Chances are, you don't understand how to use the internet. You think you do, but are you even aware of the scale of it? It's fucking massive. Unless you are the number-one person in the entire world at understanding the internet, there is always someone who knows more about it than you do. And like the universe, it is constantly expanding. It's not like TV, which you've mastered as soon as you've figured out how to record stuff, or radio, where tracking down pirate frequencies represents a glass ceiling for listener expertise. If, like me, you don't really understand what the "deep web" is, and you use the internet mainly to flit between the same five sites every day, then you're basically only using a tiny sliver of it. In relative terms, it'd be like staring at the same six pixels of an HD TV, in grainy black-and-white, for days on end.
Typing the above paragraph gave me a panic attack, so I decided to get in touch with some members of the hacking forum Basehack to try and understand the murky seabed of the deep web a little better. The guys I got in touch with—Stain, Stacks, BreShiE, and TFC (the Fail Collective)—mostly describe themselves as black-hat hackers, a.k.a. unethical hackers who operate under a very loose moral code. They spend their time outsmarting and blackmailing large businesses and, with enough dedication, can apparently make up to hundreds of thousands of dollars a year. They all said that hacking charity or altruistic sites was a no-no, and agreed that people or businesses being stupid was often their main incentive for breaking their way through firewalls.
Stain told me, "When you have no real regard for your actions, with no real regard for anyone else or their feelings, the world opens itself to you happily." Which seemed a little callous, but depressingly true. Stain also explained that there are a million ways to make money as a black hat, with the most widely used technique being carding, where you steal someone's credit card information and use their details to order stuff online.
A friendly message from the Basehack team.
Carding, Stain explained, "is too often seen on forums, and it's depressing how easy it is. Google Wallet, for example, has opened itself to the next wave of people planning to card. With the lax IP login protection and pathetic payment system, I won’t be surprised when I hear it's become the next generation of carders' best friend."
When I asked what other methods black hats use to make money, Stacks told me, “You could host a botnet or sell the botnetted computers, steal credit cards, provide DDoSing/stressing services, hack sites, and lots more for money. There are people who will pay thousands for an extremely simple job. You could also install things like Bitcoin or Litecoin [another cryptocurrency similar to Bitcoin] miners on the computer of a slave [a person whom you've infected].”
A popular method with those controlling botnets, I discovered, is to contact online casino sites and demand a ransom, threatening to barrage and crash their site with a DDoS attack if they don't comply—a 2.0 Ocean's Eleven; cyber-Clooneys without the wet-look hair gel and Oakleys. And it's not often that they fail to achieve results, as the majority of these sites' losses will be greater if they're forced offline instead of just paying up.
I asked Stacks how much money you can make doing this kind of thing. “If you're skilled, a lot," he answered. "We're talking hundreds of thousands of dollars here. On the underground market, people will pay around $15 for a couple of hundred botnet slaves. With a decent amount of slaves, you can make hundreds a week just off of that. If you install, let's say, a Litecoin miner on a slave with a decent computer, you could be making a pound off of every slave a day. For credit cards, I don't even have to answer that one. You can make a lot if you take risks. I don't support that at all, though.”
But those risks are met with laughter when I ask the black hats about issues surrounding anonymity. Stacks explained that remaining anonymous is, "very easy—common sense is the only thing you need, really. Use a service such as Tor or I2P, don't connect your accounts or leave hints that you're connected, and don't brag about what you do. And never connect your real name with your online identity.”
I found that reasonably hard to believe—surely big business and government organizations would have the resources to track you down? It all depends on who you're targeting, Stacks agreed—attacking small local businesses isn't too much of a worry, but attacking a government website could obviously have much more serious consequences.
Once we were done with the money discussion, I turned my attention to why and how people become involved in black-hat hacking. BreShiE was quick to tell me that there's a lot of contention about the definition of various genres of hackers, and that he identified as a gray-hat hacker—a mixture of both black hat and white hat (white-hat being the good guys who generally do stuff like test websites' security for them). "I sometimes hack for personal gain, but most of the time to benefit the website itself," he explained.
Stain, however, told me he that liked being an out-and-out black-hat hacker for several reasons: “Power, money, exclusivity, and knowledge are all things that come with being a black-hat hacker," he said. "The things you learn as a black hat are invaluable compared to the extensively large and retarded archives that some notable ethical hacking forums harbour.”
Some hacking porn from TFC.
That sentiment seemed to be a popular one among the group I spoke to, with the majority of them using "scum" as a byword for white-hat hackers. I asked TFC why white-hat hackers are scum and he told me, “They publicly release website vulnerabilities with instructions [on] how to exploit them. They are the reason skids ['script kiddies', who use prewritten hacking programs] exist." Skids, in case you hadn't figured it out, are viewed as the lowest of the lot in the hacking community—the armchair anarchist to TFC et al's Brigate Rosse authenticity.
Stacks held similar views: “In most people's eyes, they're viewed as scum—people who give script kiddies and leeches exploits [easily hackable points on websites] and tell idiots how to patch them instead of letting them learn themselves. Most companies will just patch the bug and won’t even thank you when you tell them about it. These are the people who support idiots such as them.”
When I asked the Basehack members what they thought of hacktivism—or internet activism—I wasn't particularly surprised (given their interests in money and power) that they didn't seem to give much of a shit. BreShiE, the grey-hat hacker, told me that he used to be involved in hacktivism. “I've held many DDoS attacks previously against sites like the English Defence League's website," he explained. "But I haven't undertaken any hacktivist attacks against anything too serious, like North Korea or its affiliated websites, as I realize the devastating effects that could have on the world. When nuclear weapons are involved, I think it's stupid for people to interfere.”
That discussion led into one about Anonymous, who the members of Basehack agreed were more of a detriment to internet freedom than anything else. According to BreShiE, Anonymous is an idea—and a great one at that—but he hates the fact that the idea manifests itself in a bunch of 12-year-olds claiming to be master hackers while mostly just using simple programs to perform DDoS attacks. Which seemed like more hacker snobbery at first, but began to make sense as the group continued.
One of Anonymous' flags. Photo via
"You wouldn't see things like CISPA, SOPA, etc. coming into play if it wasn't for groups like Anonymous and LulzSec," TFC told me, before explaining that his name—the Fail Collective—was inspired by the work of Anonymous. From what I could gather, it's the general opinion in the more "legitimate" black-hat (if that word can be applied here) community that the blanket banner of Anonymous encourages excitable preteens to do stupid, brazen shit that negatively affects the entire internet community.
Stacks has an interesting view of the internet. He compared it to the real world, saying, “You have your normal people, you have the bad people, like drug dealers and everyone else who normally hide on the deep-web online. And you have the people who use graffiti to represent their turf or gang and have gang wars and all that—who are the hacking groups online—and anything else you can think of. It's a place that should be free and open. The government is also trying to censor it and control it because they know it's as useful as controlling the real world. This is why we mustn't let it happen and fight to keep our rights.”
I came away conflicted after my chat with the hackers; they were all perfectly pleasant and it was hard not to agree with them when it came to internet freedom. But they were also openly admitting to having no real regard for anyone's feelings and stealing thousands of dollars of others people's money. Which clearly aren't the kind of things you should be endorsing unless you're a complete dick.
However, they were also undoubtedly very smart. So let's just hope they find a way to use that intelligence for something worthwhile, as opposed to scamming credit cards and getting angry about children.
Since speaking to the Basehack hackers, basehack.com has been taken offline, but the members assured me it would be back online under a new name very soon.
More stuff about hacking: