How hackers value your data

Why would someone want to hack you?

What is the point of a hacker taking over your PC?

Both very good questions.

However, we must understand it is no longer a human who is attacking you.

Yes - a human has created what is attacking you by either writing or buying automated programs.

Yes - it is a person who lets these pre-configured programs loose over the internet to hunt down vulnerable software. They can kick back and sip on a cola while their weapon of choice works to obtain your data. That is if your defences are weak. If what I am saying makes little sense to you, chances are you are the low hanging fruit these guys love to go after and you should continue reading.

They effectively cast vast nets over the internet in search of defenseless systems. You and I are targets as much as the next person. You will probably have been a target before. Your internet router will have no doubt been scanned everyday for weaknesses since the day it was set up. The spam emails you and I receive with attachments to perform phishing attacks; to trick us into downloading a virus or lead us to a compromised website embedded with malware script. We are all potential victims or targets for the online criminal underground.

It isn't unfeasible for anyone to be targeted by a specific organisation neither. This is a much more serious matter. This is known in the military as an advanced persistent threat (APT). This could be anything from an ex-partner trying to gain access to your Facebook or perhaps you live in a country with a totalitarian government who are trying to look at everything you do.

Most people only need to concern themselves with not getting caught in a hackers large net.

You'll be glad to know some organisations have intelligence monitors; deliberately setting up vulnerable servers (known as honey pots) to monitor behaviour of hackers and cyber criminals to understand their behaviour; new things they're doing; anticipating trends etc.

 

So why do hackers put all this effort in to getting your data?

It must be worth something to them, right?

Generally, the motivation to access an account, steal your identity or take over your PC ... is money.

In some cases, the base motive may be political or moralistic but mostly... they just want your money.

 

How do they turn your account or PC into money?

According to a Metcalfe report, £266billion is lost annually to cybercrime. So it can be taken as read, crime does pay. Even more so if you live in a country deprived of opportunity or prosperity.

There are various ways for how your PC could be useful to a cyber criminal:

  • They can use your PC as a web server
  • Host illegal content
  • Perform illegal hacking activities as well as email attacks
  • Virtual goods - can sell for virtual currency
  • Reputation Hijacking - where your accounts can be resold
  • Bot activities
  • Take down websites
  • Blackmail sites
  • Account credentials
  • Financial details
  • Hostage attacks
  • Identity theft

 The trading of such goods for money is done in crypto currency, with Bitcoin being most popular and of which you may be aware of; where money is received in semi-anonymous transfers and cash outs.

 

How can they make money via email?

Your email account in particular whets a hackers appetite because, more often than not, it is the gateway to juicier fruits like many or all of the accounts mentioned previously. This should go some way in explaining why your data and mine serves as purpose for a very active cyber criminal underground to exist on the internet.

Below are a few stems of value for a hacker in relation to your email account:

  • Privacy related - stealing personal information such as messages, skype chats, photos, call records, geo location etc.
  • Retail Resale - Facebook, Twitter, Linkedin; Amazon, Netflix etc.
  • Financial - Bank accounts, Email account for ransom, Change of billing.
  • Spam - Commercial email, Phishing, malware, social media spam, Email signature spam.
  • Harvesting - Email, chat contacts, file hosting accounts, Google Docs, MS Drive, Dropbox.
  • Employment - Forwarded Work Docs, Forwarded Work Email, Fedex, UPS, Salesforce.

 

They can sell any of these accounts as there's a high demand for them. They're later used for further compromises and further access to such useful things as your financials to simply transfer money out of your accounts, buy virtual goods, spam attacks, harvest information, your employment records, you name it!

Business data is the bullseye of a hackers dartboard and if you light-heartedly consider the security of your IT Infrastructure, you are bringing the dartboard closer to them; giving them space to operate and are making it their playing field by increasing the attack surface for them. Ultimately, this puts your business in jeapordy.

Every business (inc. personal) needs proactive measures to provide security. Anything of value or worth protecting while online is in the mind's eye of the beholder but knowing how to protect our digital assets is becoming a fundamental necessity for every individual in any company today.

Huw Tremlett

Data Management Consultant

Huw Tremlett