Black hat refers to a hacker who breaks into a computer system or network with malicious intent. A black hat hacker may exploit security vulnerabilities for monetary gain; to steal or destroy private data; or to alter, disrupt or shut down websites and networks. The black hat hacker may also sell these exploits to other criminal organizations. The term black hat differentiates criminal hackers from white hat and grey hat hackers. These categories were inspired by Western movies, where the heroes could be identified by the white hats they wore and the villains by their black hats.
Categories of hackers
A white hat hacker, or an ethical hacker, is the antithesis of a black hat hacker. White hat hackers are often hired by organizations to conduct penetration tests and vulnerability assessments on their systems to improve their security defenses. They conduct tests and attacks on websites and software in order to identify possible vulnerabilities, while also following established rules, such as bug bounty policies. They will notify the affected vendor of any issues directly so that a patch can be released to fix the flaw.
A gray hat hacker operates with more ethical ambiguity -- while they do not hack into systems with the malicious goal of stealing data, they may be willing to use illegal methods to find flaws, expose vulnerabilities to the public or sell zero-day exploits to government and intelligence agencies.
A black hat hacker is typically one that engages in cybercrime operations and uses hacking for financial gain, cyberespionage purposes or other malicious motives.
Laws and penalties against black hat hacking
U.S. law can punish black hat hackers under a number of computer crime statutes and state and federal laws, with penalties like being charged with different classes of misdemeanors and felonies that include fines, jail time or both. Some notable laws include the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act.
These laws generally prohibit a person from conducting the following acts without authorization:
- accessing a protected computer, system or network;
- modifying or disclosing data held on a computer;
- transmitting malicious code in order to damage the system or data held on it;
- accessing a computer with intention to defraud; and
- trafficking computer passwords.
The term protected computer is large in scope, referring to a computer used by, for instance, a financial institution or the U.S. government for commerce or interstate and foreign communication.
Certain laws have been passed to help law enforcement agencies investigate and locate criminals, such as black hat hackers. The Cyber Security Enhancement Act and the Communications Assistance for Law Enforcement Act grant law enforcement agencies the permission to access data stored by an internet service provider without a warrant in certain circumstances, as well as to access modified telecommunications devices and facilities that can help in authorized electronic surveillance.
Notable black hat hackers
Mitnick had served time in prison for hacking into Digital Equipment Corporation's computer network to copy their software. His second high-profile arrest in 1995 was as a result of his hack into Pacific Bell's voicemail computers and other major corporations. He was charged with crimes such as wire fraud, unauthorized access to a federal computer and causing damage to a computer. He served five years in prison.
Since his release in 2000, Mitnick has worked in the cybersecurity industry in different capacities. He runs his own infosec consulting business called Mitnick Security, and he also serves as the Chief Hacking Officer at antiphishing vendor KnowBe4.
Gonzalez, also known as Segvec, was the leader of a major cybercrime scheme that resulted in some of the biggest data breaches in U.S. history. Over the course of several years, Gonzalez and other members of the Shadowcrew hacking group participated in the theft and sale of payment card account info from a variety of retailers, including the TJX Companies, BJ's Wholesale Club, OfficeMax, Barnes & Noble and Sports Authority.
Gonzalez was charged with conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft related to the hacking and data breaches. He was sentenced to 20 years in prison.
Hector Xavier Monsegur
Monsegur, also known as Sabu, was a prominent member of Anonymous, an online hacktivist community, as well as a splinter group, LulzSec. He and his affiliated groups were responsible for participating in online attacks against companies like Visa, MasterCard and Sony, in addition to government-owned computers in several countries.
Monsegur was arrested in 2011, charged with several computer hacking charges, and faced up to 122 years in prison. He became an informant for the FBI, assisting in the arrest of other hackers. He served seven months in prison.
The U.S. Department of Justice indicted two members of the Russian intelligence agency, the Federal Security Service, and two hired hackers for hacking Yahoo in 2014 and stealing information from over 500 million user accounts. The intention behind the hack, according to authorities, was to gather intelligence and for financial gain.
The first hacker, Karim Baratov of Canada, was arrested. The second hacker, Russian citizen Alexsey Belan, was well-known to U.S. authorities. Belan, also known as Magg, was previously indicted by federal authorities in 2012 and 2013 over the data breaches of several unnamed e-commerce companies. He was charged with several counts of computer fraud and abuse, access device fraud and aggravated identity theft.
Belan is still at large, and he is currently on the FBI's Cyber Most Wanted list.