The Black Hat, the Ethical, and the WHOIS Hacker

Not all hackers are bad. Yet when the term “hack” is used in mainstream media, it is often in the context of cybercrime and black hat activities — e.g., some big organization got its intellectual property worth millions stolen, some people lost their personally identifiable information, etc. Data breach stories never run out!

And who can blame journalists? After all, hacking is one of the top threat actions in what most security professionals and others refer to as the “cyberwarfare” where everyone connected to the Internet is a potential target.

With all that negative publicity around, it easy to forget that there are also ethical hackers among us. Those professionals are quite the opposite of their malevolent counterpart, having no intent to harm and being on a payroll.

In fact, companies themselves contract them to “attack” corporate networks with fierce hacking techniques to test out defenses and spot vulnerabilities. It’s like hiring someone to attempt to enter your house such that you can better plan and prevent actual robberies. Not a bad idea, right?

As part of this process, ethical hackers are using a wide array of tools among which WHOIS database download services — serving as a repository of web addresses containing information on millions of domain names, and the registrants and registrars behind them.

How is such a tool relevant to them? Let’s find out. But first thing first:

What Have Black Hats Hackers Been Up to Lately?

Before diving into the capabilities of WHOIS and where it can help, here are some of the vilest domain-related crimes that regularly take place.


This method of hacking may sound “old school”; however, it remains a threat as hackers adjust their tactics to send highly convincing communications, usually through email, intending to prompt users to take urgent actions in order to avoid negative consequences or to benefit from whatever perk. In reality, users are likely revealing sensitive information to strangers or possibly sending money to fraudulent bank accounts.

Site impersonation

The ease of setting up a website can turn into a liability for web visitors who are redirected to an untrusted host. For example, hackers may create a replica website of a trusted brand or entity by registering a domain address that is almost the same as the original one. Innocent users then carry all activities as they normally would, not knowing or finding out too late about the scam.


Ransomware is also not a new type of cyber attack yet it keeps on causing damages to users in several ways — e.g., like discussed above, through an attachment sent from a sending address sounding familiar or as part of a website impersonating a well-known brand using a domain name registered to mislead.

All in all, black hat activities frequently involve dubious domain name registrations which, through WHOIS, leave traces that ethical hackers can exploit to protect organizations and individuals.

How Can WHOIS Benefit White Hat Hackers?

Information found in a WHOIS lookup can prove vital for ethical hackers who can get a glimpse into black hats’ online means of attack and replicate them.

In more detail, the open nature of WHOIS allows white hat hackers to see what type of domain names is typically registered for conducting fraud. All they have to do is to use a WHOIS database download service to locate all site containing specific terms or brand names which may or may not belong to the official entity.

In turn, those professionals can register a set of similar web addresses and simulate scamful behaviors to train employees and users and see what is more likely to make them commit an error of judgment.

For example, would they fall for a dangerous attachment sent from an intentionally misspelled email address? Or for an external link where the stated and actual URL destination differ?

What’s more, ethical hackers can use WHOIS records to make their simulated scams look even closer to the real ones, identifying questionable registrations and following the same patterns with similar contact details, locations, etc.

WHOIS database download services can become a critical asset in the prevention of hacking attacks and the resolution of cybercrime investigations — allowing white hat practitioners to study and replicate malicious activities online.

read original article here