Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Bitcoins, just one part of the new Hacker Economy - Part I

DennisAntunes ‎12-05-2013 08:29 AM - edited ‎12-06-2013 10:08 AM

The New Hacker Economy

Gone are the days of hacker motivation composed purely of recognition and bragging rights. Today's hackers are motivated by profit.  Whether this is due to their growing up, increased opportunity or other factors, the landscape is clear: opportunities for malicious actors to cash in abound and they are taking full advantage, at all of our expense.

 

In this post, I'll discuss some of today's hackers primary targets, what they commonly steal, and how they cash in.

 

What are they targeting?

Like the the physical realm, anything that can be easily stolen and turned for a profit is fair game. Though the advantages of cyber theft are obvious - an increase in anonymity as well as the opportunity to steal in massive quantities. I'll touch on some smaller scale thefts, but many thefts today are on a grander scale.

 

 

 Bitcoins

They are a relatively new target but one that has the potential to yield huge sums. For those that don't know, Bitcoins are a newer form of currency exchanged person to person in a cryptographically secure manner and stored in virtual wallets. This form of currency is gaining steadily in popularity, acceptance and value. Recent estimates place the total value of all bitcoins at roughly $13 billion USD.

 

Recent hacks have seen a number of juicy targets lose giant sums. One such theft occurred  against Bitcoin Internet Payment System (BIPS), a Denmark-based payment processor. The attack used had two distinct phases - a denial of service attack against BIPS systems, which was more or less a diversion, but leaving systems in a vulnerable state, followed by the pilfering of a large number of wallets. All told roughly $1 million USD worth of bitcoins were stolen.

 

Other bitcoin thefts have been decidedly lower tech and acts of blatant and outright fraud whereby a bogus bitcoin exchange will be established and accept a large number of deposits before closing the exchange to its depositors and making away with the loot. One such scam earlier this year netted the fraudsters of a Chinese-based exchange over $4 million USD.

 

 

Mobile Devices

Dramatic increases in the number of mobile devices in use, the relative immaturity of the platforms and software and the push for convenience often leave mobile devices as easy marks. Open market places lack adequate security monitoring, leaving the user to make uniformed decisions about the legitimacy of an offered application. Often what they get with that application is hidden or trojan functionality designed to steal sensitive user or device information, send text messages to numbers for a high fee, send emails, log keystrokes, etc.

 

Recent estimates put the number of infected mobile devices at nearly 20 million devices globally. See the video on how vulnerable we are to privacy hacks via mobile apps.

 

 

 

Credit Cards

They continue to be a perennial favorite. Recent history provides a number of high profile examples of massive thefts with an indictment earlier this year of 5 foreign nationals. This group is thought to be responsible for the theft of 160 million credit cards in separate incidents including Heartland payment processor, Visa and Discover.

 

Vulnerabilities in target systems, most often SQL injection vulnerabilities were exploited by the group allowing them to directly access the victim companies' data stores, stealing millions of cards. Cards were later sold  on underground markets for anywhere from $10-$50 USD.

 

 

Personal Data

Personal data is another favorite target of hackers: SSN, DOB, etc. Commonly referred to as identity theft, these crimes ultimately result in fraudulent credit lines, accounts or identification being created in your good name. Specialized, malicious services have also emerged whereby members can order for a small fee the information on any number of individuals.

 

One such service recently uncovered, SSNDOB, reportedly used malicious software installed on machines within LexisNexis, Dun & Bradstreet and Kroll Background America to steal over 1 million SSNs and 3 million DOBs. To maximize their profits, they offered large scale access to other malicious actors, who then marketed and branded the service as their own.

 

That's it for Part 1. In Part 2 I'll review some additional targets cyber criminals regularly take advantage of as well as offer some tips for safeguarding your personal information.

 

Until next time, stay safe!

 

 

About the Author

DennisAntunes

Events
Aug 29 - Sep 1
Boston, MA
HPE Big Data Conference 2016
Attend HPE’s Big Data Conference on August 29 - September 1, 2016 to learn from peers in every industry and hear from Big Data experts and thought lea...
Read more
Sep 13-16
National Harbor, MD
HPE Protect 2016
Protect 2016 is our annual conference on September 13 - 16, 2016, and is the place to meet the world’s top information security talent, discuss new pr...
Read more
View all