| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Motivations... (was Re: IE now on-topic On Tue, 20 Jul 2004 12:36:06 PDT, Andrew Latham said: > 1. Boredom - more brains than hobbies > 2. Needs > - burstable bandwidth - downloads > - knowledge > - bragin rights > 3. Challenges > 4. Other You're equating "black hat" with one subset thereof, more or less. It's a lot more complicated in the real world... I'd posit that the goals and motivations of the black hat can be classified in three wide ranges, with totally different threat models: 1) "type of target" - you don't care who's box it is - you want "any suitable zombie", "any suitable Windows/IIS server", "any suitable Solaris box". 2) "identity of target" - The target has been selected because it's a server for company X, or you want to deface the webpage for organization Y, or it's payback time for black-hat Z. 3) "monetary/related gain" - you really don't care who the target is, it's all about the paycheck - whether it's 500K zombies created by a virus-for-pay, or a hacking run against a server that has credit card numbers on it... Notice that there can be overlap - a black hat engaging in (2) or (3) may very well want to pick up a collection of type (1) stepping-stone machines to launch the attack from. Also, a target can be in different categories at the same time - it can be probed by a script kiddie looking for zombies, while at the same time it's being targeted by a disgruntled ex-employee and a professional criminal. Understanding the differences is important - a defense sufficient to stop the random probing (1) won't slow down either of the other two. However, the professional criminal is more likely to nail you with a 0-day - but will move along if they decide the risk/payoff ratio is bad (they see you have enough network monitors to nail their ass in court, they're outta there ;). The disgruntled ex-staffer may not have a 0-day - but they may well decide it's a personal issue and *keep* attacking when a professional would move on... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040720/20ad5d6f/attachment.bin
Powered by blists - more mailing lists