Security Insights

Where In Hacking The Ends Justify The Means

Do some 'ethical hackers' really have your best interest at heart, or are they more interested in making your private information public?
As an admitted pop culture fan, I frequently find parallels (sometimes easily, other times where it's admittedly harder to connect the dots) between that typically lightweight subject matter domain and the perennially sacrosanct security industry.

Case in point: the recent news about the new hacker group "The Unknowns," who are, to use Ted Samson's headline in InfoWorld, "claiming the high ground in exposing security holes." That conclusion got me to thinking of actor Jeff Goldblum in his role as Dr. Ian Malcolm in Jurassic Park .

The park's creator, philanthropist John Hammond, clashes with Dr. Malcolm about his desire to deliver dino-fans to the island for a once-in-a-lifetime experience. Hammond's complaint is that Malcolm isn't giving scientists enough credit for doing things that nobody has ever done before. Ever the contrarian Dr. Malcom retorts, "Yeah, but your scientists were so preoccupied with whether they could that they didn't stop to think if they should."

As myriad news outlets including InfoWorld have reported, using SQL injection, the Unknowns have claimed to breach the databases and publish administrative account and passwords for high-profile organizations including NASA (which discounts that in the instance of its breach any sensitive information was actually compromised), the U.S. Air Force, and Harvard University, as well as in-country targets including the European Space Agency, the Thai Royal Navy, and the French Ministry of Defense.

While up to this point in the story it appears these "Unknowns" are taking root in Anonymous' shadow, they claim their interest is mostly altruistic. As Samson reports, the Unknowns have released a statement that reports many of the systems they've successfully hacked have since been secured. "And now, we are happy to inform you that most of the links we used to penetrate through the databases, have been patched. This is exactly what we were looking for. This is what we want," the group said.

The group's "manifesto," posted on Pastebin, is at once eye-opening and, of course, these being hackers, self-serving:

• We are not Anonymous Version 2 and we are not against the US Government

• We can't call ourselves White Hat Hackers but we're not Black Hat Hackers either.

• These Websites are important, we understand that we harmed the victims and we're sorry for that -- we're soon going to email them all the information they need to know about the penetrations we did.

• We still think that what we did helped them, because right now they know that their Security is weak and that it should be fixed.

• We wanted to gain the trust of others, people now trust us, we're getting lots of emails from people we never knew, asking us to check their website's security and that's what we want to do.

• Our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it's not at all and we want to help.

• We don't want revolutions, we don't want chaos, we just want to protect the people out there. Websites are not secured, people are not secured, computers are not secured, nothing is...

• We're here to help and we're asking nothing in exchange"

So the takeaway is the Unknowns are completely on the up-and-up and we should trust them because they're not like the others, right?

Nope -- not buying it.

Let's take another look, shall we? According to the evidence already in hand, these Unknowns:

Recommended Reading: