Imagine for a moment, just hypothetically, that you are one of those cybercriminals whose shenanigans are hitting the headlines day by day. Let’s try and dream up this fictional scenario.
Before you make the first step up this slippery slope, you have to think over it thoroughly. You’ll become a totally different person as soon as you start. The new life has new rules, which I am going to cover herein.
Your lookComplete anonymity is the most important thing in this shady activity. The starting point is to assess your appearance. You need to look typical and inconspicuous. Forget about offbeat hairstyle (Mohawk, long and dyed hair), bright or unusual clothes, such as heavy metal style outfits. You must look tidy, stylish and businesslike. Although they say clothes don’t make the man, people still judge you by your looks when they first meet you.
Legal literacyNext, you should examine the appropriate legislation to be aware of the penalties for felonies you might commit in the future. Law savviness will come in handy under tough circumstances.
Mobile phonesAlso, rethink the way you use your mobile phone. This is the biggest scourge of the modern criminal world. All major investigations involve phone tapping and other mobile subscriber surveillance and tracking techniques. You can switch to a smartphone with crypto messengers installed and use it for online activity only, preferably with a separate mobile broadband modem without a SIM card in the device itself. You should replace the modem with a new one every so often. If you badly need to make a phone call, use a burner phone. All the SIM cards you use should be in no way associated with your real identity.
ID cardsGet yourself a fake ID and a phony driver’s license. This will help conceal your personally identifiable data that you should do your best to safeguard. Here’s an example of why it matters: while shadowing a vehicle, detectives can turn to road police for assistance in identifying the suspect. You think it’s just a commonplace pull-over to have a look at your driver’s license, but you are actually already on the hook.
Social networksIf you have social network accounts, you should delete them. Alternatively, you can provide misinformation in them, for instance, by replacing your photos with someone else’s. When the law enforcement is going after you, the first thing they do is analyze social media. Furthermore, social networks can unveil your IP address, which can lead detectives to your mobile broadband modem that’s always with you.
CarsPay special attention to the way you move around. If you drive a car, it shouldn’t be your property officially. Act unpredictably when driving: drive through a yellow light, make abrupt and unexpected turns once in a while. Doing so will help figure out whether you are being followed. Also, look in your rear-view mirror at least as often as you look ahead of you.
If you walk, that’s certainly not as convenient as driving, but it’s so much easier to protect your anonymity that way. You can easily and quickly get on a taxi or public transport so that whoever is watching you will have some hard time doing their job.
CyberA computer continues to be the main instrument for nearly all shady cyber activities be it malware spreading , DDoSing or phishing. You should take this facet of your purported work seriously. First, prep the machine itself by extracting the camera and microphone out of it. Choose a linux-based operating system, such as Tails . Then, get ready to go online -- that’s the most important part. Refrain from using cable Internet -- go for wireless modems instead. You also need to familiarize yourself with the basic applications and tools that provide anonymity and security of your computing experience. These include Tor Browser, VPN, TrueCrypt, Privnote, Jabber, OTR (Off-the-Record Messaging), etc.
ContactsThe way you behave outdoors, as well as your communication with family and girls, shouldn’t give anyone any clues on what you actually do. Be sure to think of a life story that you can fluently tell people as if it were true.
TravelingWhen traveling by train or airplane, keep in mind that all your data stays in their database. If someone else is going with you, never request neighboring seats during check-in, otherwise, those people might get into the spotlight of law enforcement as well. This is particularly important if you are traveling with fellow-hackers.
Being soberSobriety is a prerequisite of success. Befogged mind will prevent you from making the right decisions quickly, so don’t abuse drugs and alcohol. You can and you must relax, but you shouldn’t be in a state of permanent intoxication. This way, it’s very easy to lose vigilance.
HouseYour place of residence shouldn’t match your official address. Renting an apartment is the best option because you can easily move to a new place and use your fake ID for the rental agreement. Once you get your first easy money, don’t rush into buying real estate -- it might cause additional problems.
To recap, a successful black hat hacker has to be crafty, brave, dangerous, fast, sober, polite, strong and smart.
Photo Credit: ra2studio / Shutterstock
David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.