avast.lt

From small office to global company,
we’ve got you covered

What Is Hacking? What are the three types of hackers?

Depending on their motivations, hackers can be one of three types: black hat, white hat, or grey hat. Let’s take a look at who they are and what distinguishes them from one another.
Black hat hackers

A black hat hacker is the shady cybercriminal described above. They’re the ones cracking through cybersecurity systems to gain unlawful access to a computer or network. If a black hat hacker discovers a security vulnerability, they’ll either exploit it themselves or alert other hackers to the opportunity, typically for a price.

Most of the time, the ultimate goal of a black hat hacker is to make money, whether through direct financial theft, the sale of compromised information, or extortion. But sometimes, they’re simply looking to cause as much chaos as they can.
White hat hackers

White hat hackers are the counterparts to the black hats. They’re just as skilled, but rather than pursuing criminal ends, these kind souls apply their talents toward helping businesses shore up their digital defenses. A white hat hacker will intentionally attempt to crack a system, with permission from its owner, in order to identify weak points to be repaired. This type of work is also known as “ethical hacking.”

Many white hat hackers work in-house at large companies as one part of the organization’s larger cybersecurity strategy. Others offer their services as consultants or contractors, hired to test a company’s security. They may go beyond pe*******on testing — evaluating the strength of a cybersecurity system — to also test employees themselves with phishing campaigns aimed at securing their login credentials.
Grey hat hackers

Between those two sit the grey hat hackers. They’re not quite the paragons of altruism that white hat hackers are, nor are they dedicated to criminal acts. Where white hats obtain permission before probing a system for vulnerabilities, grey hats skip that part and head straight to the hacking.

Some grey hats behave like mercenaries, discovering weaknesses and then approaching the business to offer their services at a fee. Others hack in order to force a reluctant business to take action against a certain vulnerability. A notable instance of grey hat hacking in 2013 resulted in Facebook having to acknowledge and repair a security flaw after it previously ignored the hacker’s warnings.

The dark web: a primer for the rest of us
Understanding the difference between the public web, the deep web and the dark web.

What is the dark web?

Most of us tend to think about the web as a single destination, available through our browsers on our laptops and phones. But over the years it has evolved into three very different parts: the clear or public web, the private or deep web and the darknet or dark web. In this primer, we explain their differences, what kinds of information can be found in each part, and why you need to protect yourself when you access this content. As you can tell by the fact that we list different terms, there is no hard and fast division among the three pieces. Here is a good explainer published by the FBI back in 2016, which is somewhat outdated but a useful starting point.

The public web is the web that most of us are very familiar with: the sites that are run by the major dot com businesses, the SaaS sites that provide our software for running common office applications and email, and so forth. This is the data that freely flows between our computers every day. These sites are searched and recognized by Google and other search engines. If you have a web security tool, this is the part of the web that is their focus. Most of the security products give the other parts of the web short attention, if at all.

But when we move to the private web, we come to a part of the online world that isn’t easily indexed by the search engines or covered by security tools. This includes private Intranets, instant messaging (IM) services, chat rooms, discussion forums and private databases that are behind various firewalls or that have no public Internet footprint. Until a few years ago, most hackers didn’t focus on using these areas to gain footholds into business networks but that has changed. As IM usage has taken off (with Microsoft Teams, Slack and other services), adversaries have created tools that can leverage the lack of much built-in security across these services. This makes IM a prime target of opportunity for phishing-like attacks in particular. As an example of the increasing threats that can be found coming from private web sources, just look at the number of Slack add-on security tools.

Finally, there is the dark web. This portion of the online world is much more difficult to get our hands around. Like the private web, these sites take pains to not appear on search indexes, mainly because some of them offer illegal goods and services, including drugs, stolen data (such as credit card numbers) and hacking tools. Not all its content is illegal, but there is a lot that could be questionable.

Examples of this dark web content includes:

Places where you can hire hackers to break into networks
Drugs and other illegal items
Lists of username/password pairs taken from data breaches
Tutorials on how to use computing tools, especially those that relate to hacking, malware writing, exploitation and code cracking
Financial data on companies that could be available from a public site or data breaches.
Compromised sites and suspicious domains for sale
Source codes of “undetectable” malware that are for sale
Directories of command and control servers for hire for launching DDoS and other attacks
URLs of malware file-sharing sites
Censored content of all kinds

To access the dark web usually requires a special browser called Tor. Most estimates peg its popularity to about five percent of the total Internet content and traffic. They use the naming conventions of .onion domains instead of .com or .net. For example, this link will take you to a list of hard-to-find printed books. Even Facebook has its own presence on the dark web. Why would legitimate businesses have these sites? They can be used to help their developers understand how to use them, and how to protect their data. You’ll notice that these sites have very convoluted domain names: their owners want to make it harder to track and find them, unlike the public web where your brand name is often synonymous with your domain name.

Most of the denizens of the dark web are scammers and swindlers, looking to separate you from your money and your data. These scammers are constantly on the move, trying to stay ahead of law enforcement and vigilantes who are trying to expose their scams. The dark web sites themselves are also on the move as they can be common targets on denial of service attacks. This means that a lot of material is outdated. And as you might expect, the coins of this realm are cryptocurrencies such as bitcoin that make it hard to know exactly whom you are doing business with.

Why does the dark web matter to ordinary web users?

Let’s look at two different perspectives for why ordinary web users should care about the dark web. There is the interest for cybersecurity professionals, who have three basic concerns: first, it is useful to know if your business brand has been mentioned there. This could harm your reputation or confuse your potential customers with someone who is trying to sell fake goods and services. It could also indicate that some data has been leaked from your company.

A second reason is that these dark web mentions could be examples of an early threat warning before malware is detonated across the public web. Because there are so many threat actors that operate on the dark web, you can find out what they are planning and what malware they are testing before the attacks are seen anywhere else.

Finally, the dark web is getting darker. It is increasingly occupied by professional criminals and not just script kiddies or society misfits. The exploits are getting more sophisticated and malware obfuscation tools and techniques are being increasingly seen and traded.

But even if you aren’t a cyber professional, you should still be concerned about the dark web, because your private data could exist on one or more of the stolen credential databases that are being traded online.

What can you do about it?

There are a variety of information sources that can be used to investigate whether your private data has found its way to the dark web. Troy Hunt’s HaveIbeenPwned.com keeps track of millions of logins across years of collecting them from various breaches. It is a good first place to start and you can set it to notify you when your email account has been found in a new collection.

Avast’s BreachGuard is another tool that can alert you if your information is involved in a breach. It scans the dark web daily looking for your information and alerts you if it is found. It also contains tips on how to keep yourself protected and ways to find out if your information is out there. Information on the Avast BreachGuard product can be found here.

How to protect your personal data online

Given that a lot of dark web content has to do with your credentials, a good place to start thinking about how to protect yourself from ending up on these databases is to strengthen your login authentication. The first thing to do is to eliminate your own password reuse. Yes, it is convenient to have the same password for multiple sites, but, that is giving criminals an easy way to compromise your identity. There are a couple of tools that can be useful here, including a password manager (such as Lastpass and 1Password) and a smartphone authentication app (such as Google Authenticator and Authy).

Second is to minimize your data footprint. Here are a few examples of how to do this:

Do you really need to provide your birthday to anyone on social media? Sure, it is nice to get e-greetings at that time of year, but this just makes it easier for hackers to masquerade as you. Your real-life friends will know your birthday, let’s just leave it at that. If you must provide a date, use something that is obviously false like January 1 or April 1.
Don’t fill out every field in a form that requests private information. For example, do you really need every airline and travel site to have your passport number on file?
Think about using a payment processor that can anonymize your credit card data. Services such as Google and Apple Pay can make it harder to intercept your data when checking out at an ecommerce site, for example.

As you can see, protecting your data from reaching the dark web isn’t a simple process, and will require a series of careful steps.

What are FragAttacks? A new series of attacks against almost every Wi-Fi router has been posted called FragAttacks. Anyone who can receive radio signals from your router or Wi-Fi hotspot can use these vulnerabilities and steal data from your devices. The issue is the design of the Wi-Fi protocols themselves, along with programming errors to certain Wi-Fi devices. Some products have multiple issues and a dozen different CVEs have been posted that document them.

The vulnerabilities were discovered by Mathy Vanhoef, who will be back teaching in the fall at KU Leuven University in Belgium and has worked with a team at New York University in Abu Dhabi. The group tested more than 75 different devices and discovered flaws in Wi-Fi protocols going back to the turn of the millennium. He will present papers at various information security conferences this summer. (His presentation at USENIX is already available.)

Vanhoef isn’t new to Wi-Fi exploits: he discovered the Krack attack back in 2017. This uncovered a problem with the WPA2 protocols, which is one of the reasons why you should no longer use them.

The good news is that the protocol design flaws aren’t easy to take advantage of and there hasn’t been any evidence that any attacker has actually exploited these flaws — at least, not yet. The bad news is that the programming errors are almost trivial to exploit. Lifehacker says that the vulnerabilities are “thankfully obscure enough and require just enough of a physical presence that you should be fine as long as you’re staying on top of your security and updates — which you should be doing anyway.”

In this screencast demo, you can see how the researchers clone the wireless access point to operate on a different channel (one that they can use to record network traffic and take control over an outdated Windows 7 machine). It relies on some very careful elements, such as using a malicious source of DNS, packet injections and firewall bypasses.

As mentioned earlier, it's unlikely that FragAttacks are something that you'll need to worry about. Certainly, you should consider protecting your data by improving website security to always use HTTPS to encrypt all traffic. Many mobile web apps are now using this by default, which means that mobile users can’t be compromised by FragAttacks. You should pay careful attention to logins to websites to ensure they take place over encrypted connections.

Second, use this as a reminder that you need to update your Wi-Fi and broadband firmware regularly. Check to see if your vendor has announced fixes. The researchers have worked on a coordinated disclosure with many of the leading Wi-Fi vendors and organizations over the past nine months to try to get these fixed.

FragAttacks: Demonstration of Flaws in WPA2/3 This is not a "hacking" tutorial but a demonstration about academic IT security research. Made by Mathy Vanhoef of New York University and KU Leuven. The too...