Questions tagged [black-hat]

Black hat hacking is the act of using computer security hacking for illegal means, usually to compromise high value computer systems. It is the opposite of white hat hacking.

Black hat is what popular culture associates with the word "hacker"; someone using computer skills to break through the security controls on systems they do not own usually in order to steal, modify, or delete data, spread malware, or commit other acts of cyber crime.

In contrast to white hats, black hat hackers are typically motivated by either personal financial gain or for political motives and often operate in secrecy behind anonymous pseudonyms.

25 questions
61
votes
8 answers

What are the career paths in the (illegal) computer security field?

As a whitehat pentester I often wonder about the darkside. I see myself working in the office, and imagine that there is someone just like me in China or Romania or in their parent's basement that is pretty much doing the exact same thing, but…
rook
  • 46,916
  • 10
  • 92
  • 181
40
votes
4 answers

Is demanding a "donation" before disclosing vulnerabilities black hat behavior?

We have been contacted by an "independent security researcher" through the Open Bug Bounty project. First communications were quite OK, and he disclosed the vulnerability found. We patched the hole and said "thank you", but declined to pay a…
Jacco
  • 7,402
  • 4
  • 32
  • 53
40
votes
3 answers

How do hacking groups register domains remaining anonymous?

Let's take lulzsec as an example; they registered lulzsecurity.com. There are two problems that I don't understand how they solved: They had to pay for it. Tracking down money is generally much easier than tracking down IP addresses. I assume they…
Andreas Bonini
  • 591
  • 1
  • 4
  • 10
29
votes
9 answers

How can an administrator secure against a 0day before patches are available?

I'm working on a thesis about the security hacker community. When a 0day is published, how can an administrator secure his application/website between the time the 0day is published and the patch is developed ? Moreover, most of the time, this same…
K.Fanedoul
  • 417
  • 4
  • 10
12
votes
3 answers

How much money does it take to equip a fully funded black hat team? How much money to defend against such a team?

Richard Bejtlich wrote in July 2009 the following: "I submit that for $1 million per year an adversary could fund a Western-salaried black hat team that could penetrate and persist in roughly any target it chose to attack." (from…
Tate Hansen
  • 13,714
  • 3
  • 40
  • 83
9
votes
3 answers

How do researchers "gain control of an attacking PC" and not themselves be considered attackers / criminals?

In reference to this Network Computing Report article titled "'Operation Shady Rat' Perpetrated Five Years Of Long-Term Attacks On Government, Enterprises" The Cliff's Notes to the article is thus: it has been discovered that many countries and…
Wesley
  • 305
  • 4
  • 13
9
votes
2 answers

Why is FireSheep such a big deal?

We've had WireShark and other tools for a long time before. Why does everybody make such a big deal about FireSheep?
Moshe
  • 1,721
  • 3
  • 16
  • 22
8
votes
3 answers

What does a court need to successfully prosecute a hacker? Please cite previous cases if possible

Once a business decides it is worthwhile to persue legal action against the attacker, what information and processes should be followed so that: Integrity of the investigation is maintained The undesired behaviour will cease The damage is properly…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
8
votes
3 answers

How is "anonymous" getting ahold of all these plain-text passwords

In the last several months there have been several publicized data breaches and public website defacements done by several different hacking groups (which the media loves to group under a single domain - "anonymous") most recently some attacks on…
crasic
  • 541
  • 3
  • 7
7
votes
3 answers

Why aren't ransomware deployers arrested?

Why aren't people who use ransomware to extort money from people arrested? Using ransomware is illegal, presumably. The idea that Bitcoin is anonymous is a myth. Given this, it seems like they should be arrested. Is there a reason they aren't?
PyRulez
  • 2,937
  • 4
  • 15
  • 29
5
votes
5 answers

what is the best keylogger for security uses?

Today we were robbed. A thief come to our home at night and stole some stuff including my brother's laptop. I think that the right thing to do is to download a keylogger on my PC, just in case... I want a free keylogger, which has GPS to locate the…
Lynob
  • 185
  • 2
  • 9
3
votes
1 answer

Mentioned On A Blog By A "Hacker" - Should I Care?

Some (insert noun here) who seems to be a black hat hacker thinks that I am his #1 enemy and has posted some of my information on his blog. He is mad because I am advertising for others. The information he posted on his blog can be found using…
SameOldNick
  • 729
  • 3
  • 10
  • 22
3
votes
2 answers

How Is It Possible For Hackers To "Dig Up The Dirt" On People?

Like the title says, I was wondering how its possible for hackers to "dig up the dirt" and get peoples personal information such as address, credit cards, bank accounts, social insurance number, etc? I would also like to know if there is anyway to…
SameOldNick
  • 729
  • 3
  • 10
  • 22
3
votes
0 answers

What reason would you use the decoy scan option for Nmap?

I'm confused as to why you would use the -D option for Nmap. Is there any 'white hat' reason for using it? Or is it used particularly for malicious purposes?
ssharma
  • 71
  • 5
2
votes
0 answers

OpenPGP smartcards compromised by blackhat 2015 simcard hack?

This blackhat was a new sidechannel attack in the SIM-card AES encryption announced. I am currently using the OpenPGP smart/SIM-card version 2.1 to store my PGP-private keys, which is the same model as the EFF membership card. Does this disclosure…
WhatIsName
  • 131
  • 3
1
2