Here are links to part 1 and 2 for anyone unable to "hack" the URL scheme. ;)<p><a href="http://blog.whitehatsec.com/interview-with-a-blackhat-part-1/" rel="nofollow">http://blog.whitehatsec.com/interview-with-a-blackhat-part-1...</a><p>(pastebin if it goes down: <a href="http://pastebin.com/jiUM0AFr" rel="nofollow">http://pastebin.com/jiUM0AFr</a>)<p><a href="http://blog.whitehatsec.com/interview-with-a-blackhat-part-2/" rel="nofollow">http://blog.whitehatsec.com/interview-with-a-blackhat-part-2...</a><p>(pastebin if it goes down: <a href="http://pastebin.com/SAKS2CTW" rel="nofollow">http://pastebin.com/SAKS2CTW</a>)
Reading the rest of the articles, it is extremely interesting to see the quality of a real blackhat.<p>The black hat is putting in hard work and making tools while getting an unreasonable amount of funds. (Of course illicit professions have that tendency with risk factor and all.)<p>We're talking about a profession learned strictly from the community that developed extremely specific and effective skills.<p>Anyone able to do that and succeed is obviously talented and it is telling that they were never interested in cashing that talent in a legitimate career with a major tech firm.
Good advertising if this interview is legit.<p><i>Companies don’t purchase DDoS protection. Cloudflare for example offers incredibly strong DDoS protection for 200 dollars a month (also its harder to jack a cloudflare domain). If I extort you for 200-1000 dollars for 1 day why not make yourself immune for the minimal fee?</i>
There was one point in the interview where I thought "ah, this gives me a clue where he's from!" -- the use of the term "fortnight". I don't know of any American who uses this term, so I'd guess he's in the UK. Also the use of the term "Uni".
<i>I’d like to do some research into the time it takes from when blackhats find 0-days to [when] whitehats find them.</i><p>I'm also interested in this question. Is there existing research on this topic? Earlier in the piece he also claims this:<p><i>The thing you have to remember is the black hat world is 10 steps ahead of what’s commercially available. When a 0-day is released blackhats have used it for months.</i><p>Is this statement true? Are the top level blackhats more talented, driven, or greater in number than the top level whitehats? Obviously there is money to be made as a blackhat but not everyone has criminal inclinations. Script kiddies aside, intuition tells me that the intersection of people who have the skill to write an 0-day and the inclination to be a blackhat is smaller than the intersection of skilled/honest people. Not to mention that you can make a perfectly legal fortune (ethics aside) selling exploits to security firms which on-sell them to governments. [1]<p>I'm also interested in his statement about virus scanners - are they really useless? I use Chrome, MS Security Essentials, dont click on devious looking links...and I've had 1 infection flagged in the last 3 years (thanks Adobe). Are there stats on how many infections <i>dont</i> get noticed by anti-virus software, even if you keep the definitions up to date?<p>[1] <a href="http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/" rel="nofollow">http://www.forbes.com/sites/andygreenberg/2012/03/23/shoppin...</a>
I think one of the more interesting parts of this interview is how 'Adam' talks about the relationship between Blackhats and Whitehats. As someone who's always been interested in the computer security world (but never been part of it) I assumed it would be much more adversarial, but it seems more symbiotic than anything.<p><i>"There really isn’t a hatred of whitehats from the blackhats. In fact, quite the opposite. If we stayed with viruses from 2000 because we were never challenged we’d be so out-dated and not capable of making a tenth of the amount of money we make currently. Most blackhats love whitehats for that reason."</i>
Using the term 'blackhat' is pretty darn vague. It's just as vague as using the word 'cloud' (Basically a buzz word).<p>I wouldn't call this guy Blackhat though, if he's stealing credit cards then that's straight up fraud.<p>Usually when people use the term 'blackhat', they are referring to someone who breaks companies terms of service but just below actually breaking the law.