Ask HN: how do blackhats meet?

7 points by bachback ↗ HN
to defend attacks one has to understand the mentality of an attacker. hence white and black hats are indistinguishable. I assume black hats have a certain circle of trust the way they spread information. how do white hats learn about black hat activity? Kevin Poulsen wrote a story about Max Butler's CC forums, which got infiltrated by the CIA. I assume in the last 10 years the underground economy has grown considerably.

the reason I ask is I need a very high secured linux server with some inbound connections, but there is not much structured information out there.

8 comments

[ 4.1 ms ] story [ 29.1 ms ] thread
Blackhats are just people who abuse their Whitehat knowledge.

There is a plethora of IRC channels, forums, mailing lists and whatnot where people share that kind of stuff. Frankly, a bug report is something like sharing it, before its fixes it is a zero day exploit.

I think IRC is the easiest source. Although, a lot of the IRC channels are invite only and you will have to find a way to get invited.

Twitter is another source I've seen. "Blackhat" users will tweet about exploits they found.

A lot of anonymous channels are open to the public.

There aren't as many skilled anons as there used to be, but there are a few left. Just don't click on any links in the channel.

If you are going to be doing sysadmin work, and you want to get a feel for the attacker mentality, there are a few things you could do.

If you have the money, know at least 1 scripting language, and have an aptitude for technology, the OCSP certification course is pretty good.

If you want to go the cheaper route, there are lots of books. One introductory text a lot of people like is Hacking: the Art of Exploitation.

If you want to learn about web security, the Web Application Hacker's Handbook is a great book. For something less intensive, The Tangled Web would suffice.

If you want to learn to harden Linux servers, reedit.com/r/linuxadmin, /r/linux and /r/linux4noobs are great resources. Before you post questions, however, I suggest using the search function because lots of people ask for hardening guides.

Max Butler's forums got infiltrated by a task force composed of FBI and Secret Service personnel, not the CIA.

Black hats generally network on IRC. You sit on some public IRC channel, build rapport [1][2], and eventually get invited to private channels.

There are plenty of resources out there on how to harden your server and reduce attack surfaces. You just need to spend more time familiarizing yourself with the landscape and quantify your actual goals.

1. http://guerrillamerica.com/2013/12/source-recruitment/

2. http://guerrillamerica.com/2014/01/source-handling-part-one/

A lot of them meet in private invite-only forums. Krebs had some success infiltrating those forums but eventually got discovered.
thanks for the info. are other investigators doing the same thing. what is the spectrum here? for example anon is more political and sort of grey hat. but I find taking information in from MSM or even popular blogs is only scratching the surface.
What do you mean? As far as the forum members, they're as black as you can get. Though, some of them only sell the tools that enable illegal activities or exploits.