By Mike Mullins
Some security managers might cringe at the thought of allowing their administrators to visit a hacker site. But it might not be a bad idea, on occasion. Information is a tool. If you use it right, it doesn't matter where it comes from. Listening to the enemy (i.e., hackers) and checking out their weapons has given me an edge in information warfare.
Here are some pros and cons for visiting hacker sites. Read on and decide if there's any value in strolling around the underground.
Pro: Know your enemy
If you're looking for the latest information on a newly developed hack or attack against one of your publicly available systems, hacker sites are the place to go.
When people do something they're proud of, they want recognition and peer respect. Think about it: Who do you tell first when you've solved a complex problem? Do you tell your buddy in the next cube or your manager? People brag, so turn that to your advantage. Go to where hackers brag, and find out if their criminal intent is going to affect your network's security.
Con: Provoking an enemy
Security admins have egos, just like hackers do. However, a hacker's site is not the place to show it off. Leave your ego and your IP address at the anonymous proxy server you use on your way to underground sites. You don't want to create a reason for hackers to target you, or leave a trail for them to follow to your place of business.
Black hats aren't stupid, so remember your mother's advice and don't talk to strangers. If you start chatting with the wrong person, they're going to check you out. They might even decide to test their latest tools on your network. If you go to a hacker site, set up a disposable e-mail account on a public system, and use an anonymous proxy server and a locked down Internet browser.
Pro: Great tools
The black hats have a great assortment of tools—unfortunately for those of us who've been on the wrong end of them. Go see what hackers have that can scan and break into your systems. Don't wait for your OS vendor to put out a patch and save you; be proactive and figure out a patch on your own. Run hacker tools against an isolated system and discover how to block it.
Use a sacrificial machine to scan everything and test every file you download. Make sure this machine doesn't have rights to any part of your network. The laptop I use to visit the dark side of the Internet has given me a Masters degree in image restoration.
Zipped up hacking utilities often have a Trojan, worm, or virus attached. It's easy to get complacent and accidentally unleash a worm or virus from the inside that would have never made it past your normal security perimeter.
I spend about 20 percent of my time amongst the enemy, and I'd say it's been time well spent. I've heard about worms, such as Code Red, and security exploits before they're launched. From a hacker site, I learned how Code Red targeted a specific DLL on Microsoft Web servers. This information allowed me to minimize the worm's effect within our networks. To my way of thinking, if you learn something from a hacker site that helps you defend or secure your network, then the end justifies the means.
Also, if you're careful, the enemy will never know you're there. Look for links to my favorite hacker sites in this column's discussion.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.