stupid. You also would be giving away dangerous technology that once discovered could and would be used against you. Now to make that even worse, you can not defend against the attack without alerting others to it thus defeating it's value, what can you say but, "the stupid, oh my God, it burns". So not only Black hats but really bloody stupid Black Hats.

          The White Hats can and must aggressively hack. This is the only way they can hack Al Qaeda.

          I find it funny this site at one time will claim they can't wait for the US Cyber Command and wants the USA to win the Cyber War, but then gets angry at HBGaryFederal. I don't agree with or understand why HBGaryFederal was hacking American citizens and in specific hacking some of the people they chose, but I also am not President Obama.

          Before we judge what they were doing, we ought to wait until the full story comes o

          • by rtb61 (674572)

            The basic principle still stands, to hack a network you basically must exploit a weakness. The ultimate goal of all security experts is to close all weaknesses. You can not exploit what you close, you can not secure what you leave weak. Any security organisation that knowingly leaves citizens exposed to security holes, in order to pursue personal promotions via committing crimes in other countries is in fact acting in a treasonous manner.

            The white hate chooses honour and integrity and secures networks, t

            • by elucido (870205) *

              The basic principle still stands, to hack a network you basically must exploit a weakness. The ultimate goal of all security experts is to close all weaknesses. You can not exploit what you close, you can not secure what you leave weak. Any security organisation that knowingly leaves citizens exposed to security holes, in order to pursue personal promotions via committing crimes in other countries is in fact acting in a treasonous manner.

              The white hate chooses honour and integrity and secures networks, the black hat chooses personal success and leaves discovered security weakness in place so that they can exploit them, for what ever reason and in which ever location the choose.

              So international terrorist groups like Al Qaeda cannot be hacked? That to me is ridiculous.
              How do you have a cyber war if there are no offensive capabilities?

      • The White Hat and Black Hat divide was invented entirely by and for the government so that the government could categorize the hacker community. In essence the only difference between White Hat and Black Hat is that the White Hat follows the law when conducting their hacks. Despite what you think, the federal government had legal authority under the patriot act and other previsions to wiretap. The government still can get a search warrant and once a search warrant is obtained then any group of contractors c

    • by GerardM (535367)

      The original story at Ars Technica is called "Black ops: how HBGary wrote backdoors for the government". The person who submitted the story is not colour blind...
      Thanks,
                GerardM

      • by Blue Stone (582566) on Sunday February 20, 2011 @12:34PM (#35260148) Homepage Journal

        I guess here at /. the 'editorial' policy is to provoke discussion regardless of the intellectually dishonest manner that's used. Summaries and titles that distort the original article seem to be more and more prevalent in order, I'd take a wild guess at, to provoke comments.

        Ladies and gentlement, we are being trolled by the management.

        A sad state of affairs.

        • As long as it's consistent it isn't so troublesome. This is a discussion site after all.
        • That's his "style". Why do they let him out of "idle" section is beyond me.

          Pretty soon all "editors" will concentrate more on hype than on anything else, and summaries will have all the quality and integrity of io9 posts.
          Just wait and see... Soulskill is already somewhat of a samzenpus-lite.

        • by mug funky (910186)

          more enticing headline = more ads clicked (maybe).

          they don't do it too badly here, compared to even the most respected online newspapers.

    • by Anonymous Coward on Sunday February 20, 2011 @11:55AM (#35259960)

      No HBGary belongs to a completely new category of hackers. Neither 'black hat' not 'white hat', but 'ass hat'

    • A 'White Hat' hacker is someone who aims to improve security

      That statement leaves the definition up to a point of view.
      From the US PoV this could well be seen as a white hat activity as the aim is to serve USGov interests, while from the targets PoV it would be deemed black hat. A Russian counterpart of this company would by your reasoning be a black-hat company from a US perspective but a white-hat (good) from Medvedev's, since it poses a threat to the USGov agenda and serves the RusGov's.

    • "They are most definitely 'Black Hat'."

      "The work was being done for a government agency. White Hat. "

      Actually, it doesn't really matter anymore. What matters is the fact that, more then likely, ANONYMOUS now has these tools. We have to assume the entirety of HBGary's data were compromised--The Ars Technica article seems to imply a greater knowledge of these tools then the emails alone would impart. Hmm. The only reason I could see Anonymous not getting these tools after the caper they pulled off is if HBGar

    • The government is the one who invented this white hat black hat division.

      White hats are the hackers who refuse to break the law. They can write offensive programs, they can be investigators, they can hack terrorists, because they have a search warrant and it's not illegal.

      Grey hats are the hackers who will break the law in the name of research, science, security and or improvement. They wont break just any law, but the minor laws that nobody will arrest them for.

      Black hats will break any and every law becau

  • Why "White hat"? (Score:5, Insightful)

    by Goglu (774689) on Sunday February 20, 2011 @11:09AM (#35259752)
    Why would this qualify as "white hat"? Because they sell their solutions to corporations? Corporations are often no better than the mafia: check how well established and still active corporations helped bring Hitler to power.

    What would it be called if they sold their solutions to the "legitimate" government of Saudi Arabia? Or to Hamas (who was elected as the representatives of the Palestinian people)? Would it still be "White hat"?

    I propose that "White hat hacking" be reserved only to those who use their skills for the good of the community as a whole. Just my 2 cents.
    • Indeed. Some people, most notably samzenpus, apparently think it's white hat hacking when it's a company or government doing the hacking. But that obviously isn't the case. White hat hacking is really about people who do the hacking in order to improve security and to help people whereas in this case it is perfectly clear neither the government or HBGary has any intention of helping anyone except themselves.

      Throwing a rootkit on someone's laptop without that person knowing about it and with the intention of

  • Good Thing (Score:5, Funny)

    by Wicked Zen (1006745) <`chaosturtle' `at' `yahoo.com'> on Sunday February 20, 2011 @11:15AM (#35259790)
    ~Well, it's a good damn thing they're developing these products for the government, and not like, someone we can't trust to use them responsibly.~
  • by moonbender (547943) <moonbender@@@gmail...com> on Sunday February 20, 2011 @11:15AM (#35259792)

    White-hat? Hacking doesn't automatically get a white hat just because it's done for your favorite government (or other organisation). Developing malware and rootkits destined for actual use is black hat hacking, plain and simple. HBGary did both black and white hat stuff.

    • You could argue that "Hats" is a bad construct, and that if you understand the consequences of your actions conventional moral terms serve much better. The only reason the terms are used, I think, is because of the fact that it's so easy to get away with things. There's no external moral reinforcement because there's really no effective law enforcement and the anonymity is total. I think this is why all the security people I've met IRL have been "neurotic" or "twitchy".
    • In fact, I would assert that if it's being done by/for a government, that makes it suspect. Doesn't mean it's automatically black hat or white hat, but any government hacking of citizens should be viewed with great skepticism. There are legitimate reasons, but it's up to the people/agency performing the hacking that it's actually in the public interest and for legitimate law enforcement purposes.
      • by elucido (870205) *

        If they just get a search warrant then thats the legitimate reason.

        • Agreed, but lately, many times they don't have a search warrant. Also, how do you control the distribution and installation of viral malware as proposed in the article? There is no search warrant that can legitimately cover that.
  • by Securityemo (1407943) on Sunday February 20, 2011 @11:22AM (#35259812) Journal
    Greg Hoglund is a leading expert on rootkits, and per the article it was he who did all the developement and research. If the article tells the truth, the firm sold advanced rootkits to the US government, and the latest iteration would have been one that used advanced memory management techniques to jump around in process memory and do it's thing without using any OS-managed structures, thus evading detection. I don't grok this at all, but it sounds like an advanced version of a technique I read about where the malware extracted the code from DLL files and ran things without having to go through the OS. So that part was entirely llegit, but the social networks part (which the government apparently wasn't at all interested in, presumably because they already got a contract with those Palantir guys) was evidently a catastrophe in the making.
  • They spend so much time dicking around with my laptop at airports and borders so it's not so suspicious when they also dick around with your laptop. Now if they'd just hire somebody with a clue to fondle my ports, I could get through the line much much faster.

    • That's just stupidity and people performing tasks without understanding the reasons behind them. But from what we've seen, "US intel" would evidently take advantage of the situation of confusion, I.E. install malware onto targets during border checks. They probably already are.
    • by Anonymous Coward

      I pop in a separate hard drive when I travel. when I arrive, i swap it with the real one (which is encrypted of course).

    • fondle my ports

      Dude, TMI.

  • submitter here (Score:5, Informative)

    by romanval (556418) on Sunday February 20, 2011 @12:20PM (#35260080)

    I was gonna put quotes (") around "white hat" but I was out of space. Slashdot needs to accept longer titles.

    This title for was difficult to make because the TFA has subject matter that's all over the map: Collections of 0-day unpublished exploit vectors, rootkits with keyboard loggers disguising payload as ad click tracking data, and social network tracking via bot accounts. Tough to summarize in just 50 characters.

    • Don't worry. Just be content that your story made it to the front page. Some people will bitch about articles regardless.

  • by roman_mir (125474) on Sunday February 20, 2011 @01:37PM (#35260486) Homepage Journal

    It's sort of ironic that another product with the same name (Plan B) is used to get rid of unwanted 'intrusion', not promote it...

  • by Anonymous Coward

    I'd read TFA earlier. I decided to read the discussion here to see what interesting thoughts people might have on the topic, only to find page after page of arguments about hat colors. WTF? Pedants very rarely ever add to the discussion. Their comments seem mostly intended to inflate their own sense of superiority, and sadly often derail the discussion here as so many readers seem inclined to try to prove they are smarter. I'm sure someone will post a snarky reply that I must be new here. I'm not. I learn s

    • This is because the only ones that can really contribute to this discussion is those who have technical knowledge of computer security and those who have experience with government or IT security contracting. You should probably be happy that anyone here can contribute at all to the discussion.
    • by mug funky (910186) on Sunday February 20, 2011 @06:38PM (#35262494)

      the HBGary sockpuppets are all over /.

      didn't you know?

      btw, how much do labour unions suck? OMG i like totally need to tweet some fox news links right now.

      i like BP. i think the government is being overly harsh.

      Obama is a muslim and wasn't born in america

      AGW is a myth perpertrated by the illuminati and terrorists to make us give up our guns. think about it.

    • by Rick17JJ (744063)

      I was also hopping for some discussion of more substance, than just arguing about hat colors. Below are several things from article that I would have liked to have seen discussed:

      1. Near the end of the article, it mentioned that HBGary had been hacked by Anonymous. If experts like HBGary can not protect themselves from hackers, how can the rest of us mere mortals ever defend ourselves? There was also another recent article on the Ars Technia website that focused on the hacking of HBGary by Anonymous.

      2. The

      • 1. It was an act of social engineering against their admin. They got their hands on the SSH password - not superhuman hacking skills. And it was a 16-year old girl that did it, to boot.

        2. Yeah, I'd think so. But you need to know the limitations and proper use of that sort of software at least, to avoid getting caught.

        3. The rootkits I've seen are mostly for windows, though there are a lot of *nix rootkits around. Traditionally, rootkits where the domain of *nix servers - they where as far as I know no
        • Elaborating: I assume these rootkits (I don't think HBGary have knowingly participated in industrial espionage mind, but there are a lot of malware authors out there) are sold as packages designed for use in spear phishing or usb key schemes. In order for the attacking party to avoid liability when the software exfiltrates data from the target network, no matter how good steganography it uses, it would need to dump the data onto a "bulletproof" system or lease a botnet. Such systems are (currently) found in
          • And no, you could not use open HTTP/Socks proxies or TOR assuming they where not blocked, not if you wanted to use steganography. Which you would want to, since you want to present an "advanced persistent threat", i.e., you want to monitor the target systems for a long time without getting caught.
  • So is it just me, or is it fucking police state of America week on Slashdot?
    • It's Horrible Hour! All drinks at the bar cost their base price plus a random amount of cash between 10% and 90%. If you pay too little, you get fondled. If you pay too much, you get fondled. If you get caught bringing in liquor into the establishment, you are shot.
  • A day late and a dollar short, as ever.

  • They focused on portsâ"a laptop's interfaces to the world around itâ"including the familiar USB port, the less-common PCMCIA Type II card slot, the smaller ExpressCard slot, WiFi, and Firewire. No laptop would have all of these

    Funny, my Thinkpad does.

Every successful person has had failures but repeated failure is no guarantee of eventual success.

Working...