The White Team have taken responsibility for a
large peer-to-peer botnet that compromised
more than 10,000 routers to improve the
security of the devices .
The vigilantes contacted Symantec
researcher, Mario Ballano, this week, sending
him a link to a Gitlab page where they had
opened up their code for Wifatch, the software
that broke into routers by using weak and
default passwords (their favourite one being
“password”), going on to clean them of
malware, Bitcoin miners and other dangerous
code. Not all the code is quite there, though the
White Team has promised more is coming.
Bollano confirmed to FORBES that the signatures
posted on Gitlab matched those in the Wifatch
code he’d explored. “Those guys are the real
deal… It’s the real source code, it’s public and
now even licensed,” he noted, evidently excited
at having met those responsible for the
ostensibly-altruistic malware he studied .
Hacking for good?
As for why the White Team decided to create
software that appeared to have broken the law
in breaching the admittedly-poor security of
people’s routers without their permission, the
crew or individual responsible noted on Gitlab:
“First, for learning. Second, for understanding.
Third, for fun, and fourth, for your (and our)
security. Apart from the learning experience,
this is a truly altruistic project, and no malicious
actions are planned.”
They said though they felt bad for abusing
resources that didn’t belong to them, the
positives were manifold. “The amount of saved
bandwidth by taking down other scanning
malware, the amount energy saved by killing
illegal bitcoin miners, the number of reboots and
service interruptions prevented by not
overheating these devices, the number of
credentials and money not stolen should all
outweigh this. We co-opted your devices to help
the general public (in a small way).”
What’s more, The White Team responded to
comments from free and open software activist
Richard Stallman to this publication, whose
email signature had been used in some of the
comments delivered in the exploits. They agreed
with Stallman that people’s permission should
have been obtained, but they hadn’t done that
for unexplained reasons. They also placed their
malware (or goodware depending on which way
you look at it) under the General Public License,
the widely-used free software license written by
Stallman.
There’s still a concern that despite the hackers’
promises, they could still use Wifatch for evil –
something The White Team even warned about.
When asked if they could be trusted, the hackers
wrote: “Of course not, you should secure your
device.”
Some are unimpressed by the illegal tactics of
the hackers. As Ted Harrington, of Independent
Security Evaluators, told me last week, though
there are too many insecure devices on the
market, “violating systems as a path to
remediation is not the right way to go”.
Whatever the morals at play, the question
remains: who are the White Team? The name
itself reveals little; it’s often the term for those
in an organisation who referee training
practices amongst security staff, traditionally
between the offensive Red and defensive Blue
teams.
The Wifatch code looks well-written and doesn’t
contain any revealing comments, whilst the
email listed on Gitlab has no links to other
activity on the web whatsoever, indicating the
hackers have been careful about covering their
tracks.
No comments:
Post a Comment