Black Hat Hackers Own Us!
13 Jun 2007
The Register has an interesting article about black hat hackers. It contains a list of 10 reasons why the black hats have us "outgunned" Snippet:
1. The Black Hats form a well integrated community that shares knowledge effectively.
Should you, after months of research and effort, create an exploit that allows you to hack Windows or any other frequently used software product, you can auction the exploit on the internet in a well organised manner. Yes, the hackers have their own auction sites (it's true). And if you're looking to write a virus, say, well, there are hundreds of sites out there that can provide you with source code to help you construct something really fiendish. Different modules for setting up a mail server or planting a specific Trojan or whatever. Open source is all the rage, even among hacker
5. There's a market for your data
"OK, I go out onto the net and try an exploit here or there and I hit pay dirt - a whole file of thousands of credit card details. What do I do now?" My advice to you dear boy, is forget about trying to buy stuff on eBay or Amazon with all that stolen data. Simply sell the data and leave it to someone else to do all the dirty work. How much to sell for? Well it depends, but you should be able to get $30 per credit card as an absolute minimum and if you've got really lucky and managed to get the PIN number of the card (a difficult data item to get your hands on) then it should be close to $500 per card. Yes, there are markets out in cyberspace where you can sell data - not just credit card data, but Social Security Card data (for US citizens), birth certificate data, billing data, and driving license data (all of which can be used to set up bogus bank accounts).
6. There are botnets to rent
Don't tell me, let me guess. You've got a great scheme in mind to flood the world with a particular kind of spam and it's bound to pay off. But you just don't have the computer power you need. Let me introduce you to an Asian friend of mind who's been established in the Black Hat trade for a year or two. He repeatedly floods the internet with Trojan viruses to continuously assemble and grow a botnet. He has to keep on doing it because every now and then PCs get cleaned and fall out of the net and anyway the bigger the botnet the more the commercial opportunity. My friend will rent you a portion of his botnet for 20 cents per PC per day (roughly current rates) and he'll throw in a whole database of email addresses too. He thinks of himself as an Internet Service Provider.
10. Not all businessmen are entirely averse to the odd hack (on a competitor)
As you seem determined to embark on a life of cybercrime I have one last piece of advice for you. Don't ignore the business world as a lucrative source of income. I know what you're thinking. Those guys are my prey. Well it's true that some of them are, but some of them could become your customers - if you make the right contacts and do the right kind of marketing. I mean, which businessman could fail to be pleased when his major competitor suffers a big data hack or loses a few days web business because of a DOS attack. Which businessman doesn't think, "hey what if I arranged for something like that to happen?" And which businessman having formulated a good competitive tactic doesn't put it into practice. There's good money to be made in focused hacks, theft of intellectual property, denial of service and large scale data theft. You might even get paid twice - by the customer and the victim.
Apparently, it's the end of the world as we know it. The sky is falling... No really!
Seriously, identify theft has become such a major threat to the average consumer. Dealing with it can take years to straighten out and your credit may never be the same. E-Tailers need to take more precautions when dealing with customer data. I have worked at companies that retain quite a bit of user information and while their practices were decent, most needed to do more. I pointed it out, and usually action was taken... But not always!
Tsk Tsk.