www.economist.com /1843/2021/05/19/from-black-hats-to-zoombombing-your-guide-to-cybercrime-and-hacking-slang

From black hats to zoombombing: your guide to cybercrime and hacking slang

May 19th 2021 10-13 minutes 5/19/2021

The malevolence of cybercrime often seems all the worse for the impenetrable jargon used to describe attacks. Perhaps a “time bomb” blew up your computer, or malicious software turned your smartphone into a “zombie”? Even lower-tech crimes get strange labels: “shoulder-surfing” refers to when scammers nab your passwords by literally looking over your shoulder as you type (sometimes with binoculars). “Catfishing” is when you’re tricked into thinking you’re in an online relationship and unknowingly send cash to scammers using a fake profile (the supermodel who claims to have the hots for you may in fact be a 52-year-old man called Steve).

Confusing you is exactly what these cyber-attackers want. And they’re worryingly successful: in America the amount of money lost to cybercrime increased threefold from 2015 to 2019. And that was before the pandemic pushed more criminals to focus on internet crime – just as many of us started living our entire lives online.

Online criminals are often dubbed “hackers”. The term itself is controversial: many geeks use it to describe anyone with an advanced understanding of computers, and prefer the term “malicious hacker” for someone who uses their skills for nefarious purposes. They point out that hackers can also use their knowledge for good, to fight the bad guys. If you want to know the difference between online outlaws and angels, start by learning the language they speak.

Black hat
A hacker with malicious intent (noun)
Outlaws in the digital Wild West

From under the brim of his black cowboy hat, Angel Eyes watches Tuco, a con man, about to be hanged. Suddenly the white-stetsoned Blondie shoots and destroys the noose. He rescues Tuco and escapes on horseback. This scene in “The Good, the Bad and the Ugly”, a film from 1966, uses a trope common in Westerns: the good guy wears a white hat, and the baddie has a black one. Today this visual code – which some see as racial stereotyping – is replicated on the internet.

In the virtual Wild West, a new generation of bandits roams. “Black hats” are hackers with malicious intentions. They break into computers to steal data and hold companies or people to ransom. The moniker satisfies a hacker’s craving for adventure. Robbing a bank from your laptop lacks the glamour of an old-fashioned heist with saloons and shootouts. But as a black hat, you’re one of the keyboard cowboys, fighting the Good and the Ugly. Benedict Smith

White hat
A hacker with good intentions (noun)
Lonely are the brave

The thought of marauding hackers is frightening. But some techies patrolling the digital frontier want to protect you and your precious data. “White hats” are hackers whom companies hire to find vulnerabilities in their computer systems. Their job is to break in and report weak points that their black-hatted foes could otherwise exploit.

One famous clash between black- and white-hatted internet cowboys happened in the 1990s. At the time hacking was less common, carried out mainly by geeky young men. Kevin Mitnick, a Californian “black hat” on the run from the law, made the mistake of hacking into the computer of Tsutomu Shimomura, a long-haired physicist and “white hat” security expert. The physicist got his revenge by helping the FBI track down Mitnick, who ended up serving five years in prison – including a stint in solitary confinement because a judge was convinced he could launch nuclear missiles by whistling into a payphone.

On his release Mitnick reinvented himself as a “white hat” cyber-security consultant (perhaps he realised it can pay to be good). But not all hackers are motivated by making money. “Hacktivists” break into computers to push for social change or to promote a political cause: they are part-sheriff, part-outlaw. You’d be wise not to challenge a “hacktivist” to a digital duel at high noon. Neel Ghosh

老害パソコン (rōgai pasokon)
Ageing computers that cause harm (noun)
Japan’s other ageing crisis

Japan is flush with high-tech gadgets, from toilets that rinse and dry your privates to dancing robots who cheer on baseball players. Yet many Japanese companies are still surprisingly low-tech. Chunky fax machines remain a staple in offices. Stacks of paper clutter desks. And firms often use rōgai pasokon – outdated computers that are vulnerable to cyber-attacks.

The scale of the problem is startling. Nearly 14m Japanese were still using Windows 7, an operating system from 2009, when Microsoft stopped providing security updates for it last year. Those users are now at risk of newly devised cyber-attacks. Japanese firms have a deeply ingrained seniority system, whereby many workers are promoted due to age not ability. Elderly executives often refuse to pay for software they don’t understand or see the value of.

Knackered computers are not the only weak spots in Japan’s cyber-defences. Rōgai, which means “harm inflicted by the old”, is also used to describe ageing employees who struggle to work with new technologies. Older office workers naively click on links and download viruses which can then infect their entire company’s computers. Perhaps Japan’s workforce also needs a security patch. Miki Kobayashi

Internet scammer (noun)
The fraudsters with the golden fleeces

Online fraudsters often steal the hard-earned savings of their victims with little more effort than a sheep puts into finding grass in a field. That’s why internet scammers in Ivory Coast in west Africa are known as brouteurs, meaning grazers in French.

The golden age of brouteurs was the early 2000s. Working out of internet cafés in the commercial capital, Abidjan, they would charm online victims into romantic relationships, ask for money and then disappear. In doing so they broke hearts in France, Belgium and beyond. In Abidjan brouteurs were hailed as heroes, feted in Ivorian rap songs and lionised as modern-day Robin Hoods. On several occasions European TV reporters flew in to grill the culprits, many of whom were teenagers. Few grazers seemed sheepish about their crimes – some were found drinking champagne in nightclubs.

The Ivorian government has since cracked down on cybercrime. Brouteurs can now be sentenced to up to 20 years in prison. As more Ivorians have smartphones, many brouteurs are now robbing their own countrymen rather than distant Europeans – and aren’t likely to be celebrated for defrauding people. Most see that as sheer bad manners. Georgia Banjo

Gate-crashing virtual meetings (noun)
Weapons of mass interruption

Zoom attendees come in various forms. Narcissists ogle only themselves on screen, phantom-breathers refuse to press mute, nostril-exhibitionists are uncaring about the angle of their webcam. This curious ecosystem has also attracted another type of participant. Those who disrupt the fun by “zoombombing”: gate-crashing a virtual meeting.

Zoom, the video-conferencing service where most “zoombombings” occur, has had a fantastic pandemic by most counts, enlisting millions of new users around the world (and becoming a verb). But it has also been troubled by security scandals. Hackers have found it all too easy to admit themselves to private meetings and eavesdrop on sensitive conversations. Many people new to video-conferencing have found the security settings confusing and left their virtual doors open to uninvited guests.

Zoombombings vary. Bored students interrupt teachers for their own entertainment. Anonymous vandals break into meetings and share their screens with other participants, before spreading hate speech or disturbing sexual images. Zoombombers may target corporate meetings or ruin a virtual service at your church. Some are pernicious. Others are simply there for a blast. Claire McQue

杀猪盘 (shazhupan)
1. The slaughterhouse plan (noun)
2. A type of cybercrime in China
Pigs might cry

Sacrificing pigs at weddings and funerals is a Chinese tradition. These days most sacrificial swine are found online. The slaughterhouse plan, or shazhupan (which literally means “the place where pigs are butchered”) in Mandarin, is slang for a type of cybercrime in which scammers dupe victims over a long period of time, before finally feasting on stolen cash.

First the con artist must find a suitable pig at the water trough (usually a dating app). Older, unmarried singles are easy prey. The scammers start feeding their hog by flirting with them over text and sharing photos using a fake identity. Criminals may even start an online relationship with their victims before convincing them to send small amounts of money. Once adequately fattened, the swine is swindled. The fraudster asks the pig to send a larger sum of cash and then blocks the pig’s phone number.

The slaughterhouse scheme happens slowly, unlike other types of cybercrime such as one-off email scams. Fraudsters invent elaborate fibs about ex-wives, children from previous marriages and failed business ventures. One recent victim, a university professor, was lured into a WhatsApp group chat of supposed stockmarket investors. The 32 other people in the chat were all part of the scam. Fortunately the professor left the group shortly before he was sent to the slaughterhouse: he eventually realised the whole thing was hogwash. Sue-Lin Wong

Обнальщики (obnalshchiki)
People who launder money stolen by hackers (noun)
Getting back with your cash

Are you a Russian oligarch with money frozen in foreign bank accounts? Or an online scammer who has duped another victim? The obnalshchiki can help: they will launder your stolen or illegally obtained money. The term, which comes from nalichiye (cash), can literally be translated as “cash-ifier”.

After hackers retrieve your frozen funds from a bank, one way to launder the money is to sign a sham contract with a company owned by an obnalshchik, billing them for fictitious services equivalent to the cash you want to launder. You send the “dirty” money to the obnalshchik, who sets it off on a winding route through multiple companies to “wash” it. The obnalshchik then withdraws it and returns the apparently legal cash to the owner as “payment” for the job done.

Don’t expect to get all your money back after this convoluted journey. Both hackers and obnalshchiki charge exorbitant fees. Demand for their illegal services is particularly high in Russia, where cyber-attacks cost citizens and companies some $49bn in 2020, according to Sberbank, a Russian bank. If you ever want to spend your ill-gotten gains, it’s going to cost you. Sasha Raspopina