Black hat refers to hakers who breaks into a computer system or network with malicious intent. A black hat hacker may exploit security vulnerabilities for monetary gain; to steal or destroy private data; or to alter, disrupt or shut down websites and networks. The black hat hacker may also sell these exploits to other criminal organizations. The term black hat differentiates criminal hackers from white and grey hat hackers. These categories were inspired by Western movies, where the heroes could be identified by the white hats they wore and the villains by their black hats.
Categories of hackers
A gray hat hacker operates with more ethical ambiguity — while they do not hack into systems with the malicious goal of stealing data, they may be willing to use illegal methods to find flaws, expose vulnerabilities to the public or sell to government and intelligence agencies.
A black hat hacker is typically one that engages in cybercrime operations and uses hacking for financial gain, cyberespionage purposes or other malicious motives.
Laws and penalties against black hat hacking
These laws generally prohibit a person from conducting the following acts without authorization:
- accessing a protected computer, system or network;
- modifying or disclosing data held on a computer;
- transmitting malicious code in order to damage the system or data held on it;
- accessing a computer with intention to defraud; and
- trafficking computer passwords
The term protected computer is large in scope, referring to a computer used by, for instance, a financial institution or the U.S. government for commerce or interstate and foreign communication.
Notable black hat hackers
Mitnick had served time in prison for hacking into Digital Equipment Corporation’s computer network to copy their software. His second high-profile arrest in 1995 was as a result of his hack into Pacific Bell’s voicemail computers and other major corporations. He was charged with crimes such as wire fraud, unauthorized access to a federal computer and causing damage to a computer. He served five years in prison.
Since his release in 2000, Mitnick has worked in the cybersecurity industry in different capacities. He runs his own infosec consulting business called Mitnick Security, and he also serves as the Chief Hacking Officer at antiphishing vendor KnowBe4.
Gonzalez, also known as Segvec, was the leader of a major cybercrime scheme that resulted in some of the biggest data breaches in U.S. history. Over the course of several years, Gonzalez and other members of the Shadowcrew hacking group participated in the theft and sale of payment card account info from a variety of retailers, including the TJX Companies, BJ’s Wholesale Club, OfficeMax, Barnes & Noble and Sports Authority.
Gonzalez was charged with conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft related to the hacking and data breaches. He was sentenced to 20 years in prison.
Hector Xavier Monsegur
Monsegur, also known as Sabu, was a prominent member of Anonymous, an online hacktivist community, as well as a splinter group, LulzSec. He and his affiliated groups were responsible for participating in online attacks against companies like Visa, MasterCard and Sony, in addition to government-owned computers in several countries.
Monsegur was arrested in 2011, charged with several computer hacking charges, and faced up to 122 years in prison. He became an informant for the FBI, assisting in the arrest of other hackers. He served seven months in prison.
The U.S. Department of Justice indicted two members of the Russian intelligence agency, the Federal Security Service, and two hired hackers for hacking yahoo in 2014 and stealing information from over 500 million user accounts. The intention behind the hack, according to authorities, was to gather intelligence and for financial gain.
The first hacker, Karim Baratov of Canada, was arrested. The second hacker, Russian citizen Alexsey Belan, was well-known to U.S. authorities. Belan, also known as Magg, was previously indicted by federal authorities in 2012 and 2013 over the data breaches of several unnamed e-commerce companies. He was charged with several counts of computer fraud and abuse, access device fraud and aggravated identity theft.
Belan is still at large, and he is currently on the FBI’s Cyber Most Wanted list.
TechTarget is responding to readers’ concerns as well as profound cultural changes. In some cases, we are defaulting to industry standards that may be seen as linguistically biased in instances where we have not found a replacement term. However, we are actively seeking out and giving preference to terms that properly convey meaning and intent without the potential to perpetuate negative stereotypes.