In the grip of the black hats

What do all hackers have in common? A passion for technology, says cyber expert Lucas Will. In a guest post, he shows that not all hackers are criminals. But when the dark side strikes, the situation quickly becomes dangerous for companies.

I made my first foray into the hacker scene when I was still in school, inspired by a classmate. But if you are expecting a story here about my criminal past, you’ll be sadly disappointed.


Your point of contact

Michael Winte
+49 40 35914-0

Lucas Will

Lucas Will has 20 years of experience in IT security and was even a hacker himself before founding his own IT security firm in 2006. Today he works as a freelance corporate consultant.

The hackers I know, both male and female, aren’t living a life of crime. What unites them is their fascination for networks, their passion for technology and their desire to shine a light on security vulnerabilities. They are a real force for the common good, many of them plugging up gaps in security in their spare time. Some of them are even true experts in their fields, be that processor architecture or the structure of operating systems. Perhaps you’re thinking, OK, so if hackers are just people who really love technology, why do hacker attacks cause billions of euros of damage to the economy every year? Put it this way: the tools hackers develop are neutral in themselves, but can be used for other, more nefarious purposes.


A look at the dark side

The hacker scene I know is not criminal. But of course it does have a dark underbelly that in many ways follows the classic cliché of shadowy figures in hoodies. These ominous characters are often called ‘black hats’ or even criminal hackers – the opposite of the ‘white hats’ or ethical hackers.

Regardless of the terms used, however, you can say that there are hackers, and then there are criminals who use their hacking skills to commit crimes. In this context, recent years have seen a steady rise of organised groups who carry out campaigns with department-like precision: extortion, break-ins and data theft, or trading in stolen data on the dark web.

The methods they use are becoming increasingly complex: using hacking tools that exploit IT system vulnerabilities, black hats often attack lots of different servers and create what are known as ‘back doors’ in them. They can then access their victims’ systems through these back doors and restrict the availability of services or data. The criminals basically become providers of infrastructure for acts of sabotage. Another popular ploy is to hide illegal websites on the computers of rather inconspicuous medium-sized businesses.


Optimising profits and processes

Criminal use of ransomware is the most well-known tactic thanks to reporting in the media on WannaCry, NetPetya and the like. Encryption Trojans such as these can be used to paralyse entire file systems, only releasing them again once a ransom has been paid. Attacking the system at the start of these types of extortion campaigns is the most difficult part; after that, the black hats only need simple technical knowledge. And underbelly or not, like more above-board operations, there is also a trend here of working to optimise profits and processes: Trojans and the ransom amount are tailored to the individual victim, while for malware there is actually proper manufacturer support for reporting problems.

Incidentally, company employees still make the best accomplices for these criminals, albeit usually unwittingly. Phishing – gaining access to data through fake websites and emails – is also a widely used method among black hats. Companies should therefore regularly provide training to their teams. Another helpful strategy is to identify critical systems and processes in order to give them special protection. After all, the same rings true both for the hacker scene and for that email congratulating you on your million-euro win: don’t take everything at face value – not everything is as it seems.