|
Conversations With a Blackhat |
|
|
|
Source: ha.ckers.org - Posted by Anthony Pell
|
I’ve been spending more and more time talking to blackhats lately. Frankly, I think they’re fascinating people, and have a lot to teach the rest of us. With the solemn promise that I won’t try to put them in jail, we can have free flowing conversations which aid us all in thinking about the problem space. I’ve certainly learned a lot. Anyway, I got into a conversation with one of them about how he believes that a lot of the security put in place is actually doing a pretty good job.
The basic premise of the problem, from his perspective, is that hacking directly just isn’t as easy as it used to be, if you are like him. He’s not the type to hack randomly, he’s only interested in targeted attacks with big payouts. Sure, if you really work at it for days or weeks you’ll get in, almost always, but it’s not like it used to be where you’d just run a handful of basic tests and you were guaranteed to break in. The risk is that now when he sends his mules to go cash out, there’s a chance they’ll get nailed. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.
So let’s say I’m badguy1 who wants to break into one or more companies of interest. Sure, I could work for days or weeks and maybe get into one or both of them, but at the risk of tipping my hand to the companies and there’s always a chance I’ll fail entirely.
Read this full article at ha.ckers.org
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
