Full Disclosure mailing list archives
Re: Motivations... (was IE now on-topic
From: Andrew Latham <lathama () lathama com>
Date: Tue, 20 Jul 2004 13:37:00 -0700 (PDT)
Thank you. I was fishing for info and found a gold mine. So to put it very vaugly we could say that greed, anger, or boredom. So as a moralist/agnostic geek - translated - I truely do understand most all of the sides and agree with everyone to a degree What are the important things to think about to secure any client. 1. Leaving employees. 2. Current employees. 3. Targeted systems (how interesting do I look to a black hat.) 4. Financial gain - how to apply this vaugly to most clients? -- Valdis.Kletnieks () vt edu wrote:
On Tue, 20 Jul 2004 12:36:06 PDT, Andrew Latham said:1. Boredom - more brains than hobbies 2. Needs - burstable bandwidth - downloads - knowledge - bragin rights 3. Challenges 4. OtherYou're equating "black hat" with one subset thereof, more or less. It's a lot more complicated in the real world... I'd posit that the goals and motivations of the black hat can be classified in three wide ranges, with totally different threat models: 1) "type of target" - you don't care who's box it is - you want "any suitable zombie", "any suitable Windows/IIS server", "any suitable Solaris box". 2) "identity of target" - The target has been selected because it's a server for company X, or you want to deface the webpage for organization Y, or it's payback time for black-hat Z. 3) "monetary/related gain" - you really don't care who the target is, it's all about the paycheck - whether it's 500K zombies created by a virus-for-pay, or a hacking run against a server that has credit card numbers on it... Notice that there can be overlap - a black hat engaging in (2) or (3) may very well want to pick up a collection of type (1) stepping-stone machines to launch the attack from. Also, a target can be in different categories at the same time - it can be probed by a script kiddie looking for zombies, while at the same time it's being targeted by a disgruntled ex-employee and a professional criminal. Understanding the differences is important - a defense sufficient to stop the random probing (1) won't slow down either of the other two. However, the professional criminal is more likely to nail you with a 0-day - but will move along if they decide the risk/payoff ratio is bad (they see you have enough network monitors to nail their ass in court, they're outta there ;). The disgruntled ex-staffer may not have a 0-day - but they may well decide it's a personal issue and *keep* attacking when a professional would move on...
ATTACHMENT part 2 application/pgp-signature
===== *----------------------------------------------------------* Andrew Latham AKA: LATHAMA (lay-th-ham-eh) - LATHAMA.COM LATHAMA () LATHAMA COM - LATHAMA () YAHOO COM If yahoo.com is down we have bigger problems than my email! *----------------------------------------------------------* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: antisemtism, FD and bandwidth - what I want out of it, (continued)
- Re: antisemtism, FD and bandwidth - what I want out of it Maarten (Jul 22)
- Re: antisemtism, FD and bandwidth - why it's all a joke VX Dude (Jul 22)
- Re: IE Pablo (Jul 22)
- Re[2]: IE partysan_FFF (Jul 22)
- Re: IE Cory Crawford (Jul 20)
- Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE Full-Disclosure (Jul 20)
- Threat Models (was Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE now on-topic Andrew Latham (Jul 20)
- Motivations... (was Re: IE now on-topic Valdis . Kletnieks (Jul 20)
- Re: Motivations... (was IE now on-topic Andrew Latham (Jul 20)
- Re: Motivations... of White Hats VX Dude (Jul 21)
- Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE Syke (Jul 21)