Information about Black Hat

A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.^[1] The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country's laws is actually software cracking.

Terminology

Use of the term "cracker" is mostly limited (as is "black hat") to some areas of the computer and security field and even there, it is considered controversial. Until the 1980s, all people with a high level of skills at computing were known as "hackers". A group that calls themselves hackers refers to "a group that consists of skilled computer enthusiasts". The other, and currently more common usage, refers to those who attempt to gain unauthorized access to computer systems. Over time, the distinction between those perceived to use such skills with social responsibility and those who used them maliciously or criminally, became perceived as an important divide. Many members of the first group attempt to convince people that intruders should be called crackers rather than hackers, but the common usage remains ingrained. The former became known as "hackers" or (within the computer security industry) as white hats, and the latter as "crackers" or "black hats". The general public tends to use the term "hackers" for both types, a source of some conflict when the word is perceived to be used incorrectly; for example Linux has been criticised as "written by hackers". In computer jargon the meaning of "hacker" can be much broader.

Usually, a black hat is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many black hats hack networks and web pages solely for financial gain. Black hats may seek to expand holes in systems; any attempts made to patch software are generally done to prevent others from also compromising a system they have already obtained secure control over. A black hat hacker may write their own zero-day exploits (private software that exploits security vulnerabilities; 0-day exploits have not been distributed to the public). In the most extreme cases, black hats may work to cause damage maliciously, and/or make threats to do so as extortion.

Methods

Techniques for breaking into systems can involve advanced programming skills and social engineering, but more commonly will simply be the use of semi-automatic software. Common software weaknesses exploited include buffer overflow, integer overflow, memory corruption, format string attacks, race conditions, cross-site scripting, cross-site request forgery, code injection and SQL injection bugs.

Notable crackers and computer criminals

Note that many of these individuals have since turned to fully legal hacking.

• Mark Zbikowski — In his senior year at Roeper, c. 1973/4, Zbikowski became known as one of the earliest computer crackers, after cracking the security system on Wayne State University's MTS (Michigan Terminal System, developed at University of Michigan) mainframe for his own amusement. According to Zbikowski, when he offered to show the university how to fix the security leak, university officials threatened prosecution and offered him a job during the same meeting.
• Jonathan James (also known as c0mrade) made unauthorized copies of software controlling the International Space Station's life sustaining elements, and intercepted thousands of electronic messages relating to U.S. nuclear activities from the Department of Defense. Sentenced at age 16, he was the youngest cybercriminal ever incarcerated in the United States.
• Dark Avenger — Bulgarian virus writer that popularized polymorphic code in 1992 as a means to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.
• Markus Hess — A West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.
• Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into giving out $10 million. To this day, the method used is unknown, but can be speculated.
• Robert Tappan Morris — In 1988 while a Cornell University graduate student was the writer of the first worm, Morris Worm, which used buffer overflows to propagate.
• Nahshon Even-Chaim (also known as Phoenix) — Leading member of Australian hacking group The Realm. Targeted US defense and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He and fellow Realm members Electron and Nom were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.
• Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.
• Kevin Mitnick - Mitnick was convicted in the late 1990s of illegally gaining access to computer networks and stealing intellectual property.
• Jon Murdock (also known as Xtasy) — In 2004, Murdock was convicted on multiple counts of cyber-terrorism, internet fraud, and was then prosecuted for allegedly causing over $12,000,000 in online theft from thousands of stolen paypal and e-gold accounts. After Murdock's release in 2006 at the age of 19, Murdock was then indicted on another 17 counts of high-tech fraud and was linked to numerous underground "cracking communities" and forums. Murdock will be released from prison in 2008, following a 5 year probationary period.
• David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.
• Celestino Canto- Creator of the celey Trojan & online theft from thousands of stolen paypal and e-gold accounts.

See also

• Computer crime
• Computer insecurity
• Computer security
• Grey hat
• Hacker (computer security)
• Hacker definition controversy
• Internet troll
• List of convicted computer criminals
• Phrack
• White hat

References