White Hat Hacker Contacted a Man Through His Security Camera

Discussion in 'HardForum Tech News' started by AlphaAtlas, Dec 18, 2018.

  1. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,541
    Joined:
    Jul 16, 2008

    Wait, which is it?

    Not at all. I'm fine with differing opinions. But when someone condones illegal actions, unethical behavior, etc, because they see some "greater good" I start looking very hard at what's going on. There are a lot of people out there today who seem to think that when someone else does something that they feel is wrong, that it's a justifiable reason for doing more wrong. And what's more, other's are accepting these excuses and giving them a pass for their own transgressions.

    I don't think that anyone can objectively look at this and not see that the researcher took liberties that he didn't need to take. At the very most you can say that he at least motivated the man in Arizona to change his passwords on his computers and maybe some accounts. Not a bad thing except that he could have just sent the man an email. If the man's personal information really was compromised the researcher could have added a link to the information if he wanted to open the guy's eyes. He did not need to violate the man's camera system in order to help him out if that was his motivation.

    But if his motivation was to try and make a "splash" and as you said, create publicity to motivate NEST into fixing their vulnerabilities, are you sure the vulnerability is in NEST's software, or is it a problem in other code that is licensed or free for NEST to use?

    Are there other camera systems like NEST's that don't have the same vulnerabilities? If so, why the difference?

    Maybe you should look at how NEST works with real Security Researchers;
    https://hackerone.com/nest
    https://nest.com/support/article/KRACK-vulnerability

    http://fortune.com/2017/03/07/nest-thermostat-security/

    I think this doesn't sound like Alphabet isn't doing anything about their security issues with NEST products. In fact, as I read the article again, I come to realize that this White Hat didn't actually hack the camera, or exploit a vulnerability, he used a password that he got from hacked passwords gained from websites with poor security. He used a known password from compromised third parties, no vulnerability at all was exploited in the NEST camera. He lied to this man, he wrongly convinced him to shut off his camera. He could have just told the guy that one of his passwords was out there and he should change his passwords.

    Tell me I'm wrong.
     
    Last edited: Dec 20, 2018
    Darunion likes this.
  2. doublejack

    doublejack Limp Gawd

    Messages:
    446
    Joined:
    Apr 13, 2015
    Standard English definition is - a person who uses computers to gain unauthorized access to data.

    This was the work of a white hat hacker. He gained unauthorized access, and then instead of doing something bad he notified the homeowner. This is pretty cut and dry.
     
  3. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,224
    Joined:
    Nov 16, 2009

    A white hat would never gain unauthorized access. A W.H. would be like a pentester who was given explicit(written) permission, or someone trying to hack their own equipment. This would be gray hat actions, where he did violate the law, but without malicious intent. If anyone can find any more actual FACTS about this one way or the other, that may change. But based on the limited information posted here, his action fall under the grayhat label.


    And I'm loving the posts that say we don't know his intent, then make arguments based on their own assumptions. My comments are based on the information provided.
     
    lcpiper likes this.
  4. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,866
    Joined:
    Aug 24, 2005
    Gaining unauthorized access = illegal and unethical = not a white hat

    If the guy contacted this security guy and said "Hey, I just put in a Nest camera, can you see if it's accessible from the internet?" and then the guy got access, he'd be a white hat.

    Snooping the internet for open shit that isn't yours that you haven't been given explicit permission to access = illegal according to current law
     
  5. ChoGGi

    ChoGGi [H]ard|Gawd

    Messages:
    1,462
    Joined:
    May 7, 2005
    http://www.catb.org/jargon/html/H/hacker.html


    Edit: Though if this thread is getting this pedantic, then he's neither a hacker nor cracker. He's at best a script kiddie.
     
  6. lcpiper

    lcpiper [H]ardForum Junkie

    Messages:
    10,541
    Joined:
    Jul 16, 2008

    I am really liking the way you work here. This article, like so many that we bat back and forth on, lacks essential detail and verification. Many of us are guilty of making assumptions on those details that fit preconceived viewpoints on issues.

    The article says that the hacker made a few claims;

    A. That the man's personal information was already compromised and on the internet
    B. That he used a password from his data that had been exposed from a hacked 3rd party website
    C. That he had no malicious intent, didn't mess with this man's systems or data, etc
    D. And that his NEST device was vulnerable
    E. That the "White Hat" is a member of Anonymous and is a Canadian citizen

    How much of this do we take as fact when any, or even all of it, could be fabricated?