In 2015, American news network CBS Miami published an interview with Greg Hanis, a former black hat hacker, who explained how hackers operate and gave insights on how hackers think.
This story has been rewritten based on the article originally published on the CBS Miami website.
BY a few clicks, Greg Hanis showed CBS4 a screen filled with credit card numbers and expiration dates. As a former black hat hacker, Hanis was experienced with the dark web, and showed CBS4 an online forum where people buy and sell credit card numbers for cheap.
Hanis detailed how transactions, financed using online currency called Bitcoin, are essentially anonymous. “I don’t know where this guy is. He could be in Florida. He could be right down the road. All I know is that’s his email. Mary Snow. And he has a bunch of credit cards.”
Hanis estimates that information on a stolen Visa Classic can go for $15, but it really depends on the kind of card. “If it’s a gold or a Platinum card you can get $28,” he explained, since higher credit limits fetch for higher prices.
Hanis went on to explain that credit cards aren’t even the most valuable items on the black market. An identity is worth $5,000 – $10,000 – for a “good one”, at least. Hanis said that identities sell more than the credit card numbers because with a good stolen identity, you can “be” someone else when committing crimes.
When asked whether catching a fish or stealing someone’s identity is easier, Hanis said that committing identity theft was much easier. “Because to get a fish you got to get a fishing pole and bait the hook. You’ve already spent like five minutes doing that right and going down to the water. By then I would have already had your identity and signed up a whole EBay account under your name?”
Hanis had begun hacking since he was “a kid”, and it had escalated so much that he could no longer control himself. “I just wanted to know more, more, more. It was like an addiction. I was on drugs every time I was on the computer. I would go days without sleeping or eating and just be on the computer,” Hanis recalled. He became very good until the line between what was legal and what was not no longer existed.
Eventually, Hanis landed in prison after a hacking stunt on AT&T’s website, after he attempted to correct his phone bill. He took out AT&T’s network for two days in the process.
Two types of hackers
Much like in fantasy stories where there are Jedi/Sith or wicked witches/good witches, the realm of cybercrime also employs hackers who can be on either side of a moral spectrum.
Black hat hackers, as Hanis formerly was, are the “bad guys” who hack to steal and to “inflict cyber pain.”
There are also white hat hackers (which is what Hanis is, at present), who use their hacking skills for good – such as stopping black hat hackers and looking for gaps in online security so a website can be strengthened.
“For every one of us there is probably a thousand plus of them [black hat hackers], no, even more than that. Ten thousand of them,” he said. “More fraud, stolen transactions, money is being crossed right now than people play in online poker or robbing banks.”
Hanis stated that his priorities have shifted since he began tracking down black hat hackers to expose them.
“I don’t really care about the ones that are doing it for their fame or kicks and giggles or political reasons, unless it’s directly affecting me. But the ones that are out their stealing stuff, because that could be my grandma, I would go out there and track those guys down and release their docs which is all their personal information, phone numbers, their addresses, their parents numbers, their car. Whatever I can find out about them,” said Hanis.
Security advice from a former black hat
The biggest threat out there, according to Hanis, is the internet, since everything you send and receive is at risk. During his interview with the CBS4 staff, he was recording everything being sent from their phones and computers over the Wi-Fi network.
“I’m just collecting it because it’s in the air,” he said. “There is no law against stuff that’s in the air. It’s passing through my body right now. So it’s mine. I consider it my property.”
Hanis had grabbed “anything” he could get his (virtual) hands on – cell phone transmissions, pagers, and the like. “Everything travels. You’re internet because you’re connected to the Wi-Fi.”
Surprisingly, there is nothing illegal about this. Hanis’ attorney, Rene Palomino, confirmed it. “Generally speaking, he is right. Generally speaking just by the information being out there and you having access to it, where anybody from the general public has access to it, it’s what you do with it that counts.”
CBS4 tried to check with Florida’s State Attorney’s office to prove this, but were unable to get anywhere. In other words, technology is moving so fast that the line between black and white hat hacking is sort of gray.
Knowing that, Hanis gave advice to better protect yourself.
The first tip is to stay away from free Wi-Fi networks, as the most basic hackers can get to you through these. “It’s general knowledge,” said Hanis. “It’s like our ABC’s. You got to know how to break into Wi-Fi’s.”
Secondly, Hanis advises to change your password for social media. “You use a different password for that compared to all your other accounts,” he said.
His final tip was to use only secure websites when entering personal information. This was echoed by Palomino, who explained that he prefers paying in cash rather than using credit cards, and warns against Facebook. “All you are doing is exposing more information than you realize for hackers,” he explained.
This article is part of the Banker’s Association of the Philippines’ (BAP) #CyberSafe campaign, where the BAP aims to promote awareness in cybersecurity. The campaign will upload new posts tackling common web security questions and issues, on Wednesdays and Sundays every week.
For more content on cybersecurity, visit the BAP Official YouTube channel.