Black Hat vs. Black Hat vs. White Hat
A long-running bit in Mad magazine is its Spy-Vs.-Spy comic strip. In this cartoon—influenced by the Cold War cloak-and-dagger culture of espionage—two secret agents face off over and over again, foiling each other through elaborate and comical schemes. One spy wears all black and the other all white, but it hardly breaks down as a good-and-evil struggle: Neither seems to be fighting for any cause other than to explode/electrocute/vaporize/fill-in-gruesome-death-here the other. (Side note: I always rooted for the black spy.)
In information technology, there are no such ambiguities. The “white hats” are the good guys, the security experts who protect systems and networks through ethical hacking, while the “black hats” are the bad guys, the hackers, malicious code writers, spammers and so forth. However, unlike Spy vs. Spy, it’s not as simple as one side versus another. In fact, the black hats are nearly as liable to attack one another as they are the white hats.
According to Kaspersky Labs’ “Malware Evolution, Part II” report, last year saw a rise in the number of black hat attacks against government organizations, antivirus industry institutions and each other. Members of these groups also get embroiled in flame wars and threaten each other on message boards. Interestingly, this has led to the formation of relatively sophisticated alliances and counter-alliances of malware-producing and -distributing gangs.
The reasons for these phenomena are simple. As rival criminal gangs are territorial and fight over turf, the black hats fight over networked computers that they can infect with malicious code. There’s greater strength in numbers for these groups, so they’re starting to combine. Also, although the total profits raked in currently by the black hats well exceeds those gained by the antivirus industry, they’re no longer satisfied with the money they’re making solely from infecting PCs belonging to individual users, so they’re taking on higher-profile targets for higher-profile customers.
The report claims that current trends demonstrate that cyber-criminals will continue and expand their focus on mobile devices and the financial sector. It also maintains that rootkits, botnets, cyber-blackmail and other criminal activities will continue to be weapons of choice.
For more information, see http://www.kaspersky.com.