Black hat (computer security)

Last updated

A black hat (black hat hacker or blackhat) is a computer hacker who violates laws or ethical standards for nefarious purposes, such as cybercrime, cyberwarfare, or malice. These acts can range from piracy to identity theft. A black hat is often referred to as a "cracker". [1]

Contents

The term originates from 1950s westerns, with "bad guys" (criminals) typically depicted as having worn black hats and "good guys" (heroes) wearing white ones. In the same way, black hat hacking is contrasted with the more ethical white hat approach to hacking. Additionally, there exists a third category, called grey hat hacking, characterized by individuals who hack, usually with good intentions but by illegal means. [2] [3] [4]

Description

Criminals who intentionally enter computer networks with malicious intent are known as "black hat hackers". [5] They may distribute malware that steals data (particularly login credentials), financial information, or personal information (such as passwords or credit card numbers). This information is often sold on the dark web. Malware can also be used to hold computers hostage or destroy files. Some hackers may also modify or destroy data in addition to stealing it. While hacking has become an important tool for governments to gather intelligence, black hats tend to work alone or with organized crime groups for financial gain. [2] [6]

Black hat hackers may be novices or experienced criminals. They are usually competent infiltrators of computer networks and can circumvent security protocols. They may create malware, a form of software that enables illegitimate access to computer networks, enables the monitoring of victims' online activities, and may lock infected devices. Black hat hackers can be involved in cyber espionage or protests in addition to pursuing personal or financial gain. [7] For some hackers, cybercrime may be an addictive experience. [8] [9]

History

Countries initially affected by the WannaCry ransomware attack Countries initially affected in WannaCry ransomware attack.svg
Countries initially affected by the WannaCry ransomware attack

One of the earliest and most notorious black hat hacks was the 1979 hacking of The Ark by Kevin Mitnick. The Ark computer system was used by Digital Equipment Corporation (DEC) to develop the RSTS/E operating system software.

The WannaCry ransomware attack in May 2017 is another example of black hat hacking. Around 400,000 computers in 150 countries were infected within two weeks. The creation of decryption tools by security experts within days limited the extortion payments to approximately $120,000, or slightly more than 1% of the potential payout. [10]

The notable data breaches typically published by major news services are the work of black hat hackers. In a data breach, hackers can steal the financial, personal, or digital information of customers, patients, and constituents. The hackers can then use this information to smear a business or government agency, sell it on the dark web, or extort money from businesses, government agencies, or individuals. [11] The United States experienced a record number of 1,862 data breaches in 2021, according to the Identity Theft Resource Center's 2021 Data Breach Report. Data breaches have been on the rise for some time[ timeframe? ]. From 2013 to 2014, black hat hackers broke into Yahoo and stole 3 billion customer records, making it possibly the largest data breach ever. [12] In addition, the adult website Adult FriendFinder was hacked in October 2016, and over 412 million customer records were taken. [12] A data breach that occurred between May and July 2017 exposed more than 145 million customer records, making the national credit bureau Equifax another victim of black hat hacking. [12]

Strategies

Concealing

One of the most famous black hat methods is to utilize nasty "doorway pages", which are intended to rank highly for specific search queries. Accordingly, the substance of these doorway pages is stowed away from both the clients and the web indexes. Doorway pages are designed to deceive search engines so that they cannot index or rank a website for synonymous keywords or phrases.

Keyword stuffing

Another form of black hat search engine optimization (SEO) is known as keyword stuffing, which involves repeatedly using the same keywords to try to trick search engines. This tactic involves using irrelevant keywords on a webpage (such as on the homepage or in metadata tags) to make it appear more relevant for particular keywords, deceiving people who visit the site. [13]

Link farming occurs when multiple websites or pages link to a particular website. This is done to profit from the pay-per-click (PPC) advertisements on these websites or pages. The issue is that the links only point to the specific website because it promises something in return, when in fact they are only there to increase traffic to the desired website and its popularity. These websites are unethical and will damage the credibility of the website's other pages, possibly reducing its income potential.

Shrouding

Shrouding involves showing different content to clients and web search tools. A website may present search engines with information irrelevant to the website's real content. This is done to boost the website's visibility in search results.

Spamdexing

Spamdexing is a form of black hat SEO that involves using software to inject backlinks to a website into search engine results. This is done solely to raise the website's ranking in search engines.

Unethical redirects

A redirect link is considered unethical if it takes the user to a webpage different from the one indicated in the link. For instance, it is unethical to have a link that should take the user to the website "ABC" but instead takes them to "XYZ". Users are tricked into following an unintended path, even though they might not be interested in the website they land on.

Examples of famous black hats

Kevin Mitnick Kevin Mitnick ex hacker y ahora famoso consultor en redes en Campus Party Mexico 2010.jpg
Kevin Mitnick

Other hat types

White hat

An ethical security hacker is referred to as a white hat or white hat hacker. The term "ethical hacking" is meant to mean more than just penetration testing. White hat hackers aim to discover any flaws in the current system with the owner's permission. Many organizations engage white hat hackers to enhance their network security through activities such as vulnerability assessments. Their primary objective is to assist the organization. [16]

Grey hat

A grey hat is a hacker who typically does not have malicious intent but often violates laws or common ethical standards. A vulnerability will not be illegally exploited by a grey hat, nor will it instruct others on how to do so; however, the grey hat may trade this information for personal gain. [17] A special group of gray hats are hacktivists, who hack to promote social change. [3]

The ideas of "white hat" and "black hat" hackers led to the use of the term "grey hat" at the end of the 1990s.

Another difference between these types of hackers is how they find vulnerabilities. The black hat will break into any system or network to uncover sensitive information for personal gain, whereas the white hat does so at the request of their employer or with explicit permission to determine how secure it is against hackers. The grey hat typically possesses the white hat's skills and intentions and the black hat's disregard for permission or laws. [4] A grey hat hacker might request organizations for voluntary compensation for their activities. [18]

See also

Related Research Articles

<span class="mw-page-title-main">Hacker</span> Person skilled in information technology

A hacker is a person skilled in information technology who achieves goals by non-standard means. The term has become associated in popular culture with a security hacker – someone with knowledge of bugs or exploits to break into computer systems and access data which would otherwise be inaccessible to them. In a positive connotation, though, hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques to collect evidence on criminals and other malicious actors. This could include using anonymity tools to mask their identities online and pose as criminals.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Antivirus software</span> Computer software to defend against malicious computer viruses

Antivirus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Social engineering (security)</span> Psychological manipulation of people into performing actions or divulging confidential information

In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in the sense that it is often one of the many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take an action that may or may not be in their best interests."

A white hat is an ethical security hacker. Ethical hacking is a term meant to imply a broader category than just penetration testing. Under the owner's consent, white-hat hackers aim to identify any vulnerabilities or security issues the current system has. The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission.

A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.

A security hacker or security researcher is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

<span class="mw-page-title-main">Kaspersky Internet Security</span> Internet security suite developed by Kaspersky Lab

Kaspersky Internet Security is a internet security suite developed by Kaspersky Lab compatible with Microsoft Windows and Mac OS X. Kaspersky Internet Security offers protection from malware, as well as email spam, phishing and hacking attempts, and data leaks. Kaspersky Lab Diagnostics results are distributed to relevant developers through the MIT License.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since 2010.

Bug poaching is a cyberextortion tactic in which a hacker breaks into a corporate network and creates an analysis of the network’s private information and vulnerabilities. The hacker will then contact the corporation with evidence of the breach and demand ransom.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

Kaspersky Lab has faced controversy over allegations that it has engaged with the Russian Federal Security Service (FSB) to use its software to scan computers worldwide for material of interest—ties which the company has actively denied. The U.S. Department of Homeland Security banned Kaspersky products from all government departments on 13 September 2017, alleging that Kaspersky Lab had worked on secret projects with Russia's Federal Security Service (FSB). In October 2017, subsequent reports alleged that hackers working for the Russian government stole confidential data from the home computer of a National Security Agency (NSA) contractor in 2015 via Kaspersky antivirus software. Kaspersky denied the allegations, stating that the software had detected Equation Group malware samples which it uploaded to its servers for analysis in its normal course of operation.

References

  1. Sheikh, Ahmed (2021), "Introduction to Ethical Hacking", Certified Ethical Hacker (CEH) Preparation Guide, Berkeley, CA: Apress, pp. 1–9, doi:10.1007/978-1-4842-7258-9_1, ISBN   978-1-4842-7257-2, S2CID   239755067 , retrieved 2024-03-08
  2. 1 2 "What is a Black-Hat hacker?". www.kaspersky.com. 2022-02-09. Retrieved 2022-11-27.
  3. 1 2 testovaniebezpecnosti (2017-11-10). "Hackers are not just the bad guys – brief history and classification". HackTrophy (in Slovak). Retrieved 2022-11-27.
  4. 1 2 Luciano, Michael (2018-09-05). "What Are the Three Types of Hackers?". Design World. Retrieved 2022-11-27.
  5. "Black hat, White hat, and Gray hat hackers – Definition and Explanation". www.kaspersky.com. 2022-05-11. Retrieved 2022-11-27.
  6. "Kevin Mitnick - Once the world's most wanted hacker, now he's getting paid to hack companies legally | Black Hat Ethical Hacking | Black Hat Ethical Hacking". 2020-09-14. Retrieved 2024-01-09.
  7. "What is a black hat hacker?". SearchSecurity. Retrieved 2022-11-27.
  8. "Teen hackers study considers link to addiction". BBC News. 2016-10-24. Retrieved 2024-08-12.
  9. "How European authorities want to tackle child hacking". euronews. 2023-06-12. Retrieved 2024-08-12.
  10. "What is WannaCry ransomware?". www.kaspersky.com. 2022-02-09. Retrieved 2022-11-27.
  11. Espinosa, Christian (2018-03-09). "Black Hat vs White Hat Hackers". Alpine Security. Retrieved 2022-11-27.
  12. 1 2 3 "Biggest Data Breaches in US History [Updated 2022] | UpGuard". www.upguard.com. Retrieved 2022-11-27.
  13. "Black hat SEO". Twaino. 2022-06-06. Retrieved 2022-11-27.
  14. Greenberg, Andy. "Kevin Mitnick, Once the World's Most Wanted Hacker, Is Now Selling Zero-Day Exploits". Wired. ISSN   1059-1028 . Retrieved 2022-11-27.
  15. Podcast, Malicious Life. "Malicious Life Podcast: The Real Story of Citibank's $10M Hack". Cybereason Blog. Retrieved 2024-11-30.
  16. Banda, Raphael; Phiri, Jackson; Nyirenda, Mayumbo; Kabemba, Monica M. (2019-03-07). "Technological Paradox of Hackers Begetting Hackers: A Case of Ethical and Unethical Hackers and their Subtle Tools". Zambia ICT Journal. 3 (1): 40–51. doi: 10.33260/zictjournal.v3i1.74 . ISSN   2616-2156.
  17. "What is an ethical hacker and what does the work entail?". SearchSecurity. Retrieved 2022-11-27.
  18. Hanusch, Yonnique Francesca (2021-04-03). "Financial institutions should decline hackers' requests for voluntary compensation". South African Journal of Philosophy. 40 (2): 162–170. doi:10.1080/02580136.2021.1933733. ISSN   0258-0136. S2CID   235676146.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.