

Ask HN: how do blackhats meet? - bachback

to defend attacks one has to understand the mentality of an attacker. hence white and black hats are indistinguishable. I assume black hats have a certain circle of trust the way they spread information. how do white hats learn about black hat activity? Kevin Poulsen wrote a story about Max Butler&#x27;s CC forums, which got infiltrated by the CIA. I assume in the last 10 years the underground economy has grown considerably.<p>the reason I ask is I need a very high secured linux server with some inbound connections, but there is not much structured information out there.
======
phaus
If you are going to be doing sysadmin work, and you want to get a feel for the
attacker mentality, there are a few things you could do.

If you have the money, know at least 1 scripting language, and have an
aptitude for technology, the OCSP certification course is pretty good.

If you want to go the cheaper route, there are lots of books. One introductory
text a lot of people like is Hacking: the Art of Exploitation.

If you want to learn about web security, the Web Application Hacker's Handbook
is a great book. For something less intensive, The Tangled Web would suffice.

If you want to learn to harden Linux servers, reedit.com/r/linuxadmin,
/r/linux and /r/linux4noobs are great resources. Before you post questions,
however, I suggest using the search function because lots of people ask for
hardening guides.

------
runjake
Max Butler's forums got infiltrated by a task force composed of FBI and Secret
Service personnel, not the CIA.

Black hats generally network on IRC. You sit on some public IRC channel, build
rapport [1][2], and eventually get invited to private channels.

There are plenty of resources out there on how to _harden_ your server and
reduce attack surfaces. You just need to spend more time familiarizing
yourself with the landscape and quantify your actual goals.

1\. [http://guerrillamerica.com/2013/12/source-
recruitment/](http://guerrillamerica.com/2013/12/source-recruitment/)

2\. [http://guerrillamerica.com/2014/01/source-handling-part-
one/](http://guerrillamerica.com/2014/01/source-handling-part-one/)

------
spoiler
Blackhats are just people who abuse their Whitehat knowledge.

There is a plethora of IRC channels, forums, mailing lists and whatnot where
people share that kind of stuff. Frankly, a bug report is something like
sharing it, before its fixes it is a zero day exploit.

~~~
deadfall
I think IRC is the easiest source. Although, a lot of the IRC channels are
invite only and you will have to find a way to get invited.

Twitter is another source I've seen. "Blackhat" users will tweet about
exploits they found.

~~~
phaus
A lot of anonymous channels are open to the public.

There aren't as many skilled anons as there used to be, but there are a few
left. Just don't click on any links in the channel.

------
thelogos
A lot of them meet in private invite-only forums. Krebs had some success
infiltrating those forums but eventually got discovered.

~~~
bachback
thanks for the info. are other investigators doing the same thing. what is the
spectrum here? for example anon is more political and sort of grey hat. but I
find taking information in from MSM or even popular blogs is only scratching
the surface.

~~~
thelogos
What do you mean? As far as the forum members, they're as black as you can
get. Though, some of them only sell the tools that enable illegal activities
or exploits.

