Do white-hat security testers make you nervous? Probably not. That’s because thousands of companies spend billions of dollars employing such people to perform penetration testing, intrusion testing and other security related tasks. It’s all very much out there in the open.
But what if someone preferred to work in the shadows, called themselves ethical hackers and insisted that they were only “here to help” and wanted nothing in exchange? Would that make you nervous?
It makes Brian Royer of Sophos nervous. Brian recently blogged about the emergence of the “Unknowns” – a group of altruistic, ethical hackers that consider themselves to be the anti-Anonymous. You should read Brian’s full analysis (FYI, he’s skeptical) but I wanted to share a few bullet points from the Unknowns’ Manifesto that I think you’ll find interesting. Take a look:
- We are not Anonymous Version 2 and we are not against the US Government
- We can’t call ourselves White Hat Hackers but we’re not Black Hat Hackers either.
- These Websites are important, we understand that we harmed the victims and we’re sorry for that — we’re soon going to email them all the information they need to know about the penetrations we did.
- We still think that what we did helped them, because right now they know that their Security is weak and that it should be fixed.
- We wanted to gain the trust of others, people now trust us, we’re getting lots of emails from people we never knew, asking us to check their website’s security and that’s what we want to do.
- Our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it’s not at all and we want to help.
- We don’t want revolutions, we don’t want chaos, we just want to protect the people out there. Websites are not secured, people are not secured, computers are not secured, nothing is…
- We’re here to help and we’re asking nothing in exchange”
You buying it? Me neither.