Black hat (computer security)

Last updated

A black hat (black hat hacker or blackhat) is a computer hacker who violates laws or ethical standards for nefarious purposes, such as cybercrime, cyberwarfare, or malice. These acts can range from piracy to identify theft. A Black hat is often referred to as a "cracker". [1]

Contents

The term originates from 1950s westerns, with "bad guys" (criminals) typically depicted as having worn black hats and "good guys" (heroes) wearing white ones. In the same way, black hat hacking is contrasted with the more ethical white hat approach to hacking. Additionally, there exists a third category, called grey hat hacking, characterized by individuals who hack, usually with good intentions but by illegal means. [2] [3] [4]

Description

Criminals who intentionally enter computer networks with malicious intent are known as "black hat hackers". [5] They may distribute malware that steals data (particularly login credentials), financial information, or personal information (such as passwords or credit card numbers). This information is often sold on the dark web. Malware can also be used to hold computers hostage or destroy files. Some hackers may also modify or destroy data in addition to stealing it. While hacking has become an important tool for governments to gather intelligence, black hats tend to work alone or with organized crime groups for financial gain. [2] [6]

Black hat hackers may be novices or experienced criminals. They are usually competent infiltrators of computer networks and can circumvent security protocols. They may create malware, a form of software that enables illegitimate access to computer networks, enables the monitoring of victims' online activities, and may lock infected devices. Black hat hackers can be involved in cyber espionage or protests in addition to pursuing personal or financial gain. [7] For some hackers, cybercrime may be an addictive experience.[ citation needed ]

History

Countries initially affected by the WannaCry ransomware attack Countries initially affected in WannaCry ransomware attack.png
Countries initially affected by the WannaCry ransomware attack

One of the earliest and most notorious black hat hacks was the 1979 hacking of The Ark by Kevin Mitnick. The Ark computer system was used by Digital Equipment Corporation (DEC) to develop the RSTS/E operating system software.

The WannaCry ransomware attack in May 2017 is another example of black hat hacking. Around 400,000 computers in 150 countries were infected within two weeks. The creation of decryption tools by security experts within days limited the extortion payments to approximately $120,000, or slightly more than 1% of the potential payout. [8]

The notable data breaches typically published by major news services are the work of black hat hackers. In a data breach, hackers can steal the financial, personal, or digital information of customers, patients, and constituents. The hackers can then use this information to smear a business or government agency, sell it on the dark web, or extort money from businesses, government agencies, or individuals. [9] The United States experienced a record number of 1,862 data breaches in 2021, according to the Identity Theft Resource Center's 2021 Data Breach Report. Data breaches have been on the rise for some time[ timeframe? ]. From 2013 to 2014, black hat hackers broke into Yahoo and stole 3 billion customer records, making it possibly the largest data breach ever. [10] In addition, the adult website Adult FriendFinder was hacked in October 2016, and over 412 million customer records were taken. [10] A data breach that occurred between May and July 2017 exposed more than 145 million customer records, making the national credit bureau Equifax another victim of black hat hacking. [10]

Strategies

Concealing

One of the most famous black hat methods is to utilize nasty "doorway pages", which are intended to rank highly for specific search queries. Accordingly, the substance of these doorway pages is stowed away from both the clients and the web indexes. Doorway pages are designed to deceive search engines so that they cannot index or rank a website for synonymous keywords or phrases.

Keyword stuffing

Another form of black hat search engine optimization (SEO) is known as keyword stuffing, which involves repeatedly using the same keywords to try to trick search engines. This tactic involves using irrelevant keywords on a webpage (such as on the homepage or in metadata tags) to make it appear more relevant for particular keywords, deceiving people who visit the site. [11]

Link farming occurs when multiple websites or pages link to a particular website. This is done to profit from the pay-per-click (PPC) advertisements on these websites or pages. The issue is that the links only point to the specific website because it promises something in return, when in fact they are only there to increase traffic to the desired website and its popularity. These websites are unethical and will damage the credibility of the website's other pages, possibly reducing its income potential.

Shrouding

Shrouding involves showing different content to clients and web search tools. A website may present search engines with information irrelevant to the website's real content. This is done to boost the website's visibility in search results.

Spamdexing

Spamdexing is a form of black hat SEO that involves using software to inject backlinks to a website into search engine results. This is done solely to raise the website's ranking in search engines.

Unethical redirects

A redirect link is considered unethical if it takes the user to a webpage different from the one indicated in the link. For instance, it is unethical to have a link that should take the user to the website "ABC" but instead takes them to "XYZ". Users are tricked into following an unintended path, even though they might not be interested in the website they land on.

Examples of famous black hats

Kevin Mitnick Kevin Mitnick ex hacker y ahora famoso consultor en redes en Campus Party Mexico 2010.jpg
Kevin Mitnick

Other hat types

White hat

An ethical security hacker is referred to as a white hat or white hat hacker. The term "ethical hacking" is meant to mean more than just penetration testing. White hat hackers aim to discover any flaws in the current system with the owner's permission. Many organizations engage white hat hackers to enhance their network security through activities such as vulnerability assessments. Their primary objective is to assist the organization. [13] While a black hat will illegally exploit a vulnerability or instruct others on how to do so, a white hat hacker will only exploit it with permission and will not reveal its existence until it has been fixed. Teams known as "sneakers and/or hacker clubs," "red teams," or "tiger teams" are also common among white-hat hackers.[ citation needed ]

Grey hat

A grey hat is a hacker who typically does not have malicious intent but often violates laws or common ethical standards. A vulnerability will not be illegally exploited by a grey hat, nor will it instruct others on how to do so; however, the grey hat may trade this information for personal gain. [14] A special group of gray hats are hacktivists, who hack to promote social change. [3]

The ideas of "white hat" and "black hat" hackers led to the use of the term "grey hat" at the end of the 1990s.

Another difference between these types of hackers is how they find vulnerabilities. The black hat will break into any system or network to uncover sensitive information for personal gain, whereas the white hat does so at the request of their employer or with explicit permission to determine how secure it is against hackers. The grey hat typically possesses the white hat's skills and intentions and the black hat's disregard for permission or laws. [4] A grey hat hacker might request organizations for voluntary compensation for their activities. [15]

See also

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

A password manager is a computer program that allows users to store and manage their passwords for local applications or online services such as web applications, online shops or social media. A web browser generally has a built in version of a password manager. These have been criticised frequently as many have stored the passwords in plaintext, allowing hacking attempts.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

<span class="mw-page-title-main">VirusTotal</span> Cybersecurity website owned by Chronicle

VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

Social hacking describes the act of attempting to manipulate outcomes of social behaviour through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission. Most often, social hacking attacks are achieved by impersonating an individual or group who is directly or indirectly known to the victims or by representing an individual or group in a position of authority. This is done through pre-meditated research and planning to gain victims’ confidence. Social hackers take great measures to present overtones of familiarity and trustworthiness to elicit confidential or personal information. Social hacking is most commonly associated as a component of “social engineering”.

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Bug poaching is a cyberextortion tactic in which a hacker breaks into a corporate network and creates an analysis of the network’s private information and vulnerabilities. The hacker will then contact the corporation with evidence of the breach and demand ransom.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

<span class="mw-page-title-main">Anomali</span> American cybersecurity company

Anomali Inc. is an American cybersecurity company that develops and provides threat intelligence products. In 2023, the company moved into providing security analytics powered by artificial intelligence (AI).

Kaspersky Lab has faced controversy over allegations that it has engaged with the Russian Federal Security Service (FSB) to use its software to scan computers worldwide for material of interest—ties which the company has actively denied. The U.S. Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017, alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). In October 2017, subsequent reports alleged that hackers working for the Russian government stole confidential data from the home computer of a National Security Agency (NSA) contractor in 2015 via Kaspersky antivirus software. Kaspersky denied the allegations, stating that the software had detected Equation Group malware samples which it uploaded to its servers for analysis in its normal course of operation.

Government hacking permits the exploitation of vulnerabilities in electronic products, especially software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples.

References

  1. Sheikh, Ahmed (2021), "Introduction to Ethical Hacking", Certified Ethical Hacker (CEH) Preparation Guide, Berkeley, CA: Apress, pp. 1–9, doi:10.1007/978-1-4842-7258-9_1, ISBN   978-1-4842-7257-2, S2CID   239755067 , retrieved 2024-03-08
  2. 1 2 "What is a Black-Hat hacker?". www.kaspersky.com. 2022-02-09. Retrieved 2022-11-27.
  3. 1 2 testovaniebezpecnosti (2017-11-10). "Hackers are not just the bad guys – brief history and classification". HackTrophy (in Slovak). Retrieved 2022-11-27.
  4. 1 2 Luciano, Michael (2018-09-05). "What Are the Three Types of Hackers?". Design World. Retrieved 2022-11-27.
  5. "Black hat, White hat, and Gray hat hackers – Definition and Explanation". www.kaspersky.com. 2022-05-11. Retrieved 2022-11-27.
  6. "Kevin Mitnick - Once the world's most wanted hacker, now he's getting paid to hack companies legally | Black Hat Ethical Hacking | Black Hat Ethical Hacking". 2020-09-14. Retrieved 2024-01-09.
  7. "What is a black hat hacker?". SearchSecurity. Retrieved 2022-11-27.
  8. "What is WannaCry ransomware?". www.kaspersky.com. 2022-02-09. Retrieved 2022-11-27.
  9. Espinosa, Christian (2018-03-09). "Black Hat vs White Hat Hackers". Alpine Security. Retrieved 2022-11-27.
  10. 1 2 3 "Biggest Data Breaches in US History [Updated 2022] | UpGuard". www.upguard.com. Retrieved 2022-11-27.
  11. "Black hat SEO". Twaino. 2022-06-06. Retrieved 2022-11-27.
  12. Greenberg, Andy. "Kevin Mitnick, Once the World's Most Wanted Hacker, Is Now Selling Zero-Day Exploits". Wired. ISSN   1059-1028 . Retrieved 2022-11-27.
  13. Banda, Raphael; Phiri, Jackson; Nyirenda, Mayumbo; Kabemba, Monica M. (2019-03-07). "Technological Paradox of Hackers Begetting Hackers: A Case of Ethical and Unethical Hackers and their Subtle Tools". Zambia ICT Journal. 3 (1): 40–51. doi: 10.33260/zictjournal.v3i1.74 . ISSN   2616-2156.
  14. "What is an ethical hacker and what does the work entail?". SearchSecurity. Retrieved 2022-11-27.
  15. Hanusch, Yonnique Francesca (2021-04-03). "Financial institutions should decline hackers' requests for voluntary compensation". South African Journal of Philosophy. 40 (2): 162–170. doi:10.1080/02580136.2021.1933733. ISSN   0258-0136. S2CID   235676146.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.