The Taxonomy of a Gray Hat Hacker

I read an article today and shook my head. NetworkWorldFusion has an interview with Holy Father, a hacker who wrote the Hacker Defender rootkit.

You know when I talked about the ethics of being an information security professional and the minefield of hiring a hacker? The attitude shown by Holy Father in this article is EXACTLY what I was talking about. It starts out as a curiosity in the technical challenge of writing a rootkit, and turns into the unethical assistance of creating a new attack vector for any script kiddie out there.

He doesn't shy away from turning a profit on his work, and claims that demand in the malicious code writing underground is high for custom rootkits that are completely undetectable and can evade detection for long periods of time.

I guess I shouldn't be surprised. After all, that's why I am in this business. To protect the information of my customers' who are faced with these sort of attackers. I just wish he would use his talents for more business productive pursuits that BENEFIT the infosec industry. I think he is doing more harm than good.

Now don't get me wrong. I think this sort of RESEARCH work is beneficial to the industry. I think we NEED to explore new attack vectors and can only do that by trial and error. But providing said code to the blackhat community is just wrong. We cannot dirty our whitehats, turning them a dull gray for the benefit of profit. We cannot go to the dark side. We must prevail.

In the end though, profiling the attackers show this won't change any time soon. We will be faced with more and more attack vectors built thanks to curiosity, egos and icons. Crossing the line, changing hats (or worse yet simply dirtying your white one) does more damage to the industry than it does good. Remember that when you are faced with crossing that line.