September 22, 1997, TechWeb News

The good bad guys vs. the bad bad guys
By Larry Lange

At the core of the hacker mentality is a destructive bent, a love for breaking down seemingly secure products. But not all hackers are alike. Hobbit, Mudge, Yobie Benjamin and others like them are known as "white hats." They break into products to expose their vulnerabilities to the companies that make them. Their evil twins are the "black hats," the nameless hackers who quietly break down systems for personal gain or malicious ends.

"What really concerns me is the people who don't make their hacks public," said Michael Simpson, director of network services at Novell. "What about somebody who may have found out a hack a year before it was published on the Internet and was using it privately?"

Top corporations know the biggest security risks they face come from such black hats. "It's a whole weird thing, but we get e-mails all over the place," said Simpson. "Somebody found some hack that somebody made three years ago which we have long since resolved. But they just discovered it and are trying to extort money out of us. This has happened to us on numerous occasions."

In such a climate, some people say white hats should not publish their work. "There's the whole debate around security through obscurity," said Patrick Taylor, a vice president at Internet Security Systems in Atlanta. "But the odds are that the black hats are going to find out about this stuff anyway, so it's better off to have full disclosure."

White-hat hackers like Hobbit, who posted a landmark document about security flaws in Microsoft's Windows NT, agree. "I realized that Microsoft's networking technologies were becoming more and more common [in use], and to continue being a capable security consultant, I had to learn about it." NT is "everywhere now," he said, "and it's IP-capable enough to be dangerous. Despite Microsoft's hype, NT is definitely not up to speed on security, which places many installations at risk."

In Hobbit's view, "what was going on underneath [the covers of NT] needed to be extensively documented, and that's effectively what the paper did. My motives were to supply some good code that does its testing thoroughly, and to help the security community at large get up to speed on this stuff, since I saw a screaming need for it."

Given their motives, the white hats see themselves at opposite ends of the spectrum from the conventional image of the outlaw hacker. "There's the moral issue," said Benjamin, referring to his experience with NT hacks. "I mean, the U.S. Air Force is communicating with the Navy over NT, and the fact of the matter is that we have our national infrastructure being built on NT."

The problem these hackers face is whether their public image as borderline criminals on the fringes of society will undercut their message to companies like Microsoft.

"The problem seems to be that Yobie, Mudge and I, and all the rest of the hackers and Bugtraqers [those who follow the NT bug-track e-mail list], all seem to be a tiny little corner of the customer base to [companies like Microsoft]," said Hobbit. "And our rantings sink into the jingling noise of the revenue stream."

Copyright (c) 1997 CMP Media Inc.