twitter facebook rss

What reporters should know about infosec – “hacker” reliability

Posted by on November 16, 2016.

Came across another report today from a journalist who had “received” stolen information from a group of “hackers.”

(I shall delay, for now, discussion of what the term “hacker” really means.)

Yet another principle for you:

Don’t blindly trust what the bad guys tell you.

People who engage in the troublesome side of computing and communications; those who break into systems not their own, those who create malware, those attempt to impede the proper workings of the Internet, and so forth; have one activity they practice above all others: social engineering. While social engineering has many positive uses, the type the blackhats tend to use goes by a much simpler name: lying. These people call corporate employees (or just grandparents) and lie, and create misleading descriptions of software, and send malformed command packets with no intent of using the original function. The bad guys lie as second nature. Why would you trust them about anything?

I remember reviewing a book about the “computer underground.” The author was very excited about uncovering the secret activities of unsung geniuses. Unfortunately, to anyone who really knew anything about technology and the workings of the various dark side communities, it was obvious that she had been fed a line of utter nonsense: she’d been lied to from beginning to end.

It has been demonstrated that even Wikileaks, which started life as a potentially useful exercise, has posted material which has been modified. Once the bad guys have stolen data, what is to say that they can’t edit it? You can add material wholesale, and there is nothing in most data files to indicate that any change has taken place. In fact, it’s often very difficult to tell if “intruders” have even intruded: they may have created the supposed data from scratch.

(It can sometimes be difficult to fully assess the accuracy of these reports. Those of us with the CISSP designation have been plagued for years by regular reports of some kind of “break in” to the parent organization. The “leakers” of this data will point to a file called cissp.txt, which contains the names of certificate holders. And, if you do a bit of research, you will find that, yes, the file does contain the names of CISSP holders. The contents of the file were created some time prior to 2005 [most likely 2003] at a time when the organization maintained a publicly available directory of CISSP holders, for those who wanted to enter their names. No theft of data involved.)

Remember: these guys lie as part of their normal activities. They lie to each other. They probably lie to themselves. What makes you think they wouldn’t lie to you?

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Perspectives, Rob Slade, Security |