Bitcoins, just one part of the new Hacker Economy - Part I

The New Hacker Economy

Gone are the days of hacker motivation composed purely of recognition and bragging rights. Today's hackers are motivated by profit.  Whether this is due to their growing up, increased opportunity or other factors, the landscape is clear: opportunities for malicious actors to cash in abound and they are taking full advantage, at all of our expense.

 

In this post, I'll discuss some of today's hackers primary targets, what they commonly steal, and how they cash in.

 

What are they targeting?

Like the the physical realm, anything that can be easily stolen and turned for a profit is fair game. Though the advantages of cyber theft are obvious - an increase in anonymity as well as the opportunity to steal in massive quantities. I'll touch on some smaller scale thefts, but many thefts today are on a grander scale.

 

 

 Bitcoins

They are a relatively new target but one that has the potential to yield huge sums. For those that don't know, Bitcoins are a newer form of currency exchanged person to person in a cryptographically secure manner and stored in virtual wallets. This form of currency is gaining steadily in popularity, acceptance and value. Recent estimates place the total value of all bitcoins at roughly $13 billion USD.

 

Recent hacks have seen a number of juicy targets lose giant sums. One such theft occurred  against Bitcoin Internet Payment System (BIPS), a Denmark-based payment processor. The attack used had two distinct phases - a denial of service attack against BIPS systems, which was more or less a diversion, but leaving systems in a vulnerable state, followed by the pilfering of a large number of wallets. All told roughly $1 million USD worth of bitcoins were stolen.

 

Other bitcoin thefts have been decidedly lower tech and acts of blatant and outright fraud whereby a bogus bitcoin exchange will be established and accept a large number of deposits before closing the exchange to its depositors and making away with the loot. One such scam earlier this year netted the fraudsters of a Chinese-based exchange over $4 million USD.

 

 

Mobile Devices

Dramatic increases in the number of mobile devices in use, the relative immaturity of the platforms and software and the push for convenience often leave mobile devices as easy marks. Open market places lack adequate security monitoring, leaving the user to make uniformed decisions about the legitimacy of an offered application. Often what they get with that application is hidden or trojan functionality designed to steal sensitive user or device information, send text messages to numbers for a high fee, send emails, log keystrokes, etc.

 

Recent estimates put the number of infected mobile devices at nearly 20 million devices globally. See the video on how vulnerable we are to privacy hacks via mobile apps.

 

 

 

Credit Cards

They continue to be a perennial favorite. Recent history provides a number of high profile examples of massive thefts with an indictment earlier this year of 5 foreign nationals. This group is thought to be responsible for the theft of 160 million credit cards in separate incidents including Heartland payment processor, Visa and Discover.

 

Vulnerabilities in target systems, most often SQL injection vulnerabilities were exploited by the group allowing them to directly access the victim companies' data stores, stealing millions of cards. Cards were later sold  on underground markets for anywhere from $10-$50 USD.

 

 

Personal Data

Personal data is another favorite target of hackers: SSN, DOB, etc. Commonly referred to as identity theft, these crimes ultimately result in fraudulent credit lines, accounts or identification being created in your good name. Specialized, malicious services have also emerged whereby members can order for a small fee the information on any number of individuals.

 

One such service recently uncovered, SSNDOB, reportedly used malicious software installed on machines within LexisNexis, Dun & Bradstreet and Kroll Background America to steal over 1 million SSNs and 3 million DOBs. To maximize their profits, they offered large scale access to other malicious actors, who then marketed and branded the service as their own.

 

That's it for Part 1. In Part 2 I'll review some additional targets cyber criminals regularly take advantage of as well as offer some tips for safeguarding your personal information.

 

Until next time, stay safe!

 

 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.