Highlights from an interview with a blackhat

By Najaf Ali

A lot of developers ask why I spend so much time trying to build awareness around web application security.

Interview with a blackhat on the White Hat Security Blog might shed some light about why I care so much for this subject.

Horrible people doing horrible things with computers

I think it is pretty obvious I’m a blackhat, so I social engineer to card.

I defraud people using social engineering.

Another area of “hacking” (I use the ” as DDoS isn’t really hacking) is botnet building and takedown orders. This is where most money in my opinion is made — where one day can bring in several thousand dollars.

I lease out my botnet for denial of service attacks to the highest bidder.

Now to discuss my personal favourite: porn sites. One reason why this is so easy: The admins don’t check to see what the adverts redirect to. Upload an ad of a well-endowed girl typing on Facebook, someone clicks, it does a drive by download again. But this is where it’s different: if you want extra details (for extortion if they’re a business man) you can use SET to get the actual Facebook details which, again, can be used in social engineering.

We do extortion too!

I knew of one group who took down cancer research website and extorted them after their race for life donation process was meant to start. They got their money, kinda sad really.

Horrible people, doing horrible things...

When a 0-day is released blackhats have used it for months.

How long do you think the recent Rails vulnerabilities have been doing the rounds?

I get asked a lot about what if my botnet gets used to target ‘rival’ pedophile sites? Well the fact is, pedos have their own botnets

More horrible people, doing horrible things with computers...

One quite well known guy who became well known for his ‘anti drug’ attacks was tracked down and killed. Apparently they killed his family as well but that isn’t my business to divulge.

Go read the original

All these snippets are taken out of context. I strongly recommend that you go read the original interview.