Skip to main content

If you watch the news and keep up with technology, you know what a hacker is, but you may not realize hackers fall into different categories known as Black Hat, White Hat, and Gray Hat. The terms derive from the color coding scheme found in 1950s westerns, where the bad guys wore black hats, and the good guys wore white or other light colors.

Black Hat hackers are criminals who break into computer networks with malicious intent. They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information.

While hacking might have become a major intelligence gathering tool for governments, it's still more common for Black Hats to work alone or with organized crime organizations for easy money. The WannaCry ransomware released in May 2017 is one example. Within the first two weeks of its release, it infected approximately 400,000 computers in 150 countries. Fortunately, security experts released decryption tools within days of WannaCry's appearance, and their fast response time limited extortion payments to about $120,000 — slightly more than 1 percent of the potential haul.

Hacking is a business

Many Black Hat hackers started as novice "script kiddies" using purchased hacker tools to exploit security lapses. Some were trained to hack by bosses eager to make a fast buck. The upper echelon of Black Hats tends to be skilled hackers who work for sophisticated criminal organizations that sometimes provide collaboration tools for their workers and offer service agreements to customers, just like legitimate businesses. Black Hat malware kits sold on the Dark Web (the part of the internet deliberately hidden from search engines) sometimes even include warranties and customer service.

Not surprisingly, Black Hat hackers often develop specialties, such as phishing or managing remote access tools. Many get their "jobs" through forums and other connections on the Dark Web. Some develop and sell malicious software themselves, but others prefer to work through franchises or through leasing arrangements, just like in the legitimate business world.

Distributing malicious software isn't difficult, partly because hacking today operates like big business. Organizations boast partners, resellers, vendors, and associates, and they buy and sell licenses for malware to other criminal organizations for use in new regions or markets.

Some Black Hat organizations even have call centers. The phone scam involving a hacker claiming to work for Microsoft who calls to help with a problem is one example of how call centers are used. In this scam, the hacker tries to convince potential victims to allow remote access to their computers or to download software. When the victim grants access or downloads the recommended software, it allows criminals to harvest passwords and banking information or surreptitiously take over the computer and use it to launch attacks on others. To add further insult, the victim is typically charged an exorbitant fee for this "help."

Many hacks are swift and automated and don't involve human contact. In these cases, attack bots roam the internet to find unprotected computers to infiltrate. In one experiment, a group of computers put online by the BBC was attacked in 71 minutes. In the same experiment, email accounts for fake employees attracted phishing attacks 21 hours after they were established. Of those attacks, 85 percent included malware attachments, and the remainder had links to compromised websites.

Black Hats are global

The Black Hat hacking problem is global, which makes it extremely difficult to stop. The Microsoft phone scam, for instance, resulted in the arrest of four people in the UK, but the calls actually originated in India. That means the larger enterprise remains intact.

The challenges for law enforcement are that hackers often leave little evidence, use the computers of unsuspecting victims, and cross multiple jurisdictions. Although authorities sometimes succeed in shutting down a hacking site in one country, the same operation may have multiple nodes in many countries, allowing the group to operate 24/7.

The best protection is to be proactive by keeping your firewall turned on, updating and running reputable antivirus software and antispyware applications, and immediately installing all operating system updates. Additionally, don't download anything from unknown sources and disconnect your computer from the internet or turn it off when you aren't using it, to reduce exposure to hackers.

What is a Black-Hat hacker?

Black Hat hackers are criminals who break into computer networks with malicious intent. They may also release malware that destroys files or steals passwords.
Kaspersky Logo