The guy in the black hat is actually a white-hat hacker

During a recent educational presentation on wireless security to a group of IT professionals at the Canadian Information Professing Society’s annual ICE Conference in Edmonton, it didn’t take long for Brad Haines to give the attendees what would amount to an enlightening wake-up call.
“If your consultants say your system is secure, they’re lying.” His boldness caused even those busy texting on their Blackberrys to stop and take notice.
Over a 50-minute period, Haines wowed delegates by illustrating how insecure things really can be.
But Haines is not your average presenter. Often billed as a security expert or chief researcher at, he’s also known as RenderMan.
“I’m first and foremost a hacker… a security enthusiast and consummate geek who is curious and loves knowledge.”
And while his fedora is black, as is the rest of his signature attire, RenderMan is a white-hat hacker—one of the good guys. Black-hat hackers are typically out for personal or financial gain.
Haines has a strong penchant for discovering and reporting on systems vulnerabilities and ensuring that people are aware of them. His issue is with consultants’ declarations that imply “secure from now on and forever”. While perhaps true at that moment, he’d prefer they rephrase them as “vulnerabilities not yet found”.
Once a secure technology, WEP (Wired Equivalency Privacy) protocol can now be broken in 60 seconds. “And if you didn’t know about that transition,” Haines says, “you’d think it still was.”
Wireless has changed the rules of the game. A network can physically be locked down, but adding wireless capability could be akin to using a megaphone to announce your presence to the world. “With wireless, we’re back to a shared medium. It’s easy to eavesdrop on communications.”
With readily available hardware—sniffers and analyzers and open source tools like Airpwn, Karma and Metasploit—hackers can monitor, intercept and modify transmissions resulting in the loss and theft of data. This includes private corporate information, personal info such as passwords, bank account and/or credit card numbers, and information leading to possible identity theft.
More than 25 percent of wireless networks in homes and offices are not even password protected. “Many are left at the (factory) default settings… unencrypted, unsecured, with an SSID (station ID) of Linksys.” Not only does this leave the access point vulnerable to attack, it presents an opportunity to an unscrupulous hacker to set up a trap when you take your wireless- and Bluetooth-enabled devices (laptop, PDA) outside to WiFi spots at cafes and airports.
Getting attacked can be as simple as turning on your laptop. If your own SSID matches a possible rogue, then your computer may automatically connect. “Windows likes to automatically connect to recent networks it’s seen before.”
Haines can’t stress it enough: There is no authentication process for free WiFi at hotels and gyms, for example, making it hard to determine if it’s real or fake. The transmission could be routed through an intermediary and all your data would be exposed.
“Even with a secure login, the login may be encrypted but not the session.”
Haines shows the audience a picture of a suspicious looking van with “Free Candy” painted across it. “Users like free WiFi. Who wouldn’t? What’s advertised is not necessarily what’s inside.”
And it’s not just the network connection. Accessing a malicious site could cause you to get viruses, install spyware, and make modifications to your system. Browser exploits—codes that take advantage of bugs in your browser—could also cause unexpected results.
“Once you’re on someone’s site, you’ve given them a conduit to access your system,” concurs Ed Rusnak, CEO of ENC Security Systems and creator of EncryptStick (featured in Edmontonians, November 2009). “When you leave the site, you could also be taking the infections and Trojans back with you to your secure network.”
“How many of you will regret using the free WiFi here?” Haines asked conference participants. At the end of his session—to make his point—he revealed that he had scanned all wireless enabled devices in the room and within range of his equipment.
Haines interest in network security started at W.P. Wagner High School in South East Edmonton, where computer teacher Don McDonald gave him the task of keeping their classroom network running.
“It was the most hostile network on the planet. Teachers weren’t always around; Kids wanted to play games during school hours.” He learned to thrive on the constant challenge of having to find new solutions to lock things down in an ever-changing environment. “It was a classic cat and mouse game.”
But it wasn’t until he attended his first DEF CON, the world’s largest underground hacking conference in 1999 where he says he met the most embracing community of like-minded people, that he realized he was not alone on his quest.
He’s now 30, “but going on 18”. RenderMan fills his days working with his clients to advise them on securing their digital assets. He fills his nights finding new ways to subvert technology to do things it was never meant to do.
Haines prefers to work with small- and medium-sized enterprises, smaller departments and professional services companies, acting as a resource for performance tuning and network security audits. “They can’t afford the big guys and often don’t know they need advice. Often their network expert is the son’s friend’s brother who happens to have a computer… so he’s their IT guy and this is a clinic.”
For Haines, it’s also a social obligation and a soft spot for the Mom and Pop enterprises. “Businesses shouldn’t go under because they used a crappy product and didn’t know better. How do you expect a guy who sells popsicles to know about security? It’s not his business focus.”
He’s also motivated as a user of these products who doesn’t want his data hijacked—possibly by some people he knows.
Haines speaks frequently at hacker and security conferences. Just prior to ICE, he exposed wireless vulnerabilities from a hacker’s perspective at Cyber Security Protection Strategies 2009, hosted by the Conference Board of Canada in Gatineau, Quebec.
He pointed out, “There are things you have not even thought of yet that already exist and can bite you. Be much more diligent and proactive because something that was secure last night, now isn’t.”
Revealing a picture of a circuit with 0.2mm wide solder points, Haines reminds that hackers who are also driven by curiosity will find value in the most innocuous of things—like hacking through the memory of Nintendo DSi. “If someone is willing to solder through a microscope to play video games, how much effort do you think is going into something with money?”
He preaches diligence about security even if you think it doesn’t have anything to do with what you’re doing. “You could be selling ice cream, but you’re processing money… you’re of interest to someone.”
Regardless of his audience, Haines insists he’s not trying to scare them but rather shake things up so they don’t become complacent by creating awareness that “the Emperor has no clothes”.
“We need guys like him to make the public totally aware… someone to find these vulnerabilities. We have to work in this environment,” says Rusnak.
Interestingly, on a trip to the House of Parliament a few days after his Gatineau speech, RenderMan was singled out of a tour group and asked to check his cell phone and briefcase.
“I’m thinking that announcing my intentions at the conference probably led someone to call ahead… and making the Ottawa Citzen’s front page probably didn’t help at all.”
Despite obvious temptations, Haines says he’s never been in trouble, but admits he finds the bad guys much more interesting. “The Joker always seems to enjoy what he was doing for a living. Batman always seems depressed.” Haines prefers to be the spy.
“People don’t like what I do, but I do nothing illegal. If anything weird happens, I better keep my nose clean. I would automatically be one of the usual suspects.”
Strangely enough, Haines’ business card is a Joker from a deck of cards with his info stamped on it.
“At a conference, it stands out.” √

Explore posts in the same categories: Edmonton Tech Community, Greg Gazin

Tags: ,

You can comment below, or link to this permanent URL from your own site.

2 Comments on “The guy in the black hat is actually a white-hat hacker”

  1. Joseph Smith Says:

    This was a really good read lol. I’ve never met Renderman but he seems like a cool guy. His work as a whitehat hacker is also really good.

  2. someone athome Says:

    this guy isnt a black hat or a white had, he’s an asshat.

    the reason he deals with small companies primarily is because any large enterprise would have guys who have been trained professionally in security, and also because is this asshat showed up to work in a fedora Id personally punch him in the face. Wireless surveying WEM in a cape is cause for a mental study, not to be published by a journalist.

    There are plenty of script kiddies living in Mom’s basement attending DEFCon, and there are also a lot of very wise people. This guy is not the latter.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: