Bitcoins, just one part of the new Hacker Economy - Part II

In Part I of this post, I discussed a number of common targets for today's cyber criminal: Bitcoins, mobile devices, credit cards and personal data. In this final post, I'll present a few more typical theft scenarios and finish by offering a few pointers you can use to minimize your chances of becoming an unwitting victim.

 

 

trade.jpgTrade Secrets
Several related targets of today's hacker are trade secrets, intellectual property, source code, etc. This stolen information is then sold to the highest bidder or used to blackmail the victim organization.

A recent theft at Adobe resulted in the loss of source code as well as millions of passwords. Symantec recently made public a theft of source code which occurred back in 2006. At that time criminals sought $50K USD to avoid releasing the source code on the Internet. Such thefts of source code could lead to the development of exploits for previously unknown vulnerabilities, which could later be leveraged to facilitate any number of additional thefts, coming full circle.

Often thefts of this nature are well-funded and involve very organized groups or perhaps nation states. Past attacks have ranged from very low tech attacks to extremely sophisticated, targeted malware taking advantage of so-called 0day vulnerabilities in commonly used software.

 


 

lock.pngUsernames and Passwords
Credential thefts are also lucrative for hackers and their value presents multiple opportunities for profit. Compromised accounts can lead to identity theft, targeted phishing and spam campaigns, financial theft, PC compromise, etc.

Several recent high profile incidents have resulted in millions of credentials being stolen, both as the result of a compromise at a large organization (Adobe) and also as part of targeted malware campaigns designed to steal social media and email account credentials.

 



laptop.jpgCompromised PC's
The last profit stream I'll mention here is the compromised PC. Often this is used as a method to steal other data, but very often control of the PC itself is for sale, usually in large numbers. Compromised PCs often make up what's known as a bot net as they are under the remote control of the attacker, historically via IRC.

 

Large bot nets are sold or rented for a number of different tasks, but most notably they play a large role in distributed denial of service attacks against various corporate and government entities, all at the will of their controller. The extortion of those target companies being yet another profit opportunity for the hacker.

 



privacy.jpgWhat can you do?

Sadly, much of this is out of our control and in the hands of those with whom we trust our sensitive data and assets, but there are some steps you can take to minimize your risks. Below are some bulleted points to get you started but please note, to thoroughly explore each topic it would take a post of its own. I urge you to research and seek out greater detail on related best practices.

 

  • Install and maintain anti-virus and personal firewalls on your personal devices. Ensure devices and installed software are maintained and kept current
  • Use extreme caution when installing software on any device. Carefully review system messages during installation, especially with regards to application permissions on mobile devices
  • Be highly suspicious of unsolicited emails, messages or texts as they may attempt to trick you into divulging personal information or installing malware
  • Ensure home networks are properly secured and WiFi networks leverage modern encryption and are protected with a strong passphrase
  • Refrain from transacting sensitive business on guest networks or kiosk PCs as their legitimacy and security are impossible for you to fully assess
  • Use unique passwords for each online account and ensure passwords or better yet passphrases are very difficult to guess
  • Refrain from using debit cards for online purchases as fraud, while it may be covered by your bank, may take time to be resolved, possibly resulting in a lack of access to funds. Use dedicated cards for online purchases with low limits and no association to personal accounts
  • Carefully monitor your credit activity and consider placing a freeze on your credit profile to prevent accounts being opened in your name

 

In Summary
Clearly there is no shortage of opportunity for today's hacker to thrive on malicious activities and I really just scratched the surface here. As more and more critical transactions occur online their opportunities and motivation will only increase.

 

There are steps you can take to help avoid becoming a victim and minimize your risk. Vigilance and more than a bit of suspiciousness go a long way.

Comments
Carlo Park(anon) | ‎01-07-2014 01:41 AM

I hope to see more bitcoin enthusiasts this year, and let's focus on the beneficial side of it. More than that, I'm looking forward to more secure accounts and hardcore programs that put an end to the unwanted hacking and spamming. 

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation