Confessions Of A Black Hat Hacker
Follow CBSMIAMI.COM: Facebook | Twitter
MIAMI (CBSMiami) – Have you ever had your identity stolen or had your computer hacked? The answer is probably yes.
CBS4's David Sutta got a look into a side of hacking never seen before from an insider; a guy who hacked computers and websites and who bought and sold information online. He says he's changed his ways but perhaps he's just found the next big thing in hacking.
Greg Hanis has a confident smile and he can't stop smiling as he punches keys on his laptop.
CBS4 tasked him with showing how to buy stolen credit cards. He starts with Google, enters some key words, and a few clicks later, he's there. He points to a screen filled with numbers and expiration dates.
"There are some gift cards. Here are people dumping free cards because they don't know what to do with them," he explained. If you ever wondered how much a stolen credit card number is worth, wonder no more. "For Visa Classic, they'll buy the information for $15," he said.
Hanis showed CBS4 a side of the internet we knew existed but have never seen. He chose an online forum, out of dozens, where he can buy and sell credit card numbers for cheap. He clicks over to a credit card section. He explained, "It depends on what kind of card it is. If it's a gold or a Platinum card you can get $28." The price is higher because the card has a higher credit limit. He detailed how the whole transaction, financed using online currency called Bitcoin, is essentially anonymous. "I don't know where this guy is. He could be in Florida. He could be right down the road. All I know is that's his email. Mary Snow. And he has a bunch of credit cards."
WATCH DAVID SUTTA'S REPORT HERE
Oddly enough, credit cards are not where the money is on the black market. It's your identity. Hanis said $5,000 to $10,000 gets you one. "For a good one," he added. Identity is worth more than the numbers because with a good one you can essentially be someone else to commit your crimes.
There are two types of hackers.
Black Hat Hackers, the bad guys who are looking to steal and inflict "cyber pain".
Then there are white hat hackers, the good guys using hacking skill for good.
Hanis has played both sides.
CBS4's David Sutta asked him "What's easier? Catching a fish or stealing someone's identity?" Hanis sat back for a second and replied, "Stealing someone's identity. Because to get a fish you got to get a fishing pole and bait the hook. You've already spent like five minutes doing that right and going down to the water. By then I would have already had your identity and signed up a whole EBay account under your name?" He followed the statement with a confident smile.
He started hacking when he was a kid and it quickly escalated.
"I just wanted to know more, more, more. It was like an addiction. I was on drugs every time I was on the computer. I would go days without sleep or eating and just be on the computer," Hanis recalled. He became very good until one day the line between what was legal and what wasn't didn't really exist. He likens it to drugs. "It leads down that rabbit hole. It's just like drugs and you abuse it. It just leads down. I want more and more stuff. I want more and more powerful computers."
Problem is, there is no Narcotics Anonymous or Alcoholic Anonymous for computer geeks caught up in hacking.
Hanis would go to prison. According to him, he was attempting to correct his cell phone bill. He says he hacked AT&T's website and in the process he took AT&T's network out for two days. "I just didn't know what I was doing. I was unguided. It was just me," he reasoned.
Attorney Rene Palomino isn't surprised by the story. "Eventually it can and will catch up with you," Palomino said. Palomino has represented a host of cybercrime defendants, including one of South Florida most notorious black hat hackers. South Miami High grad Albert Gonzalez was hacking NASA at age 13. He went on to pull the largest department stores hack in history before it was trendy. The TJ Maxx hack led to the compromise of more than 94 million credit card numbers. Palomino finds those numbers still shocking. "Albert had 11 million credit cards on his laptop alone when he was arrested here in Miami. 11 million!"
Today, Albert is serving a 20 year sentence. Palomino says he had an opportunity to switch sides, hacking for the US government. But he got caught playing both sides. Palomino explained, "They are too smart for their own good and nowadays a good hacker can make a ton of money legally. A good hacker is in great demand for a security firm right now. A good hacker can easily make six-seven figures just on his knowledge of hacking alone."
Hanis says he's playing for the 'good guys' as a white hat hacker now and spending his days going after black hat hackers. "For every one of us there is probably a thousand plus of them, no, even more than that. 10,000 of them," he said. Hanis has a standard now for how and who he targets. "I don't really care about the ones that are doing it for their fame or kicks and giggles or political reasons, unless it's directly affecting me. But the ones that are out their stealing stuff, because that could be my grandma, I would go out there and track those guys down and release their docs which is all their personal information, phone numbers, their address, their parents numbers, their car. Whatever I can find out about them." Essentially he's about exposing them.
There is plenty of work for a white hat hacker.
"More fraud, stolen transactions, money is being crossed right now than people play in online poker or robbing banks," Hanis said.
The biggest threat out there, according to Hanis, is the internet. Everything you send and receive is at risk. During the interview with David Sutta, and unknown to the CBS4 staff, he was recording everything being sent from their phones and computers over Wi-Fi. "I'm just collecting it because it's in the air. There is no law against stuff that's in the air. It's passing through my body right now. So it's mine. I consider it my property."
Sutta asked him, "What kind of stuff are you grabbing?" Hanis shrugged,"Anything. Cell phone transmissions, pagers, everything travels. You're internet because he's connected to the Wi-Fi."
"And there is nothing illegal about this?" Sutta asked.
Hanis fired back, "I don't think so."
Sutta was surprised to hear he may be right.
Attorney Rene Palomino backed Hanis up. "Generally speaking, he is right. Generally speaking just by the information being out there and you having access to it, where anybody from the general public has access to it, it's what you do with it that counts."
CBS4 couldn't get anyone at the State Attorney's office to show us a law, in Florida, proving him right or wrong. In other words, technology is moving so fast the line between black and white hat hacking, that it is sort of gray.
Knowing that, Hanis does have advice to better protect yourself.
First stay off those free Wi-Fi networks. The most basic hacker can hack you over them. "It's general knowledge. It's like our ABC's. You got to know how to break into Wi-Fi's," he explained.
Secondly, he said, change your password for social media. "You use a different password for that compared to all your other accounts."
His final tip is only use secure websites when entering in personal information.
Palomino, the lawyer who represents a lot of cybercrime defendants, has advice too. "I rarely, rarely, use a credit card. I pay cash." Sometimes that's easier said than done. He also stays off Facebook. He says all you are doing is exposing more information than you realize for hackers.
