Fenrir Logo Fenrir Industries, Inc.
Forced Entry Training & Equipment for Law Enforcement






Have You Seen Me?
Columns
- Call the Cops!
- Cottonwood
Cove

- >Dirty Little
Secrets

- Borderlands of
Science

- Tangled Webb
History Buffs
Tips, Techniques
Tradeshows
Guestbook
Links

E-mail Webmaster








"Black Hats and Honey Pots"

The Internet has become a battlefield between evil hackers (the black hats) and their equally determined opponents the good hackers (the white hats). The battle often involves military sites, and national security. It's no accident. The Internet was designed so that it would be invulnerable in nuclear war. The net software was put together in the open, often by volunteers. Few of the net's authors thought their creation would become a worldwide electronic superhighway with more than a billion users.

Unlike earlier commercial networks, the Internet is wide open. A malicious and knowledgeable user can go anywhere and do a lot of mischief; just about anything short of bringing down the entire net (and maybe even that). Wandering around the cyberscape, snooping and vandalizing as they go, has become a favorite indoor sport. There is a "black hat (hacker) underground" dedicated to getting into places they shouldn't be and doing as they please. The white hat hackers have been outnumbered and outgunned. But that is changing. A little.

The biggest advantage the black hats have is sheer numbers. There are probably more than a hundred thousand "script kiddies" who use hacking tools to play their noxious games on the Web. They do it for fun, in the same spirit that prompts many adolescent pranks. But the script kiddies find net vandalism more entertaining because the damage done is greater, the chances of getting caught fewer and there is no need to ever go face-to-face with your cohorts or your victims.

Most communication is in chat rooms, where that favorite adolescent game, building an alternate persona, may be indulged. You don't even have to be very bright. The term "script kiddies" comes from the easy-to-use tools black hat hackers create and make easily available on the Web. These tools often are point and click, and, well, provide easy-to-use scripts for the black hat wannabes.

The black hats themselves are far fewer, only a few thousand (or few hundred, if you count just the really talented hackers who have gone over to the dark side). Most of the script kiddies are under 18, and thus unlikely to be busted and jailed. Although white hats that find a script kiddie becoming really bothersome, and worth the effort to track down, find a phone call to the kid's parents often gets results. The black hats prefer to stay farther in the background, for they are old enough to be arrested and prosecuted. And more of them are.

But the most worrisome black hats are the true criminals. Some of these black hats work for governments and use their skills to indulge in espionage and theft of technology from foreign governments. The criminal black hats go for money.

The Internet's criminal underground shares a lot of information. Technical tips and newly found net vulnerabilities are traded in password protected chat rooms and encrypted e-mail groups. The script kiddies play a major role in providing a lot of this information. Numbers count, and the kiddies have lots of time to wander the net knocking on doors and making risky moves the older black hats avoid. The kids like to brag, and the black hats listen and take notes.

When the black hats see a particularly promising new vulnerability, they go in themselves. They proceed very carefully. The criminal black hats plan their operations as thoroughly as a professional heist. Nothing is left to chance, for getting caught can be fatal. (In China, they execute black hats.)

Until recently, the only way you found out about a successful black hat operation was after it was too late. And sometimes not even then. The black hats covered their tracks carefully. To them, a successful operation was one that was never discovered. Then the white hats came up with the concept of Honey pots.

A Honey pot is an Internet server (PC a Website is running on) that looks real, but is carefully monitored to record everything the black hat does. This way, the white hats can collect information on the black hats and have a better chance of hunting them down. It's not practical to put the monitoring software on every site. Bank and high-security government servers have substantial defenses that monitor any (well nearly any) penetration and shut down if any unauthorized entry is detected. This doesn't help to identify the black hats, but all these sites want to do is remain secure, not play cop.

The Honey pots have proven useful in finding out what tools and techniques the black hats have. This makes it possible to build better defenses. Honey pots also make the black hats uncomfortable and less confident that any server they are hacking into is not rigged to catch them. This makes the white hats happy.

However, the black hats know the Honey pots are out there, and the technological war of wits continues. The white hats keep making the Honey pots more convincing. As a bonus, they add elements to non-Honey pot servers to make a knowledgeable black hat think it's a Honey pot. A bonus, as it were.

All of this goes on out of sight. Thousands of server administrators have illegal software planted on their systems for various bits of Web mischief (especially denial of service, or DDOS, attacks.) The U.S. government has detected several penetrations of military sites, and theft of information. What worries them is the penetrations they have not detected. Although you don't hear much about it, for obvious reasons, the Honey pot has become a military weapon. In wartime, the militarized black hats could take out Department of Defense servers more quickly than a missile. At that point, some of the script kiddies may realize they are traitors. But until then, the kids are just trying to have some fun.


Copyright-James F. Dunnigan-2001  

"Dirty Little Secrets" is syndicated by:


"Dirty Little Secrets"
by James F. Dunnigan

Jim Dunnigan



James F Dunnigan works as an advisor and lecturer to the Army War College, State Department, National Defense University, Naval Post Graduate School, CIA, and MORS.
He is the author of over one hundred historical simulations and fifteen books, including the modern military classic "How to Make War," which has been current and in print for 16 years selling over half a million copies.
He serves as a military analyst for NBC and MSNBC, and he also appears frequently as a military affairs commentator for ABC, CBS and CNN as he did throughout the Persian Gulf War.
Mr. Dunnigan served in the U.S. Army from 1961 to 1964, and is a graduate of Columbia University.




Jim Dunnigan @ MSNBC



Write to James Dunnigan at: Dunnigan@Paradigm-TSA.com



"Dirty Little Secrets" Archives