Image by © Robert Colburn for openphoto.net
Chances are, you don't understand how to use the internet. You think you do, but are you even aware of the scale of it? It's fucking massive. Unless you are the number-one person in the entire world at understanding the internet, there is always someone who knows more about it than you do. And like the universe, it is constantly expanding. It's not like TV, which you've mastered as soon as you've figured out how to record stuff, or radio, where tracking down pirate frequencies represents a glass ceiling for listener expertise. If, like me, you don't really understand what the "deep web" is, and you use the internet mainly to flit between the same five sites every day, then you're basically only using a tiny sliver of it. In relative terms, it'd be like staring at the same six pixels of an HD TV, in grainy black-and-white, for days on end.
Typing the above paragraph gave me a panic attack, so I decided to get in touch with some members of the hacking forum Basehack to try and understand the murky seabed of the deep web a little better. The guys I got in touch with—Stain, Stacks, BreShiE, and TFC (the Fail Collective)—mostly describe themselves as black-hat hackers, a.k.a. unethical hackers who operate under a very loose moral code. They spend their time outsmarting and blackmailing large businesses and, with enough dedication, can apparently make up to hundreds of thousands of dollars a year. They all said that hacking charity or altruistic sites was a no-no, and agreed that people or businesses being stupid was often their main incentive for breaking their way through firewalls.
Stain told me, "When you have no real regard for your actions, with no real regard for anyone else or their feelings, the world opens itself to you happily." Which seemed a little callous, but depressingly true. Stain also explained that there are a million ways to make money as a black hat, with the most widely used technique being carding, where you steal someone's credit card information and use their details to order stuff online.
A friendly message from the Basehack team.
Carding, Stain explained, "is too often seen on forums, and it's depressing how easy it is. Google Wallet, for example, has opened itself to the next wave of people planning to card. With the lax IP login protection and pathetic payment system, I won’t be surprised when I hear it's become the next generation of carders' best friend."
When I asked what other methods black hats use to make money, Stacks told me, “You could host a botnet or sell the botnetted computers, steal credit cards, provide DDoSing/stressing services, hack sites, and lots more for money. There are people who will pay thousands for an extremely simple job. You could also install things like Bitcoin or Litecoin [another cryptocurrency similar to Bitcoin] miners on the computer of a slave [a person whom you've infected].”
A popular method with those controlling botnets, I discovered, is to contact online casino sites and demand a ransom, threatening to barrage and crash their site with a DDoS attack if they don't comply—a 2.0 Ocean's Eleven; cyber-Clooneys without the wet-look hair gel and Oakleys. And it's not often that they fail to achieve results, as the majority of these sites' losses will be greater if they're forced offline instead of just paying up.
I asked Stacks how much money you can make doing this kind of thing. “If you're skilled, a lot," he answered. "We're talking hundreds of thousands of dollars here. On the underground market, people will pay around $15 for a couple of hundred botnet slaves. With a decent amount of slaves, you can make hundreds a week just off of that. If you install, let's say, a Litecoin miner on a slave with a decent computer, you could be making a pound off of every slave a day. For credit cards, I don't even have to answer that one. You can make a lot if you take risks. I don't support that at all, though.”
Photo via
But those risks are met with laughter when I ask the black hats about issues surrounding anonymity. Stacks explained that remaining anonymous is, "very easy—common sense is the only thing you need, really. Use a service such as Tor or I2P, don't connect your accounts or leave hints that you're connected, and don't brag about what you do. And never connect your real name with your online identity.”
I found that reasonably hard to believe—surely big business and government organizations would have the resources to track you down? It all depends on who you're targeting, Stacks agreed—attacking small local businesses isn't too much of a worry, but attacking a government website could obviously have much more serious consequences.
Once we were done with the money discussion, I turned my attention to why and how people become involved in black-hat hacking. BreShiE was quick to tell me that there's a lot of contention about the definition of various genres of hackers, and that he identified as a gray-hat hacker—a mixture of both black hat and white hat (white-hat being the good guys who generally do stuff like test websites' security for them). "I sometimes hack for personal gain, but most of the time to benefit the website itself," he explained.
Stain, however, told me he that liked being an out-and-out black-hat hacker for several reasons: “Power, money, exclusivity, and knowledge are all things that come with being a black-hat hacker," he said. "The things you learn as a black hat are invaluable compared to the extensively large and retarded archives that some notable ethical hacking forums harbour.”
No comments:
Post a Comment