Skip to content

OPLIN 4cast #447: The business of hacking

Posted in 4cast

Last updated on September 29, 2015

hackerHacking into the computer files of a company or government agency often is not a very lucrative occupation, unless the hacker has some way to convert stolen information to cash. So a current trend seems to be for hackers or hacker groups to sell their services, before the hack, to someone who wants specific information. The business side of hacking has been highlighted in some recent news reports, like news about the Hacking Team company being hacked themselves, and the takedown of the Darkode forum for hackers. You may think that libraries are safe from this kind of cyber crime (why attack a library?), but by that logic, we also should not be seeing denial of service attacks on libraries – yet we are.

  • Hackers on demand (Fast Company | Steven Melendez)  “At Hackers List, for instance, hackers bid on projects in a manner similar to other contract-work marketplaces like Elance. Those in the market for hackers can post jobs for free, or pay extra to have their listings displayed more prominently. Hackers generally pay a $3 fee to bid on projects, and users are also charged for sending messages. The site provides an escrow mechanism to ensure vendors get paid only when the hacking’s done.”
  • Hackers for hire: How online forums make cybercrime easier than ever (Washington Post | Andrea Peterson)  “These forums and black markets offering physical goods as well as digital services – such as the now defunct Silk Road – have helped drive the popularity of cybercrime, because the sites contain almost everything someone would need to get into hacking for profit, [Raj] Samani [of Intel Security] said. Even those without technical knowledge can visit the forums or black markets and hire people to do the individual components of a scam – or outsource it altogether in a subcontractor-style set up, he said.”
  • Sophisticated hacker group strikes for profit, not politics (Top Tech News | Jef Cozza)  “Almost as unnerving as Morpho’s habit of targeting enterprise assets is its familiarity with the inner workings of its victims. The group has successfully compromised commonly used e-mail servers such as Microsoft Exchange and Lotus Domino, according to Symantec. It has also targeted enterprise content management systems, where it could have gained access to valuable documents such as financial records, product descriptions, and legal documents. And unlike attacks by other hacker groups suspected of working for the Chinese, Russian, or North Korean governments, Morpho’s malware tools are well documented in fluent English.”
  • Hacker for hire (ITWeb | Jon Tullett)  “Managing consultant [Tyrone Erasmus] at security specialist firm MWR InfoSecurity, he and his teams are hired to audit their clients’ security, mimicking the behaviour of criminal syndicates that are after the same valuable details: financial systems, intellectual property and trade secrets. ‘I’m a bad guy who plays by good guy rules,’ he proclaims, with a nearly straight face. Since the ‘70s and ‘80s, when hackers like Kevin Mitnick and John Draper burst onto the scene, corporate information security has improved greatly, it’s far stronger and…haha. Just kidding. ‘We have a 100-percent success rate,’ Erasmus says, deadpan.”

Articles from Ohio Web Library: