Hackers, computer security managers and law enforcement officials teamed up at this week's Black Hat Briefings conference to discuss their respective roles in securing the Internet and to urge attendees who engage in hacking activities to stay on the right side of the law.
"The elite are not those who destroy or cause havoc in cyberspace, but rather [those who work] to protect the Net," said Kevin Manson, a senior instructor at the Federal Law Enforcement Training Center's Financial Fraud Institute, during a keynote speech yesterday morning at the fourth annual Black Hat gathering.
Even the Attrition.org hacking group, which had run-ins with legal authorities in the past, discussed the legal and ethical lessons that were learned during the three years it posted mirror images of Internet defacements on its Web site. Attrition.org members offered plenty of advice about how to stay within the bounds of the law, even if authorities don't like what you do.
For example, Attrition.org staffers learned to report threats of Web site defacement from would-be attackers in order to avoid facing charges of aiding and abetting before the fact due to prior knowledge, explained Brian Martin, one of the founders of the group.
Martin said Attrition.org's mirroring activities initially attracted the ire of some law enforcement officials. But over time, he added, the mirror site became a valuable resource for them -- enough to make it noticeable when the group announced in May that it was stopping the mirroring work because keeping up with the number of defacements had become difficult.
"Law enforcement was pretty upset with us in the early days," Martin said. "But when we pulled the plug on the site, [they were] upset that we weren't doing it anymore."
While authorities still worry about "cybervigilantes" getting in the way of investigations, they've started relying more on private-sector security professionals and hackers to help them do the complex job of policing cyberspace, said Bill Tafoya, a professor of criminal justice at Governors State University in University Park, Ill., during another keynote speech here.
Tafoya spent 11 years as a computer crimes trainer for the FBI and made pioneering investigative use of the Internet when he created a Unabomber-related Web site in 1993. During the past few years, he said, there has been a big improvement in the way federal officials treat and work with hackers.
The view from Washington has changed from a feeling of suspicion to an acknowledgment of how much the help of hackers is needed to combat cyberattacks, according to Tafoya. "I do sense that the standoffish attitude of the federal government, the FBI in particular, is changing in a positive direction," he said.
The conference culminated with a double session on an effort called the Honeynet Project. Honeynet is run by a grassroots group of 30 hackers, military personnel and IT security workers at technology vendors, along with a behavioral psychologist. Together, they have set up a "hacker observation area" in an attempt to learn the tools, tactics and motives of malicious hackers.
The observation area is a set of five Internet-connected servers housed in a spare room owned by David Dittrich, a security engineer at the University of Washington in Seattle. The group said it has devised a way to passively watch attackers as they visit the systems, which are unannounced on the Web except for an IP address. The Honeynet boxes have averaged 3.6 unique port scans a day, with three compromised systems per month, according to Dittrich.
The group's behavioral psychologist profiles the attacker's age, motivation and other factors in order to help aggregate data about the incidents. The servers are currently inactive while the Honeynet members work to correlate several months' worth of data for publication and gear up for an expansion. The plan, Dittrich said, is to install systems at various universities and elsewhere to add more observation posts in environments that resemble a business network.
A year ago, Honeynet also had trouble gaining acceptance from the law enforcement community, Dittrich said. But now, he added, legal officials are eyeing the group's data to help create profiles of attackers for use in investigations.