How does look my private data from the hacker‘s view? What black hats find on you in the global network?
To look at your data from a black-hats view and know what they find on you in the global network, i.e., the Internet, you have to get in the shoes of a black-hat hacker and develop a hacker mindset. You will not find an article of this aptitude on any other site. I have shared my experience as an Ethical Hacker and cybersecurity expert.
But a layman can't become a black-hat in a day or think, act, and behave like one over the global network. If it were that easy, everyone would have been a black hat because we as teens or adults always had an unfulfilled fantasy of getting into someone's mobile, laptop, etc., and hack or spy.
Since you can't become a black-hat for a day, I got you covered.
As a cyber-security expert and researcher, I have been hunting cybercriminals and black-hats for a while now after handling around 200 cases of identity or personal data theft, ransomware, and cyber espionage, etc. So I can say that I have been into black-hat shoes a lot many times.
I would love to help the community because I believe black hats are a community issue. But, moreover, we find victims everywhere near us in our friends, family, and social circle, or you might have been a victim yourself. Therefore, we can protect the layman user of the Internet only by raising awareness.
The insights gained from the cases I solved have helped me read and understand the mindset of a black hat because I had to get into his shoes for assessing the situation, sensitivity of data, and possible methods to solve the case.
Below, I will discuss a black-hat mindset, including how they look for and use our personal information over the global network. Alongside, I will take you by depicting how a black hat pwns you by getting into his shoes.
Table of Contents
Disclaimer: Provided here information serves only for awareness purposes and doesn't call anybody starting any unauthorized activities on the Internet.
Please, use this information at your own risk.
You must have heard the term black-hat hacker many times over social media, news, or movies, but you might not know who a black-hat is?
A black-hat hacker is a notorious person who breaks into systems, personal devices, etc., with malicious intentions. The primary motive behind this is financial gains, spying, or cyber espionage. They tend to steal your credit card credentials, bank account details, and personal data.
The activities of black-hat range from compromising or exploiting an individual to large organizations, networks, and governments. Therefore, without any doubt, we can say that they are a significant threat to internet users and privacy.
Amazingly, Black-hats also have their rivals known as grey and white hats. The idiom "diamond cuts diamond" fits well here. The grey and white hacks possess the same skill set, but the only difference is that they use their skills ethically. Therefore, we also call them "Ethical Hackers".
You may get confused between the terms—black-hat and ethical hackers. Let me explain to you with my example.
I help people who get pwned (hacked) by a black hat without any personal gains involved. I use my skill set ethically and morally for the good purpose and abide by the law. I am always on the good side. Who am I? An Ethical hacker.
On the other hand, is the person who hacks you for personal and financial gains? He steals your data, spies on you. Moreover, Incur financial loss, data loss, and, in worst cases, a threat to life. He is always on the wrong side. Who is he? A black-hat criminal.
The below chapter will discuss how you get hacked (pwned) and what information black-hats look for on the Internet.
Back in the '90s, Email was the only communication method, and the only worry was confidentiality and integrity of Email.
Now in 2021, everything is connected to the Internet. Our smartphones, IoT devices, smart homes, appliances, etc., are continuously collecting, transmitting, and receiving data over the global network. Hence, we were being tracked and monitored 24/7. So, our privacy is already compromised even before the black hats target us.
Now, I will wear a black hat to demonstrate how a black hat would investigate and gather information about the target. Moreover, how will a black hat use that information to compromise and exploit the intended target?
Remember hacker's use the internet as a weapon, not a tool.
What black hats find on you on the Internet? The answer to this question is here.
I will give you a sneak peek of what I or a black hat can find about you by just knowing your IP address.
- Your location; longitudes, latitudes, city, country, postal code, ISP provider, etc.
- Open, ports, services running on ports, operating system including versions, etc... This scan is done by using a network scanner tool known as NMAP.
A black hat is a predator looking for prey.
As a black hat, I would search for easy prey. My primary aim would be to target a low-hanging fruit—which is easily accessible.
Individuals who very active on social media sites and the Internet are more likely to fall prey. I would search for such individuals over the global network because it would be easy for me to gather information about them. Individuals who can provide me monetary benefits would be my primary aim because I would not waste my energy and time on a person of no use.
I want to share this with people. A lot of people think it is next to impossible to get hacked. Others think that it is too easy to be hacked. Well, it is somewhere in the middle.
–Brian Self, an Ethical Hacker and a professional speaker
I would investigate the vulnerabilities of new devices and old ones and keep myself always up to date. My knowledge is my power. The more I know, the easy it would be for me to plan my attack.
Let me demonstrate by an example; suppose I want to select a target from my Instagram followers or target's account followers. I can get all the information by using an Instagram OSINT tool.
As you can see in the above picture, I got usernames, IDs, and emails of the target's followers. This is just a glimpse of black-hat operations. And there is a lot more to it, but I guess it is enough for you as a novice user to get aware of.
After the target is selected, the next important step is information gathering. The black hat would use all the information gathering techniques to collect relevant information, including Personally Identifiable Information (PII).
Personally Identifiable Information (PII) is defined by the Department of Labor as any information that can directly or indirectly identify an individual or a representative identification code used by institutions.
Always remember that hackers can turn your life into a nightmare by just using a few pieces of information.
Since all devices are connected to the Internet—via a central router provided by ISP, this is the foundation of a home network. All these devices are full of our PII, such as name, address, phone numbers, social media accounts, bank accounts, credit cards, driver's license, etc. The black-hats primary target is to compromise the home network of prey and steal all the data.
As a black hat, I would first look at all the dark websites and see if my target's data is already there or not. If the target has already been pwned, then it would make my work a lot easier. Amazingly, there are different sites available to check if you have been pwned or not.
Suppose I fail to get any information on the dark web. In that case, I will target his social media account and online presence. If I somehow use social engineering techniques and get access to his Facebook account, I would get all the personally identifiable information required to own my target.
Around 80% of social media users are not aware of the cons of giving out PII on such platforms. Researchers have observed that almost 50% of users have given out all their information publically. Therefore, such people make the work of black hats easier.
If my target is also among those 50% individuals, 80% of work is done already. Now, I have profiled my target. I know his likes and dislikes, interests, hobbies, family, friends, social circle, work location, home address, etc.
Here, I have profiled my target by just gaining access to his Facebook. Imagine how great havoc a black hat can create if he gets access to your all social media accounts, emails, mobile devices, etc.
In the next step, I will completely own my target.
In the last step, I will use all the information and insights collected in the above steps to own my target.
- Firstly, I will own your home network—gaining access to personal devices.
- Then, I will compromise your devices and spy on them.
- Furthermore, steal the critical data.
Once I get into your network, I will most likely revoke your access to the devices and ask for a ransom to open them up. This is how I will gain monetary benefits.
Alongside, I will keep spying on you to collect more and more data and then later sell it on the dark web. I will also blackmail to leak your data until you oblige me.
I would most likely use social engineering techniques to compromise your home network. I might send you a phishing email containing malware hidden behind a PDF document or an image as soon as you click on the attachment. Your device will be compromised, and I would have complete control over it.
From this onwards, the upcoming time would not be less than the worst nightmare for you. The only way to end this nightmare would be to oblige me and pay the ransom.
Image source – haveibeenpwned.com
According to current stats of 2021, a business is falling victim to a ransomware attack every 11 seconds. Let alone, Americans lose $15 billion annually due to identity theft attacks.
Around 2.5 billion accounts were hacked in 2020. This makes 6.85 million accounts per day and 158 per second. Additionally, mobile ransomware attacks have increased by 40%. This is an alarming rate, and now is the time that every internet user must get serious about personal data security and privacy.
In 2019, 3rd –party Facebook application developers exposed over 600 million user records on an Amazon cloud server. Just imagine how much destruction a black hat can create by just using these records.
This was just a glimpse of how a black hat looks for our data on the global network and uses it for malicious purposes or financial gains. There is a lot more to it. I will cover the security aspect of personally identifiable information in another article. Stay TUNED!
I hope you will have a clear picture of how black hats hack you and use your data. Let me know your feedback and questions in the comment section.