---

Home Security

RootPrompt.org: Know Your Enemy: Motives; The Motives and Psychology of the Black-hat Community

By

[ Thanks to Noel
for this link. ]

“This paper is a continuation of the know Your Enemy series.
This series is dedicated to learning the tools and tactics of the
black-hat community. Unlike the previous papers which focused
purely on the “what” and “how” of the black-hat community,
specifically the technical tools, their use and implementation,
this paper explores the motivation and psychology of the black-hat
community, in their very own words. Part I starts with the
compromise of a Solaris 2.6 system. Part II provides information
rarely published, a record of conversations and actions which took
place over a fourteen-day period following the compromise of a
honeypot system. Learn how and why black-hats attack systems. Once
the Solaris 2.6 system was compromised, the black-hat put an IRC
bot on our system. This bot, configured and implemented by the
black-hat, captured all their conversations on an IRC channel. We
monitored these conversations over a two week period, all of which
are contained here. This paper is not meant to be a generalization
of the black-hat community. Instead, we present a specific incident
involving several individuals. However, this should give you an
idea of how certain members can think and behave. This is a common
threat that we all face in the security community, and we sincerely
hope other security professionals benefit from this work.”

“This information was obtained through the use of a honeynet. A
honeynet is a network of various honeypots, designed to be
compromised by the black-hat community. While some honeypots are
used to divert the attention of attackers from legitimate systems,
the purpose of a honeynet is to learn the tools and tactics of the
black-hat community. Most of the information provided in this
document has been sanitized. Specifically, user identities and
passwords, credit card numbers, and most of the system names
involved have all been changed. However, the actual technical tools
and the chat sessions themselves have not been sanitized. All this
information was forwarded to both CERT and the FBI before being
released. Also, over 370 notifications were sent out to
administrators of systems we believed were compromised.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.