July 6, 2001
Blackhats and Honeypots- The internet has become a battlefield between evil hackers (the black hats) and their equally determined opponents the good hackers (the white hats). The battle often involves military sites, and national security. It's no accident. The Internet was designed so that it would be invulnerable to nuclear war. The net software was put together in the open, often by volunteers. Few of the nets authors thought their creation would become a world wide electronic superhighway with over a billion users.
Unlike earlier commercial networks, the internet is wide open. A malicious and knowledgeable user can go anywhere and do a lot of mischief; just about anything short of bringing down the entire net (and maybe even that). Wandering around the cyberscape, snooping and vandalizing as they go, has become a favorite indoor sport. There is a "black hat (hacker) underground" dedicated to getting into places they shouldn't be and doing as they please. The white hat hackers have been outnumbered and outgunned. But that is changing. A little.
The biggest advantage the black hats have is sheer numbers. There are probably over a hundred thousand "script kiddies" who use hacking tools to play their noxious games on the web. They do it for fun, in the same spirit that prompts many adolescent pranks. But the script kiddies find net vandalism more entertaining because the damage done is greater, the chances of getting caught less and no need to ever go face-to-face with your cohorts or your victims. Most communication is in chat rooms, where that favorite adolescent game, building an alternate persona, could be indulged. You don't even have to be very bright, the terms "script kiddies" comes from the easy to use tools black hat hackers create and make easily available on the web. These tools are often point and click, and, well, provide easy to use scripts for the black hat wannabes.
The black hats themselves are far fewer, only a few thousand (or few hundred, if you count just the really talented hackers who have gone over to the dark side.) Most of the script kiddies are under 18, thus unlikely to get busted and jailed. Although white hats that find a script kiddie becoming really bothersome, and worth the effort to track down, a phone call to the kids parents often gets results. The black hats prefer to stay farther in the background, for they are old enough to get arrested and prosecuted. And more of them are.
But the most worrisome black hats are the true criminals. Some of these black hats work for governments and use their skills to indulge in espionage and theft of technology from foreign governments. The criminal black hats go for money.
The internet's criminal underground shares a lot of information. Technical tips and newly found net vulnerabilities are traded in password protected chat rooms and encrypted email groups. The script kiddies play a major role in providing a lot of this information. Numbers count, and the kiddies have lots of time to wander the net knocking on doors and making risky moves the older black hats avoid. The kids like to brag, and the black hats listen and take notes.
When the black hats see a particularly promising new vulnerability, they go in themselves. They proceed very carefully. The criminal black hats plan their operations as thoroughly as a professional heist. Nothing is left to chance, for getting caught can be fatal (in China, they execute black hats.)
Until recently, the only way you found out about a successful black hat operation was after it was too late. And sometimes not even then. The black hats covered their tracks carefully. To them, a successful operation was one that was never discovered. Then the white hats came up with the concept of Honey Pots.
A Honey Pot is an internet server (PC a web site is running on) that looks real, but is carefully monitored to record everything the black hat does. This way, the white hats can collect information on the black hats and have a better chance of hunting them down. It's not practical to put the monitoring software on every site. Bank and high security government servers have substantial defenses that monitor any (well nearly any) penetration and shut down if any unauthorized entry is detected. This doesn't help to identify the black hats, but all these sites want to do is remain secure, not play cop.
The Honey Pots have proved a useful tool in finding out what tools and techniques the black hats have. This makes it possible to build better defenses. Honey Pots also make the black hats uncomfortable and less confident that any server they are hacking into is not rigged to catch them. This makes the white hats happy.
However, the black hats know the Honey Pots are out there, and the technological war of wits continues. The white hats keep making the Honey Pots more convincing. As a bonus, they add elements to non Honey Pot servers to make a knowledgeable black hat think it's a Honey Pot. A bonus, as it were.
All of this goes on out of sight. Thousands of server administrators have illegal software planted on their systems for various bits of web mischief (especially denial of service, or DDOS, attacks.) The U.S. government has detected several penetrations of military sites, and theft of information. What worries them is the penetrations they have not detected. Although you don't hear much about it, for obvious reasons, the Honey Pot has become a military weapon. In wartime, the militarized black hats could take out Department of Defense servers more quickly than a missile. At that point, some of the script kiddies may realize they are traitors. But until then, the kids are just trying to have some fun.