Dark Cloud Memoir is a special feature produced by technology we-media Xianhei Technology.

In 2016, the cloud of vulnerability platform was shut down. A year later, I tried to interview the people involved in black Cloud to get their thoughts on cyber security, white hat hackers, and the world. May these records inspire more people to think.

Everyone has a position and a reason, and their anger, fear and selfishness are understandable. I only pray that I have a pair of faithful eyes to note the beauty or desolation of this world.

This is an interview with Oudi, a former partner of Dark Cloud, for the first installment of dark Cloud Memoirs.

Oudi: The cloud has done its job

 

Oral | | history WuDi

 


The cloud has done its job.


WuDi said.


Wu Di, a former co-founder of vulnerability platform Black Cloud, has joined a security startup.


On July 20, 2016, the cloud cloud page suddenly displayed “upgrade notice” and has been closed since then. On November 12, 2017, 480 days after the Dark Cloud event, I sat across from Oudi. Another protagonist of this story is Fang Xiaodun, known as Jianxin, the founder of “Dark Cloud”. Like Oudi, Fang is waiting for the dark cloud to play out.


In a cafe, Uday told me some of the stories of the past:


(a)


I met Fang Xiaodeng in 2012.


IT was my seventh year of deep conviction at an established IT company.


A colleague came to me and told me that a media outlet called Cloud had exposed a bug in our product. As brand director, I had to find a way to smooth things over.


I managed to find the phone number of Yun Yun’s contact, and fang’s hoarse voice came from the other end.


‘The dark cloud is not the media, but the platform for bugs,’ he said. The vulnerabilities were submitted by private “white hat hackers” and made public so that Chinese companies could take cyber security seriously. I said, thank you very much. We have paid attention and fixed the bug. Is it possible to delete the post? ‘That’s probably not going to happen,’ he said. As long as sent to the cloud site vulnerabilities, there is no way to delete. Each post, is a warning light, the light is enough, enterprises will pay enough attention to their own safety construction.


I’m a little surprised that the logic of this person’s discourse doesn’t include “money.” So I searched for “Fang Xiaodun” and learned that he was a senior security expert. He used to work for Baidu, and he sang a miserable song on “Day Day Up” with Robin Li. Nothing else.


A few weeks later, I went up to Beijing to meet him for coffee.


Hard drive coffee from the Sigmar Building. I saw him. Shoulder length hair, unkempt, jeans, old short sleeves, splint slippers, low voice but clear logic. Pretty hacker.


I asked again to delete the post, hinting that I could pay some money, but he refused. Having been in the market for so many years, I can tell when someone really doesn’t want money. So I gave up and became more interested in the dark cloud.


‘When I left Baidu, I was at T7,’ Mr. Fang said. ‘If I stay, I can get even higher. But he was convinced he had another calling. He said the security circle is too closed, so many Internet companies are full of loopholes, personal information is constantly stolen by hackers, telecom fraud, cyber attacks have reached an appalling level. However, the public has no way to learn the truth, allowing their privacy rights to be trafficked and violated. Someone needed to tell the truth, and he was convinced that he should be the one doing it.


The model he envisions is:


Encourage “white hat hackers” — private technical personnel interested in network security technology — to submit vulnerabilities of each enterprise, which will be released unconditionally after cloud review. White hat obtains recognition, technical exchange and sense of honor on this platform. Enterprises get their vulnerability details and sense of crisis here, and urge themselves to improve security.


This became known as the “dark cloud model”. It was a model that made my blood boil and, of course, changed all of our lives.


Two years later, I chose to join the Cloud. “Mad Dog”, another founder, recalled to me that I had known Fang Xiaodun for three years in 2012. At that time, there were only two or three people, all of whom lived in private houses without salary and filled in their savings. They believed they were doing something great.


(2)


Since I met Fang Xiaodeng, EVERY time I went to Beijing, I would ask him for a chat.


Especially when I found that many of our peers, and even security ability very strong BAT, all are “white hat” on the clouds broke a hole, the company from top to bottom also began to lay down their hostility towards the clouds, and even our technical staff will check the similar products in the clouds get caught up in what loophole, then hurry up to check their products if you have any questions.


In 2013, Deep convinced to push a blockbuster product: the next generation firewall.


Before launch, in a responsible attitude to users, we hope to do an in-depth safety test of the product. So we found a security company in Guangdong Province, and they checked item by item according to the “Check List”, and concluded that the product is safe and has no vulnerabilities.


Despite this result, we felt that it was premature to launch the product, so I thought of Fang Xiaodeng. I asked him if Cloud could do something like “safety testing.”


He came up with an idea. We mapped the firewall to a network address, and Dark Cloud organized “white hats” to test the product online. We find a leak, we pay the white hat.


This is the cloud cloud launched the first product “cloud test”. Deep Conviction was its first customer. During the mass test, White Hat found more than ten high risk vulnerabilities in the product. We were quite shocked by the comparison with the previous “0 vulnerability report”.


In April 2014, Fang Xiaodeng suddenly sent me some screenshots of a test report from “Cloud Test”. Although the company’s name is coded, I can see that crowdtesting has found hundreds of security vulnerabilities for the company.

On QQ, he asked me whether I would like to come to Wuyun because the testing is doing well and the team is planning to make new products.


At the time, I was intrigued. I may be an idealist and have always been enamored of the experience of joining a great company early on and working with people to change the industry and make history.


Based on my judgment of “cloud cloud mode” and my understanding of “cloud Cloud measurement”, I believe that cloud cloud will definitely be written into the history of China’s network security in the future.


Only, I had already become a family in Shenzhen at that time, according to the secular view, should have also had, did not have any idea to change the job originally.


My community was built on a hill, and for the month I received the invitation, I went for a walk on the hill after eating at 7 o ‘clock every day, sometimes by myself, sometimes with my wife, thinking about my options, and didn’t return home until nearly 10 o ‘clock each day.


In 2014, The smog was rampant in Beijing, and I was very resistant. Not only that, but if you join a cloud, your stock goes to zero, your salary is halved, and your bonus is gone. I remember at the height of my struggle, my wife suddenly turned to me and said: Money can be made anytime, but it’s not often in life to find the ideal opportunity. I close my eyes now, and I see her eyes back then.


Finally, I decided to use the hands of all this, for the dark clouds of the future.


But I don’t think my parents can understand my choice. In order to make my parents not worry, I told them that I had invested in a company called “Dark cloud” in Beijing, and I was stationed there to take charge of it.

 

(3)


It was oudi’s first day at the office.


At that time, Yun Yun just moved to shangdi, Ka Wah Building. The previous owner of this office was Huobi. With the exception of Kenheart, Mad Dog, Sleepy Dragon, and Udy, who are older and born in the ’80s, there are about a dozen other people born in the’ 90s.


‘Some came at 11 o ‘clock, some in the afternoon,’ Mr. Uday recalls. ‘It was a little rambling.’ But everyone was so good at it, all they talked about was technology, and no one discussed anything else over lunch. They love safety, they love what clouds do, and they scoff at any attempt to cover up or gloss over security problems. They are a bunch of idealists.

 

“Did it ever occur to you that it was idealism that closed the clouds?” I asked.


“Yes.” He thought, “But realists don’t make clouds.”


It was then that he began to get to know the White Hats in earnest.


Hackers themselves are carriers of rebellious spirit, and white hats are also a special group of technical groups. A lot of white hat hackers graduated from high school, dropped out of college, and so on. Quite a few of them are dissatisfied with school education and teach themselves computer knowledge. Many of these people are “ghosts,” says Oudi, but society doesn’t give them enough space.


In the past, many white hats could hardly enter big companies because of their academic qualifications.


But with the cloud, they can submit bugs on it, get the attention of the community and the public, and prove their technical abilities, through which they can get a decent job and a decent income at a big company. Faced with the temptation of black birth, they can say no more firmly. Perhaps the cloud has turned this group away from cybercrime and given them a new life possibility.


Oudi recalls.


But at the same time, within these white hats came another, more specific group. They became the “core white hats” in the cloud system.


These core white hats are often able to “defeat one hundred” and find huge loopholes that other white hats cannot find. When these loopholes are exposed, they can even cause a great uproar in public opinion. For example, in March 2014, Dark clouds suddenly exposed Ctrip leaking citizens’ credit card information; In 2015, Cloud Cloud revealed 12,306 passenger information leaks. These exposures have directly promoted the historical process of network security.


According to Oudi’s observation, there is a big difference between a core white hat and a regular white hat. They tend to be highly educated, some with PHDS and well-paid jobs, but their lives are simple or even boring. Digging holes is more of a hobby. They care less about money than about their dream of a world without thieves.


After a series of important Revelations, Ugdie’s fascination with the core white hats turned into admiration. He can still recall some stories:


White Hat A tested Tesla’s website and found that A deposit of 300,000 yuan was required to reserve A Model S electric car online, but he was able to advance 300,000 yuan with only 1 yuan through A loophole.


After he submitted the bug to Tesla, Tesla, in recognition of his contribution, told him that the 1 yuan was considered 300,000 yuan and he could take away a car as long as he paid the balance. His family was good enough to buy a Tesla, but he turned it down.


He said he did it to find loopholes, not for the reward.


No matter how serious the vulnerability, the cloud will force disclosure. The attitude is the same as that of Fang xiaodeng, who was convinced by Ogdi.


These “white hats at the core of the dark cloud” stirred up the entire Chinese Internet, where hate and love began to interweave. There is also talk of a “cloud model”. Conservatives believe that progress takes time, while radicals believe that right must be overdone.


In the white hat community, Although Oudi is not a hacker, he often receives emails from the black industry. Some e-mails hide their words and leave a QQ number. Out of curiosity, he would search for it, and when he saw that the signature was full of “slang”, he knew it was a black product. Someone even called directly and said, you help me build a website, I will give you 1 million first, and then I will give you 2 million when it’s done.


“The white hats get more emails and phone calls. They often post screenshots of their conversations to the company’s group, and each order is worth a car, which, given their skill level, is all they need to earn. But as a joke, no one actually takes orders. Although some of them wanted to buy houses, they were really short of money.” He said.


“How do you make sure they didn’t go black?” I asked.


“Because at the end of the day those colleagues were still renting and asking us for money.” He said.


In addition to resisting the lure of money, the white caps also had to deal with doubts and even threats.


There was a time when a well-known giant called up the staff of Cloud Cloud and spelled out the colleague’s name, ID number and home address verbatim, implying that “necessary action” would be taken if their vulnerability was found again. I’d be lying if I said I wasn’t. But after one night, he still did what he was supposed to do at work the next day.


WuDi said.


Relying on such a group of idealistic white hats, it was no surprise that the storm clouds exploded in those years, making headlines and being known for exposing the dark shadows of the Internet. Fang xiaodeng became a flag-bearer of some hacker spirit. The white hats are scattered all over the Internet, with different educational backgrounds and main occupations, but they all converge under the flag. Some of them are die-hard fans and have chosen to join cloud Cloud and become one of dozens of employees, contributing to the subsequent products “Cloud Cloud Testing” and “Tangscan”.


I ask Oudie what he really thinks of the white Hats now.


He thought about it and divided the history of Chinese hacking into three stages:


Age of hackers: From the 1990s until 10 years ago, there was no pure white hat or black hat. Hackers may submit vulnerabilities to companies, but with no expected return, they may also go rogue and use their skills to commit crimes. The same person may have two identities, black and white, with no clear boundaries.


Pre-white Hat era: Since cloud was established in 2010, hackers have gradually split into two groups: white hats and black hats. The white hat, which represents idealism, is submitted to black cloud or other platforms to gain popularity after discovering loopholes in the company. And the black hat on behalf of realism after discovering loopholes, sold to the underground black production, and the world to play hide and seek.


Post-white Hat era: After the “Jiayuan Case” and “Cloud Cloud Event” in 2016, the white hat group was divided, and some white hats chose the platform of “authorization test”, completely abiding by the law, and no longer exposed vulnerabilities. Some of the white hats turned to other occupations, and some of the marginal white hats went into the black industry and went underground. For now, they have disappeared from public view.


(4)


In June 2016, just one month before the “Dark cloud incident”, Fang xiaodun sent me a message on QQ: “I want to shut down the main website of dark cloud.”


I was stunned.


I figured he must have known something, or at least felt something, but in the end he didn’t tell me.


I distinctly remember looking up at a group of young men sitting outside the house. They are here because of us, because of the clouds, or because of some ideal. “Turn off the clouds, but what about them?” I think we have an unshirkable responsibility for these pure and ideal 90’s.


But what happened a month later proved that not only were we not messiahs, but maybe the opposite.


I’ve always thought that if we had been less self-righteous, less compassionate, and closed the clouds earlier, things might have been different. But no one is god.


Later, someone asked me if you hated Fang Xiaodun. I said no, he did his best. If I were him, I might not do as well as he did. Of course, if there is an opportunity, we should have more communication with relevant departments.


In early July 2016, the Black Cloud Conference was held. We specially saved a forum and brought together white hats, network forensics experts and leaders of public security organs to discuss the “loophole mechanism”. I remember Fang xiaodeng on stage, sparing no effort to support “cloud mode”. But perhaps no one could understand what emotions were stirring inside him.


Ten days later, something happened that was well known in security circles and much of the Internet.

 

(6)


It was a long time before I turned on my phone for the first time.


It was an iPhone, and it worked well. But the phone seemed to freeze for dozens of minutes. Familiar people, unfamiliar people, media, customers, friends who have not been in touch for a long time, they send wechat messages before they have a chance to flash, they are topped by other people’s messages. They asked me how I was doing with interest, taking care to avoid my wounds. The missed phone message followed message after message, as if there was no rest.


I told my parents THAT I never intended to do a bad thing, but the result might not be satisfactory.


They said, You don’t have to. We know our son. Just come back.


During those months, I vowed to join a big company. So maybe the future of life will not have so many risks, just like when Fang Xiaodun if not to leave Baidu, his life will be stable and stable, will be free of food and clothing, behind everything is but an illusory dream.


I did get offers from a number of companies, and I was going to pick one.


One night, however, I woke up suddenly in the middle of the night. I thought I saw Fong walking up to me. I seem to see the brothers and sisters of the cloud, and see those who are not afraid of threats and do not pay for the ideal of the white hat. They ask me quietly if I still want to be a part of a great startup, and if I still want to be remembered. I sat up and looked out the window. The night was like the sea and God was silent.


After a few seconds, IT dawned on me and I fell asleep like a baby. That night, I had the best dream of my life.


I turned down offers from big companies and ended up joining a cybersecurity startup. I guess, for idealists, some things are meant to be, hard, through fire and water, unchangeable.


After the black cloud accident, many people asked me whether I regretted quitting my deep belief to come to black cloud. It may surprise you, but I don’t regret it.


I told my father back home on the phone that I had decided to join a startup after all. The father said, I’m rooting for you because I already knew that my son, no matter what he had been through, would have the courage to start again.


‘I’m proud of you,’ he said.

 

(7)


Oudi folded his memories and looked out the window.


Outside, the sky was blue and it seemed to stretch a long-lived frown.


“The cloud has done its job. It’s time to say goodbye.” He said.


I followed his gaze as far as I could see.


“Why?” I asked.


For a long time, I thought it was the clouds that made history. But now I know that history chose the clouds.


It was an era when the Internet exploded and no one paid much attention to cyber security. Cybercrime is on the rise, but no one is telling the public exactly how they are being victimized. In the face of the falling world, someone needs to stand up — the child who shouted out the emperor’s new clothes, and it happens to be us.


There are always debates about whether the cloud model is extreme and whether disclosure of vulnerabilities is warranted, but in those days we had no choice.


Do you understand? There’s no choice.


He stared at me and said.


“Does that era still exist?”


“No. The dark clouds began and ended with this era.”


“Were there any regrets at that time?”


“We have brought the issue of cyber security from a small, closed group to the public, and made the whole society pay attention to security. Dark clouds have no regrets.”


“Where are the white hats of the black clouds?”


“Some emigrated and were never heard from again. Others give up security for a while and become regular programmers. In April I met a core white hat B who single-handedly changed the course of China’s cyber security. Now he works as a programmer in a big enterprise. During the day, he writes code in the grid of Xi Er Banner, and at night, he writes code in the grid of Huilongguan.”


“No more digging?”


“No more digging.”


“Did you say anything to him?”


“I said I felt sad.”


‘Have the white hats all left?


“I prefer to believe that they are waiting.”


“Waiting for what?”


“They stood up when The Times called. As the tide receded, they waited for a new mission. They wait to be abandoned or remembered, for the world to tell them what is good and bad and right and wrong.”

 










“”