Five Myths About Black Hats
Monday, February 26th, 2007Five Myths About Black Hats
Original article at:
http://www.darkreading.com/document.asp?doc_id=118169&print=true
From Matthew Broderick’s teenage phone phreak in the 1983 movie “WarGames” to today’s Russian mafia don, the image of the computer hacker has undergone some radical changes over the years.
Really, though — just who are these people, and why do they do what they do?
Over the last several weeks, we here at Dark Reading have been asking that very question. But instead of asking security “experts,” we went straight to the horse’s mouths — the black hats themselves. In a survey of 116 individuals who spend at least part of every day trying to break into systems they’re not authorized to access, we received a lot of feedback from people who don’t fit either the image of the pimply-faced script kiddie or the hardened criminal. And, for the most part, they’re anxious to break both stereotypes. “Black hats are not as scary as they get portrayed in movies and at the Defcon convention,” says Caseo, an IT security officer for a regional investment firm. “And most of them aren’t teens or twenty-year-olds living in their parents’ basement.”
At the same time, however, many self-described “black hats” also offer a very different perspective than today’s security experts and IT staffers. In our survey, we had several respondents who said that information should be available to anyone with the skills to access it. Several others suggested that corporations and governments are much greater threats to security than individual black hats. And we even heard from a few individuals who admit to stealing and selling data from their victims. With such a diversity of views and opinions expressed in the survey and in subsequent interviews with respondents, it was difficult to find a simple, comprehensive way to relay all of the data we collected.