.

Let’s change the name!

<<

Kev

Post Fri Jul 14, 2006 11:41 am

Let’s change the name!

We use the terms white hat, grey hat and black hat to describe hackers. Black hats are those that don’t follow any ethical guidelines. My problem with this terminology is that it seems to romanticize hackers that are doing a lot of harm.  Sort of like that old western films with the good guys being “white hats” and the outlaws being “black hats”.  Heck, when I was a kid I sometimes liked playing the part of the outlaw!    I also find that part of the problem is some people involved in security have a secret admiration for the so called black hat hackers.  The reality is this not something cool or makes you l33t or is a victimless crime.  It is now estimated that over 38 million people in the USA have had their identities exposed to cyber criminals.  Identity theft in its worse form can be devastating and take many months if not years to repair for some.  Those involved with such activities are thieves and criminals. Not much better than someone stealing a purse out the hands of an old lady walking down a street.  The battle line is getting drawn more clearly every day and it’s up to people like us to help protect the innocent. Yes I know there are a lot of hackers that say “I am not doing any harm. I am just curious and like to poke around.”  I usually respond with “Do you mind if I walk into your house and go through your closet and dresser draws?”  I hope I don’t sound like I am standing on a soap box preaching but it’s the way I have come to feel having seen a number of people hurt by cyber criminals.
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Fri Jul 14, 2006 7:28 pm

Re: Let’s change the name!

Hey, Kev, you know what?

You are RIGHT. Absolutely, 100%, NOT WRONG. Your "tirade" about black hats vs. white hats relating to the old Westerns is exactly the same refernce my instructor made on the first day of CEH class. Hollywood films don't help the matter much either, they make it worse. Movies like The Matrix, and The Net, with Sandra Bullock, make the problem worse. The general public is fascinated and generally intrigued by the black hats, but they don't understand the underlying concepts, such as social engineering, fingerprinting, enumeration, Denial of Service, etc. They don't have the desirte to do the research it takes to fully understand the situation.

You know what you should do? If you are really this concerned about it, you should go to NW3C click on Research, which is the site of the National White Collar Crime Center in Fairmont, WV.
(I had a job interview there on May 1st). You can volunteer on the site for their National White Collar Crime Consortium. I submitted for it when I was there on May 1st. They have a magazine [The Informant,]they put out (not sure of the schedule) all about Internent Fraud, including Elder Fraud. This magazine is full of actual cases the FBI has pursued without any actual names given. Of course, they cannot use real names. The NWCC is a Federal non-profit organization that gets grant money from Congress, the FBI, and Homeland Security. Fascinating stuff to read about, especially from a Federal standpoint. I'll bet if a few more of the black hats out there knew the feeling of the FBI knocking on your door, they might think twice about it.

  Did you know there are Internet fraud scammers that continue to pursue their victims even AFTER they're sentenced to Federal prison? Read a few of the stories in this magazine. After you shake off the goose bumps (Heck, I had to) you'll be asking yourself, "What were they THINKING???" Really scary stuff in that magazine, and it's all TRUE. But the names have been dropped to protect the innocent.
I'll tell you, I never used to watch the old FBI tv show, but I have new appreciation for the FBI now. I'm promising myself (I already promised EC-council) I'll be good. I don't want to do NO time in Federal pen.  ;D
Last edited by oyle on Fri Jul 14, 2006 7:35 pm, edited 1 time in total.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

Kev

Post Sat Jul 15, 2006 9:01 pm

Re: Let’s change the name!

Hey Oyle, thanks for the link.
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Sun Jul 16, 2006 11:34 am

Re: Let’s change the name!

Hey, No Problemo.

Lemme know what you think about it. It really is cool, ya think? Cool, but scary, too.

On the NW3C site, click on "Resources" to access the Informant Magazine section. The Informant magazine comes out 3 times a year, I have gotten one issue in the mail already since my interview on May 1st.


;D
Last edited by oyle on Sun Jul 16, 2006 11:39 am, edited 1 time in total.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

Kev

Post Mon Jul 17, 2006 7:17 am

Re: Let’s change the name!

I like the idea a lot. I will need to spend some time reviewing to make sure they are real.  On the surface I would say it is a great idea and thank you again for posting that link.
Last edited by Kev on Mon Jul 17, 2006 1:45 pm, edited 1 time in total.
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Mon Jul 17, 2006 5:48 pm

Re: Let’s change the name!

No problem. They ARE real. I've been there. The FBI is real, make no mistake.
Like I said, I submitted my volunteer paperwork there in person, May 1st. To this day, nobody has contacted me asking me to do anything. I'm, not even listed as a member. Ideally, for you to be affiliated with the NW3C, you should be involved somehow with law enforcement; an officer in a police dept., a detective, etc. I am not affilliated in any way with law enforcement, although I plan to someday soon head over to my local police dept to ask them if they have a cybercrime division, and to ask if I can get involved somehow.

We'll see. ???

;D ;D
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

Kev

Post Tue Jul 18, 2006 9:34 pm

Re: Let’s change the name!

Let us know how it goes with approaching the law enforcement agency.  In my dealing they are often very much into their own “clicks” and don’t respond so well to people they see as “outsiders”.  If you know at least one person in the force to open the door it can make a big difference.
<<

Kev

Post Thu Aug 03, 2006 12:48 pm

Re: Let’s change the name!

    I had a different thought on this topic. Rather than try and suppress the glamorization of Black Hats, perhaps a better avenue would be the glamorization of the security professional.  I have already seen the term “Security Warrior” and “Security Samurai” and I do like all the Sun Zu quotes that seem to abound in every network security book I have read. “Know your enemy as you know yourself.” has to be the most quoted! 

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software