Tuesday, August 4, 2009

300th Post - 31337 Spotlight: "Anonymous"

At last... this blog has reached post #300.

While I've covered some truly epic topics over the past 300 posts there are always a few that stand out in my mind, and in the minds of you readers. There are those topics which get covered which, well, really make you think twice... and since I've gotten more requests for this than I can possibly respond to directly - here it is. I've managed to convince "Anonymous", the person responding to many of the recent posts on here, to respond to a few questions in the form of the 31337 spotlight. I hope you enjoy the insight... and hopefully you have plenty of questions to ask yourself - which I recommend leaving in the comments section of this post as I'm sure he/she will respond (if possible)...

In case you're wondering why I've chosen to interview a self-professed BlackHat for the milestone #300... the reasoning is simple - awareness. I think too many of us whitehats walk around thinking we've got this security problem pretty well figured out; thinking we're even remotely successful at creating a real concrete state of security. Maybe we're complacent enough to think that the hardened, patched, anti-malware-protected and firewalled systems and users we are employed to protect are actually, well, safe... we're wrong. The "Dark Side" of the force is much more cunning, and has a much larger opportunity than we give it credit for... so we need to make sure we're never complacent in our understanding of [in]security - so without further ado... let's get to it.

  • "Anonymous" - tell us something about yourself (but not too much)
I'm an IT jack of all trades, started in a family business, had my own computer when I was 18months old and progressed from there. In primary school I was building computers faster than the techs dad had hired to build them for him and was doing just as good of a job. I can remember the days of MFM and RLL hard drives and I can remember the days of HDD's having 3:1 and 2:1 interleaving. Somewhere around 2000 I started to get into programming, mainly web based and then got hooked and started getting deeper and deeper into programming. My main language is PHP but I know enough c++ to get me by when I need to use it and well as much as I hate to admit it vb6 as well.
  • What types of technologies do you focus your 'hacking' on (and why)?
I'm not so much a hacker these days as someone who will use BlackHat techniques to bend and break rules of various applications/sites/search engines and the like for monetary gain. I wont deny I had my spree of hacking in the old days but these days hacking isn't worth the effort, malware dropped on PCs is far simpler than hacking them and far easier to get a lot of victims. As you may have guessed, malware is one section of the web that has my interests at this point in time, there is a lot of money to be made from 'junk' traffic as people class it, I have a broad range of interests though as far as monetization methods go and slowly but surely I'm testing them all, malware isn't where I want to be forever -but damn there's some good money in it.
  • What your most famous/proud accomplishment over the course of your career?
...that is something that will stay under wraps for the sake of not giving out any personal information, sorry. This years target however is to take and hold rank #1 for buy viagra/buy viagra online for at least a week just for shits and giggles, come on Ruskies, I'm gonna give you a run for your money here!
  • What got you started in Information Security...
...boredom really. When I learned web programming I made all the n00b mistakes when I started out just like everyone does. Then as I progressed I realized all the potential holes in my code and started to work towards understanding how to make my own work better and in the process just kinda stumbled into finding exploits in other peoples work and having some fun messing around with a few sites. These days I keep up-to-date on it purely for the laughs I get out of the exploits that are still out there in big expensive products (the count on remote IE 0day exploits is climbing at a fun rate) and to keep my own code safe and for new security ideas for myself. I should also mention I handle system/code-base security and DDoS protection for various clients so things I find here help with that as well, the more I understand about what goes on in the security world with exploits the easier it is to knock them out of my way when people try to target me (and I will admit I manage some somewhat more targeted sites and higher traffic sites than the average admin out there)
  • Tell us something that people rarely know about you?
Don't you wish I filled this question in with juicy personal details?
  • BONUS: What was your first computer system?

I can remember the old IBM 5150 quite well, I can also remember over-clocking it past the good 'ol 4.77mhz (replacing a crystal oscillator if I remember rightly) and getting it up to a bit over 5mhz, wow the performance difference... LOL
I've also had a Toshiba T1100 laptop and an old luggable as well (errr, don't remember the brand or model of it, sorry)
FWIW, these days I run a core2quad q9650, 8gig of ram, 12 500gig HDDs with an Areca arc1230 12port raid card in hardware raid6, a lot of my work currently is based around statistical analysis and split testing datasets to work out ways to bring in more traffic with methods I'm doing, currently I'm looking into upgrading again to a dual Xeon 5500 series with at least 36gig of ram and replacing the 500gig HDDs with 2tb disks (yes I'm running out of space fast). I was hoping there would be word about the new hex core Xeon's before I did the next upgrade though but it seems as though I might just have to put up with the current 5500 series.

I'm a BlackHat, I'm the first to admit it. I do a lot of things that break too many rules and I don't like some things that I do on a day to day basis, that doesn't mean I'll stop doing them anytime soon though. I am interested in migrating away from some of the darker areas or putting less focus on them but it takes time, data and capital to be able to progress enough away from them to either drop them completely or wind them down to a point where they no longer are a big part of the daily income stream. Do I intend to ever go back to WhiteHat? Unlikely but stepping away from malware is something that I wouldn't mind to do in time, to some extent at least. I'm looking into more methods related to PPC and CPA for monetization and automatic split testing and so on that will work just as well as malware in the future but I don't have the datasets quite yet to migrate into harder niches to push into- hence why so much of my time is now on statistical analysis. A lot of what I do these days is purely gaming the search engines, its highly profitable and a lot easier than people think. Google is still quite a bit dumber than people imagine, just watch "buy tamiflu/viagra" pages for a few weeks and you will understand the fluxing that happens and how much garbage that can get through
. Yes I'm a BlackHat and I'm proud to be one, I know many WhiteHats out there who have, after seeing how fast I can game Google and garner traffic out of it, have just drooled and wanted my secrets. But the thing is, a lot of what I do is no secret, there is no real secret sauce for everything, its just testing and trial and error and working out new ways around new restrictions that get stuck in your face. Whitehats, I'm sorry, but your methods are too limiting for my tastes, if someone hires me to do work for them and wants me to play Mr. WhiteHat I can do it and I bet I can out WhiteHat you knowing just how far I can bend the rules before it causes things to snap in the area you're working in. Plain and simple, BlackHat is testing, analyzing, automating and scaling more than anything else for me and this is what puts me ahead of the game. I am a programmer, I know statistical analysis. I do have some serious hardware and bandwidth both here at home and out there on the interwebz. This lets me scale and analyze easier; it may just be that the way my mind works. I'm more suited to go down the BlackHat path but either way thats the path I have chosen for now and intend to take until I find something otherwise more interesting to me, what that is only time will tell.

1 comment:

SecBarbie said...

Nice post....

Could enter into a great debate on defining 'Blackhat' vs. 'Whitehat' I heard a great deal about these definitions while at DC this year.