White Hat Hacker Contacted a Man Through His Security Camera

doublejack said:
I agree. I suspect the hack started with a compromised router where a password was obtained in the clear, or some other method that correlated the password with an IP. From there the cameras were targeted.



I understand where you are coming from on this. However, I think the hacker is still a white hat. I mean, they are a hacker. It is in the name, so what they are doing is by nature not exactly ethical. As long as they use their abilities for good, which I think is pretty clear in this case, then I consider them a white hat. This hacker may have prevented the homeowner from suffering some kind of loss. That's a good deed.
Click to expand...
Strictly speaking a hacker is anyone who, say, reprograms his car computer or finds out ways to use devices which they werent originally intended for. Hacking is not just breaking into other peoples systems.
 
A lot of you are FAR more knowledgeable about how to configure your LAN than most folks...myself included.

Don't presume that because an individual has a huge personal security loophole that he either doesn't care or somehow deserves it.

Instead, recognize that the entire wifi/lan/internet interface is arcane and could benefit from a massive overhaul.

How many self-professed IT experts take for granted how easy it is for you to start, operate, and maintain your automobiles? You are never required to determine the fuel metering, psi, spray pattern, ignition timing, metallurgical requirements, coolant scheduling and pathing, etc. You turn the key, it starts. You press the gas pedal, it goes. You turn the wheel, it turns.

In a similar manner, as IT gets more and more rooted in our lives, there is a drastic need to simplify the user interface.
 
There was a TV news item yesterday about a couple who starting hearing threats about kidnapping their baby coming from their Wifi baby monitor. The bad person said they were IN the baby's room and about to do bad stuff. Parents go running, no one there. No mention of if the couple had taken any precautions like changing default passwords, enabling WPA2, etc. Police were called but said it was very unlikely the cyber intruder would be caught.
 
It's crazy that Microsoft Kinect was hammered for possible privacy concerns, or Facebook for sharing data. Do people really think they are alone in this?
 
mtrupi said:
It's crazy that Microsoft Kinect was hammered for possible privacy concerns, or Facebook for sharing data. Do people really think they are alone in this?
Click to expand...

I still play (video games) with myself in front of my Kinect daily :)
 
kju1 said:
Seems to me Spectre & Meltdown were identified in a lab and reported publicly. Dont recall many people ignoring them...
Click to expand...

Oh yeah? How many people do you think percentage wise, non-enthusiasts, know a damn thing about it and actively sought out information/patches/firmware updates and the like to fix it?
 
focbde said:
Oh yeah? How many people do you think percentage wise, non-enthusiasts, know a damn thing about it and actively sought out information/patches/firmware updates and the like to fix it?
Click to expand...


This...... yes we see the articles because most people on this forum are at least tech enthusiasts (with a few russian trolls sprinkled in). Most people here have at least some understanding of what they are installing, and aware of the risks.

Now think about your mom/aunt/any other tech illiterate person in your family. THEY are the ones that will be installing this shit and following the manufacturers instructions. Why would they question the security from <insert tech company> when it tells them to forward the port to their device from the internet without changing the default password? These people definitely don't hear about any of the vulnerabilities unless it's some sensational news story they saw on cable. So honestly, this was probably the only way the user from the article was going to get the message and take it seriously.
 
DocNo said:
Oh please, enough of the drama. Nothing physical was touched. No value was lost. His shit was exposed, and at least now he knows it. Someone else could have been in their without him knowing.

Someone who couldn't care less about your moral/ethical arguments. Shit is still broke.
Click to expand...

Says who? Some anonymous guy on the internet that broke into his stuff in the first place? Wow...yeah that is a very good source to trust...smh

The only drama was the hacker hacking into someone's personal devices and then a video being made of it and sent out. That is drama...
 
lcpiper said:
And he was wrong from the very start.

When will these guys learn that this is fundamentally wrong from the start.

Someone will argue, but let's change the words up;



It's the same thing and there is no defense for this. If someone wants to test locks or security cam vulnerabilities, get a job working for the manufacturer or go to work for Consumer Reports.
Click to expand...


Really, so someone with the JOB of being a white hat hacker they are just career criminals that get paid to break into things. They should all go to jail for it? Really?

I think it should be done on a voluntary basis not just any jo schmoe. Maybe even have it be a service as part of the purchase and use of an IOT device.

I remember when webcam's were new. There were internet crawlers that would find open and streaming webcam feeds that were there because people wanted the toy but didn't understand the security behind it that would be needed. I'm betting that several of those are still there!
 
Grimlaking said:
Really, so someone with the JOB of being a white hat hacker they are just career criminals that get paid to break into things. They should all go to jail for it? Really?
Click to expand...

No, actual white hat hackers are not doing anything illegal. This hacker was not a white hat hacker. He was black hat.

Grimlaking said:
I think it should be done on a voluntary basis not just any jo schmoe. Maybe even have it be a service as part of the purchase and use of an IOT device.

I remember when webcam's were new. There were internet crawlers that would find open and streaming webcam feeds that were there because people wanted the toy but didn't understand the security behind it that would be needed. I'm betting that several of those are still there!
Click to expand...

There are already organizations setup to test IOT devices and report findings. There is no reason to have people crawling through live personal IOT devices, that is breaking the law.
 
black hats = no permission and malicious intent
white hats = have permission and not malicious
gray hats = no permission and not malicious
 
ChoGGi said:
black hats = no permission and malicious intent
white hats = have permission and not malicious
gray hats = no permission and not malicious
Click to expand...


Why do I get the feeling that we are talking about the type of force user people are.
Light side.. heals, doesn't use abilities for amusement only for training and understanding and self defense or the defense of others.
Grey force user - Balancing act understand that sometimes they need to use it to cause harm to achieve goals but tires to balance that with doing good things as well.
Dark side. Doesn't give an Eff will use it to grab a beer or electrocute innocents to gain information with no second thought.

;)
 
ChoGGi said:
black hats = no permission and malicious intent
white hats = have permission and not malicious
gray hats = no permission and not malicious
Click to expand...

There is no real full definition for a gray hat, but most gray hats get permission or don't need permission. The most widespread method of gray hats are independent researchers looking for security holes, or individual bug hunters. Although sometimes these are also classified as white hat depending on the circumstance. Technically bug hunters finding security holes in code are being authorized by the company putting out bug bounties.

But to be clear, if you are breaking into someone's personal system without their permission, you are doing black hat operations.

White Hat - Independent security firm or internal security team hired to do security checks on a company's resources.

Grey Hat - Independent research firm trying to find weaknesses in systems they purchase for themselves and test. Or bug hunters hunting for holes in systems/software that they own. Spectre and Meltdown were discovered this way.

Black Hat - Hackers that break into someone else's system without any permission.

Malicious intent is not really a part of it.
 
NoOther said:
No, actual white hat hackers are not doing anything illegal. This hacker was not a white hat hacker. He was black hat.



There are already organizations setup to test IOT devices and report findings. There is no reason to have people crawling through live personal IOT devices, that is breaking the law.
Click to expand...


No, he's a grayhat...... Blackhat would be the worst case scenario, and we wouldn't be reading about this anywhere..... Grayhat is a whitehat without any sort of approval.


I don't know about your family, but I know my tech illiterate family/friends don't read or subscribe to any articles about insecure IOT devices.... If it's not on some kind of main stream news outlet, they will know nothing about it and trust that the IOT manufacture has properly secured the device.
 
Biznatch said:
No, he's a grayhat...... Blackhat would be the worst case scenario, and we wouldn't be reading about this anywhere..... Grayhat is a whitehat without any sort of approval.


I don't know about your family, but I know my tech illiterate family/friends don't read or subscribe to any articles about insecure IOT devices.... If it's not on some kind of main stream news outlet, they will know nothing about it and trust that the IOT manufacture has properly secured the device.
Click to expand...

No, yet again, he is not a grey hat. Breaking into someone else's system without their permission is strictly Black Hat.

Also insecurities in IoT devices has been all over the place, in the news, on many publications. It isn't just tech related articles that have talked about them. They have been on network morning tv shows for goodness sake.
 
NoOther said:
No, yet again, he is not a grey hat. Breaking into someone else's system without their permission is strictly Black Hat.

Also insecurities in IoT devices has been all over the place, in the news, on many publications. It isn't just tech related articles that have talked about them. They have been on network morning tv shows for goodness sake.
Click to expand...

So... your position is, he was better off before this event? If that is your position, there's little use in discussing it further... If your position is that he's better off after the event, but that the person who he communicated with is a criminal and should go to jail, then.........

I know that's very simplistic, but that really is what it comes down to. I agree with what someone said previously - it's not the equivalent of breaking in and leaving a note - it's the equivalent of finding a door open, and shouting through the doorway to see if someone is home or they left the door open accidentally, and then closing it for them.
 
Last edited:
Grimlaking said:
Really, so someone with the JOB of being a white hat hacker they are just career criminals that get paid to break into things. They should all go to jail for it? Really?

I think it should be done on a voluntary basis not just any jo schmoe. Maybe even have it be a service as part of the purchase and use of an IOT device.

I remember when webcam's were new. There were internet crawlers that would find open and streaming webcam feeds that were there because people wanted the toy but didn't understand the security behind it that would be needed. I'm betting that several of those are still there!
Click to expand...


OK, let's test the waters and see if we are in agreement.

When you say "someone with the JOB of being a white hat hacker" are you saying that this guy was on the clock, and that he has an employer, that he was acting under company direction, and in effect, his company hacked this man's Next device?

After that, I think we are falling in line, no one should just be hacking random people's personally owned property without consent either from the owner, or something reasonable from a company who provides a service on the device.

My contention is that no one should be attempting penetration testing against the personally owned property of individuals without their consent or agreement in some form. I also believe that doing so needs to be illegal, punishable, and not something we make excuses for.

I'll flip it just a little, the White Hat from Annonymous, told this guy in Arizona that his private information had been compromised ...... so if the White Hat knew this, and it wasn't just bullshit to keep the guy from being pissed off, then why could he of simply contacted the many using that information, explained what had already happened, and asked permission to demonstrate? Why do the bad first and ask forgiveness latter? ...... Oh yes, I remember the rest of that saying;

It goes like "It's easier to ask forgiveness than to ask permission".
 
lcpiper said:
OK, let's test the waters and see if we are in agreement.

When you say "someone with the JOB of being a white hat hacker" are you saying that this guy was on the clock, and that he has an employer, that he was acting under company direction, and in effect, his company hacked this man's Next device?

After that, I think we are falling in line, no one should just be hacking random people's personally owned property without consent either from the owner, or something reasonable from a company who provides a service on the device.

My contention is that no one should be attempting penetration testing against the personally owned property of individuals without their consent or agreement in some form. I also believe that doing so needs to be illegal, punishable, and not something we make excuses for.

I'll flip it just a little, the White Hat from Annonymous, told this guy in Arizona that his private information had been compromised ...... so if the White Hat knew this, and it wasn't just bullshit to keep the guy from being pissed off, then why could he of simply contacted the many using that information, explained what had already happened, and asked permission to demonstrate? Why do the bad first and ask forgiveness latter? ...... Oh yes, I remember the rest of that saying;

It goes like "It's easier to ask forgiveness than to ask permission".
Click to expand...

It's entirely possible he wouldn't have been able to communicate with the guy at all without doing what he did, or doing something else technically illegal...
 
I don't excuse the 'hacker' from 'infiltrating' the mans Next device. I wouldn't call him a hacker though out of general principal.

Sounds to me more like he got a copy of passwords found the guys email linked to a password and tried the passwords he uses on other services for the Next service to gain access. That's not Hacking in my book but I suppose today it is.

Regardless I guess it was breaking the law. It's like using an unlocked door to walk into someone else's house and tell them how to lock their door.

I still like the premise on what was done and if that had been done by lets say the vendor themselves of the IOT device that would have personally earned points for the vendor to me.
 
NoOther said:
No, yet again, he is not a grey hat. Breaking into someone else's system without their permission is strictly Black Hat.

Also insecurities in IoT devices has been all over the place, in the news, on many publications. It isn't just tech related articles that have talked about them. They have been on network morning tv shows for goodness sake.
Click to expand...

Then what differentiates a whitehat and grayhat?...... How about we just look at the definition. "The term "grey hat", alternatively spelled as "greyhat" or "gray hat", refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker."

source: https://en.wikipedia.org/wiki/Grey_hat
 
focbde said:
It's entirely possible he wouldn't have been able to communicate with the guy at all without doing what he did, or doing something else technically illegal...
Click to expand...

Is it not also entirely possible that with the hundreds of thousands(guessing here ?) of NEST cameras sold and in use, that he couldn't have simply found someone who he could get in touch with?

Do I only have to conduct myself in an ethical manner when it's convenient?
 
focbde said:
So... your position is, he was better off before this event? If that is your position, there's little use in discussing it further... If your position is that he's better off after the event, but that the person who he communicated with is a criminal and should go to jail, then.........

I know that's very simplistic, but that really is what it comes down to. I agree with what someone said previously - it's not the equivalent of breaking in and leaving a note - it's the equivalent of finding a door open, and shouting through the doorway to see if someone is home or they left the door open accidentally, and then closing it for them.
Click to expand...

My position is, it doesn't matter what the motivations of the hacker were, what he did was illegal and was not the correct way to go about doing things. Even if you take it as being "altruistic" he is invading the person's privacy. What if it was an internal camera and seen the guys wife naked? Just because you can do something, doesn't mean you should. He had no right to crack into the guys device and peak around. That is not the proper way of doing things.
 
Biznatch said:
Then what differentiates a whitehat and grayhat?...... How about we just look at the definition. "The term "grey hat", alternatively spelled as "greyhat" or "gray hat", refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker."

source: https://en.wikipedia.org/wiki/Grey_hat
Click to expand...

Lolz on wikipedia....which can't even come to a single definition.

First there is no official definition for gray hat. It is a catchall term. Also black hat does not require malicious intent. Black hat is someone that breaks into a system illegally. They do not need malicious intent to do so. The difference between white hat and grey hat is clear as well. White hat is someone that gets permission to break into a system before hand and report to that entity, not publically. Gray hats may not get permission to break into a certain system and will often report publicly. Generally in the security industry we consider gray hats to be those that do research and aren't getting permission from the vendor to exploit the device or code, but they are doing it in their own lab, not live on some unknowing/unwilling victim.

Again, what this guy did was a black hat operation. It definitely had nothing to do with white hat as claimed in title.
 
Yea I would have been pissed. To me that would feel the same as someone walking into my living room to tell me my door was unlocked and then proceed to tell me what bad things could have happened. Hope he gets in trouble for this, was not his place nor responsibility to break into someones system. Intent is irrelevant to me in the case of this. Just how I feel on it.
 
NoOther said:
Lolz on wikipedia....which can't even come to a single definition.

First there is no official definition for gray hat. It is a catchall term. Also black hat does not require malicious intent. Black hat is someone that breaks into a system illegally. They do not need malicious intent to do so. The difference between white hat and grey hat is clear as well. White hat is someone that gets permission to break into a system before hand and report to that entity, not publically. Gray hats may not get permission to break into a certain system and will often report publicly. Generally in the security industry we consider gray hats to be those that do research and aren't getting permission from the vendor to exploit the device or code, but they are doing it in their own lab, not live on some unknowing/unwilling victim.

Again, what this guy did was a black hat operation. It definitely had nothing to do with white hat as claimed in title.
Click to expand...


You're wrong.... It 100% has to do with intent. I can't find a single source defining grahat that says otherwise..... Here's a list of sources since you somehow think the definition is wrong because it's from wikipedia.....
https://searchsecurity.techtarget.com/definition/gray-hat
https://www.techopedia.com/definition/15450/gray-hat-hacker
https://us.norton.com/internetsecur...between-black-white-and-grey-hat-hackers.html
https://www.wired.com/2016/04/hacker-lexicon-white-hat-gray-hat-black-hat-hackers/
https://www.howtogeek.com/157460/hacker-hat-colors-explained-black-hats-white-hats-and-gray-hats/


I could go on but hopefully you get the point. If not, there's nothing I can do to change your mind, but you'd still be wrong.




Darunion said:
Yea I would have been pissed. To me that would feel the same as someone walking into my living room to tell me my door was unlocked and then proceed to tell me what bad things could have happened. Hope he gets in trouble for this, was not his place nor responsibility to break into someones system. Intent is irrelevant to me in the case of this. Just how I feel on it.
Click to expand...

It would be more like you left the water running in your backyard and it is flooding out into the street. Your neighbor sees this and 'breaks in' to your backyard to shut the water off because you weren't home. Did he technically break the law? yes. Was it with malicious intent? No. He was doing something he thought would help you, just like the OP.
 
Biznatch said:
You're wrong.... It 100% has to do with intent. I can't find a single source defining grahat that says otherwise..... Here's a list of sources since you somehow think the definition is wrong because it's from wikipedia.....
https://searchsecurity.techtarget.com/definition/gray-hat
https://www.techopedia.com/definition/15450/gray-hat-hacker
https://us.norton.com/internetsecur...between-black-white-and-grey-hat-hackers.html
https://www.wired.com/2016/04/hacker-lexicon-white-hat-gray-hat-black-hat-hackers/
https://www.howtogeek.com/157460/hacker-hat-colors-explained-black-hats-white-hats-and-gray-hats/


I could go on but hopefully you get the point. If not, there's nothing I can do to change your mind, but you'd still be wrong.






It would be more like you left the water running in your backyard and it is flooding out into the street. Your neighbor sees this and 'breaks in' to your backyard to shut the water off because you weren't home. Did he technically break the law? yes. Was it with malicious intent? No. He was doing something he thought would help you, just like the OP.
Click to expand...

Can you find a single source that has a legitimate definition for gray hat? No, you can't, because there isn't one. :rolleyes:

In just about all of those they even mention this. There is White Hat and Black Hat. Things that fall in the middle are gray, thus the Gray Hat. But there is no real single definition for Gray Hat. Nor is intent truly a part of the definition, because intent can be different for different people.

For instance, had that hacker done the same thing to a NEST camera at a company, that company may then prosecute him. The company does not think that person's intent was honest. Plus you are going off the word of someone that just illegally hacked into someone's device. How do you know their intent was legitimate? If someone broke into a bank, stole some money or information, but told the bank how they did everything, is that intent genuine? If you break into someone's network and then turn around and tell the company they should hire you and you will tell them how to secure it, that can also be blackmail. Is that intent truly not malicious?
 
Last edited:
Do share what you consider a legitimate source that isn't 'noother', since that seems to be the only source you believe.
 
Biznatch said:
It would be more like you left the water running in your backyard and it is flooding out into the street. Your neighbor sees this and 'breaks in' to your backyard to shut the water off because you weren't home. Did he technically break the law? yes. Was it with malicious intent? No. He was doing something he thought would help you, just like the OP.
Click to expand...

Sorry that scenario doesn't seem to fit at all to me. Not sure why you are so defensive of this guy. The act was illegal and he should be punished so. Or should we let people break laws as long as they mean well by it?

I am absolutely not okay with him running amuck in peoples systems as he sees fit but then tells them why.

Lets try the route of a peeping tom but then tells you how to close your blinds. was this his first system he went into or did he go through several before finding someone to talk to?

White hat or whatever won't matter, it isn't going to be something he can use as a legal defense. "But your honor my client is a self proclaimed white hat hacker so he does not do anything with malicious intent."

No I hope this guy gets what he deserves for it.
 
Biznatch said:
Do share what you consider a legitimate source that isn't 'noother', since that seems to be the only source you believe.
Click to expand...

I trust the definitions held by the security industry for such things, not the internet. Or perhaps you could try to use the fact that you are a "gray hat hacker" in the courtroom? I am sure that will go over well...

And again, the claim by the title was that he was white hat. That is demonstrably false. The next claim is that he was gray hat because "obviously" his intentions were pure. We don't actually know that either. What we do know is he broke into someone's system without permission and peaked around. That is black hat activity.

Had the guy bought a nest device, set it up according to the instructions, then broke into it and posted how he did it all to the public, that would be in the gray area.
 
What was the method he used to gain access? Did the owner forget to set a password or some stupid thing?
 
lcpiper said:
Is it not also entirely possible that with the hundreds of thousands(guessing here ?) of NEST cameras sold and in use, that he couldn't have simply found someone who he could get in touch with?

Do I only have to conduct myself in an ethical manner when it's convenient?
Click to expand...

His only legal recourse really would have been to inform NEST - what do you think the chances are that they'd do something about it?

My viewpoint is different to some such as yourself here who are being very black and white about it, when I think that's not really how the world works... I totally agree with you that he was technically breaking the law - no question. But I personally take intent into account, as would a court (even if just for sentencing), and you don't - that's fine, because we're all allowed our opinions - and it doesn't make anyone wrong or right.
 
focbde said:
His only legal recourse really would have been to inform NEST - what do you think the chances are that they'd do something about it?

My viewpoint is different to some such as yourself here who are being very black and white about it, when I think that's not really how the world works... I totally agree with you that he was technically breaking the law - no question. But I personally take intent into account, as would a court (even if just for sentencing), and you don't - that's fine, because we're all allowed our opinions - and it doesn't make anyone wrong or right.
Click to expand...

Here is the problem, you don't know intent. All you know is what some anonymous dude claimed to the owner. How long was he in the device before he informed the owner? How do you know he didn't do anything with the information he received from it? How do you know he didn't share the information about that device to other hackers? You don't. So you can't actually know intent. That is the problem, so many people in here so willing to accept the words of some anonymous hacker on the internet. I mean really...who is more gullible, the owner, or people listening to an anonymous hacker and assuming intent...

What we do know is he broke the law.
 
NoOther said:
Here is the problem, you don't know intent. All you know is what some anonymous dude claimed to the owner. How long was he in the device before he informed the owner? How do you know he didn't do anything with the information he received from it? How do you know he didn't share the information about that device to other hackers? You don't. So you can't actually know intent. That is the problem, so many people in here so willing to accept the words of some anonymous hacker on the internet. I mean really...who is more gullible, the owner, or people listening to an anonymous hacker and assuming intent...

What we do know is he broke the law.
Click to expand...

No, we can't know intent for sure - that's true, and like I said, I agree that technically he broke the law. Where we differ is our own personal take on it essentially - my view is that he didn't need to announce his presence at all, he could have done whatever he wanted and the owner would have been none the wiser, but given he did make his presence known, and informed the owner of the security risk, I personally believe his intention was benign or altruistic. Maybe I'm just someone who likes to give people the benefit of the doubt. Again, doesn't make either of us right or wrong, it's an opinion, and it's absolutely OK for someone to have a different opinion to yours, and there's no requirement to try and force them to adopt yours.
 
focbde said:
No, we can't know intent for sure - that's true, and like I said, I agree that technically he broke the law. Where we differ is our own personal take on it essentially - my view is that he didn't need to announce his presence at all, he could have done whatever he wanted and the owner would have been none the wiser, but given he did make his presence known, and informed the owner of the security risk, I personally believe his intention was benign or altruistic. Maybe I'm just someone who likes to give people the benefit of the doubt. Again, doesn't make either of us right or wrong, it's an opinion, and it's absolutely OK for someone to have a different opinion to yours, and there's no requirement to try and force them to adopt yours.
Click to expand...

Okay, he made his presence known, but his identity? No. So what does making his presence known really do? Many black hat hackers have made their presence known while doing nefarious things. In fact that is part of various social engineering tricks. He could have been doing that to get more information out of the owner.
 
focbde said:
His only legal recourse really would have been to inform NEST - what do you think the chances are that they'd do something about it?

My viewpoint is different to some such as yourself here who are being very black and white about it, when I think that's not really how the world works... I totally agree with you that he was technically breaking the law - no question. But I personally take intent into account, as would a court (even if just for sentencing), and you don't - that's fine, because we're all allowed our opinions - and it doesn't make anyone wrong or right.
Click to expand...

Who do you mean "his"? The White Hat?
Think about what you are saying, he had nothing at all compelling him to do penetration testing, or anything else against the Arizona dude's equipment? He did it entirely on his own, voluntarily, not as an employee providing a service, not as a government service. He's just some Joe Schmo off the street who either likes this hacking security shit and decided all on his won to hack this man's shit. He was under no compulsion whatsoever to do anything except not be a self important prick.

If NEST doesn't do anything, so what? It's not this security researcher's problem, not his responsibility, not even close in any stretch of the imagination. You say NEST won't do anything, so what? He hack's this man's camera, convinces him to disable it, and now that it's in the news, NEST is going to completely change their attitude, recall 1.3 million NEST cameras, and fix them? Is that what you think this man's actions will bring about?

Here is what is an irrefutable result of this White Hat's actions, the home owner no longer has a security camera running at his home. Whatever the reason for his purchase, it's not moot because he turned off his camera and removed it, because it's not secure, someone might hack it for bad reasons, as opposed to the guy that hacked it in a misguided campaign that has no chance of success. The homeowner is currently less secure as a result of this White Hat's actions. The White claimed that the man's computers were already hacked, his info was already out there, the damage is done. but let's violate his personal property and convince him to disable his cameras so that package thieves can steal his Christmas gifts without being identified, so he can't get an SMS text from his camera that someone is breaking into his home, or any of the other functions this camera can provide.

You know why the world works the way you think it works? Because people like you are willing to try and justify wrongs as rights because the wrong was "done for a good cause".

Show me the good cause in this one, where is the silver lining?

The White Hat said the man's info was already compromised, he either lied to make his actions seem helpful, or it's the truth and he didn't save this dude shit.

The NEST vulnerability was already well known, this wasn't news to NEST or the world, no service done here.

As for the court taking intent into account, sorta of sounds like the whole "wrongness" isn't lost on you at all.
 
reminds me when someone from IRC hacked my ink jet printer and printed out a message letting me know which port was open
 
lcpiper said:
Who do you mean "his"? The White Hat?
Think about what you are saying, he had nothing at all compelling him to do penetration testing, or anything else against the Arizona dude's equipment? He did it entirely on his own, voluntarily, not as an employee providing a service, not as a government service. He's just some Joe Schmo off the street who either likes this hacking security shit and decided all on his won to hack this man's shit. He was under no compulsion whatsoever to do anything except not be a self important prick.

If NEST doesn't do anything, so what? It's not this security researcher's problem, not his responsibility, not even close in any stretch of the imagination. You say NEST won't do anything, so what? He hack's this man's camera, convinces him to disable it, and now that it's in the news, NEST is going to completely change their attitude, recall 1.3 million NEST cameras, and fix them? Is that what you think this man's actions will bring about?

Here is what is an irrefutable result of this White Hat's actions, the home owner no longer has a security camera running at his home. Whatever the reason for his purchase, it's not moot because he turned off his camera and removed it, because it's not secure, someone might hack it for bad reasons, as opposed to the guy that hacked it in a misguided campaign that has no chance of success. The homeowner is currently less secure as a result of this White Hat's actions. The White claimed that the man's computers were already hacked, his info was already out there, the damage is done. but let's violate his personal property and convince him to disable his cameras so that package thieves can steal his Christmas gifts without being identified, so he can't get an SMS text from his camera that someone is breaking into his home, or any of the other functions this camera can provide.

You know why the world works the way you think it works? Because people like you are willing to try and justify wrongs as rights because the wrong was "done for a good cause".

Show me the good cause in this one, where is the silver lining?

The White Hat said the man's info was already compromised, he either lied to make his actions seem helpful, or it's the truth and he didn't save this dude shit.

The NEST vulnerability was already well known, this wasn't news to NEST or the world, no service done here.

As for the court taking intent into account, sorta of sounds like the whole "wrongness" isn't lost on you at all.
Click to expand...

Or, due to the publicity, NEST push out an update or take other steps to increase security?

It sounds to me like you intensely dislike someone having an opinion that differs from yours. Good luck with that.
 
NoOther said:
Okay, he made his presence known, but his identity? No. So what does making his presence known really do? Many black hat hackers have made their presence known while doing nefarious things. In fact that is part of various social engineering tricks. He could have been doing that to get more information out of the owner.
Click to expand...

That's true... Neither of us know. You believe worst case, I tend towards best case... :)
 
focbde said:
That's true... Neither of us know. You believe worst case, I tend towards best case... :)
Click to expand...

No, I believe in facts. He broke the law and he didn't have a good enough reason to do it either. At most he is alerted one individual to a misconfiguration, not trying to help the masses by reporting his findings like many others have done before him successfully.

This follows the same logic why vigilantes are generally frowned upon.
 
You must log in or register to reply here.
Back
Top