Hostwinds Blog

Search results for:


Hackers: Data Picking for Profit

by: Bryon Turcotte  /  October 17, 2014


Tags: hackers 

Years ago, I fell victim to fraud. It was around 1999, and I was residing in a hip, desirable borough of Boston known as Allston-Brighton on a very safe street with many trustworthy and caring neighbors. I enjoyed a busy career at a fast-climbing start-up company and not worrying about threats against my privacy or security. One day I discovered over $400 missing from my checking account. It was just gone. Keep in mind that I was a single professional making decent money at the time of this discovery. Still, when that amount of money drops out of your wallet, it is very traumatic and highly concerning with no explanation or warning. After much investigation, repeated phone calls back and forth with my bank, interviews with security companies, and conversations with the police, it was concluded that my bank account information had been stolen – most likely directly from a document in my trash container outside my apartment building. I was told that the suspected party had sifted through the waste and found my numbers either on a check or bank statement, which was innocently but unfortunately tossed away for them to find easily. They lifted the information to sell it to "_organized criminals_" for profit. Investigators advised me (remember we were back in 1999) that organized crime will often recruit people – drug addicts, homeless people, drifters and sometimes college students (Boston is a big college town) to "_pick trash_" to find old checks, personal mail, and other documentation that could open doors into ones private, personal and financial life. They told me that they had withdrawn $300-500 from at least 200 individuals in the New England area in one week, quickly closed up operations, and moved on to strike unexpectedly from another location.

Remembering this experience still makes me cringe and prompts me to make comparisons in my head to events that have been uncomfortably common in our daily lives. Back in 1999

things were obviously much less sophisticated technologically – but the "_trash picking thieves_" of yesterday have grown up and moved with the times and now use the tools that are readily available to aid their thievery. The kind of trash they pick – the information they desire – is the same, but it is handled by them and us much differently. In today's world, we never think of it as trash once discovered missing, even though we may have taken it just as carelessly. These pickers, thieves, criminals, opportunists no longer need to sneak around in the back alleys of average neighborhood U.S.A. and shift through garbage to get what they want. They can do it in broad daylight while kicking back on a laptop sipping at a cup of coffee – all while making a good living. They are profiting because they are – and always will be – catering to those who are paying and paying big. There is much more to choose from in today's figurative trash bin that we may or may not even realize is left behind to be so vulnerable.

Billions and billions of private keys, passwords, account numbers, and unique personal identifications are available for the taking and valuable to the criminals waiting to exploit. I sit sometimes desensitized by the amount of news regarding this week's new hack, use, and attack. I begin to reflect on the who, why, and what is behind the breaking into our "_homes_" and the selling of our precious data. Once the selectors have filled their pockets, what is the next step? What is hey getting out of this? Who are the ones running the show? I have been reading a lot more recently about the big business of cyber thievery. It has left me looking at my online life much differently.

Today's selectors – known more formally as "hackers" – are intelligent, technologically savvy individuals who pick and choose their targets based on a whole new set of information and parameters. They spend time to figure out what data and information will open the most doors faster, more accessible, and, of course, without detection. Most always, their primary motivation is to determine what data will generate the maximum amount of profit for their efforts and how this could open more doors to bigger and better opportunities. Each week's news brings on increasing reports regarding hackers. In a world where "the war on drugs_" was a common term used for decades in everyday conversations at work and home, the criminal activity, including the transporting and dealing illegal drugs on larger scales, seems to have dropped off the airwaves. The buying, selling, and trading of _our information, our data, has been moved to the lower shelves in the tremendous criminal marketplace. The "black market_" where these individuals hang out and the network has become a monolith of activity that moves _a lot of money. I learned much about these tight networks and their operations from an article written by Lillian Albon called "Hackers' Bazzar," where she places the entire entity and its activities in a perfect nutshell. Albon notes, "Today's cyber black markets have evolved into playgrounds of financially driven, highly organized and sophisticated groups, often connected with traditional crime organizations. For certain levels of criminals, these black markets can be more profitable and less risky than the illegal drug trade; the links to end-users are more direct. Because worldwide distribution is accomplished electronically, the requirements are negligible. In many countries, malicious hacker activity is condoned. There are even reports of Eastern European hackers with government ties."

I don't believe that anyone who spent time growing up in the seventies, watching Brady Bunch re-runs and thinking of "_identity theft_" as the subject of a creepy science fiction movie would say that the criminal activity of today and the methods used to steal money, exploit identities and share private information were expected or even possible. We have graduated to a place where something as simple as a picture of your face can be given to someone else without your knowledge and misused at the click of a mouse. As consumers, our biggest fear was that a thief would pick our pocket, physically take our wallet, steal our credit card, walk into a store and purchase merchandise in our name. Of course, this could still happen, but with the amplification and availability of technology, these thieves do not need to be in the same room, town, or country to take our money or identity. The most absurd thought is that these individuals are a part of a well-organized, driven, intelligent, and highly motivated group of networked criminals who most of us humorously imagine as hooded specters in dark basements drinking energy drinks and cold pizza. The reality is that they have figured out the system and will work hard to continue this path as long as it turns a profit. Unless you have not digested the seriousness of their motivations, you must accept that these organized groups anticipate changes in security, cyber defenses, and protection and have plans to get around the blockages even before they are raised. Today we need to worry about more than our trash getting picked or our wallets being stolen.

Hackers have found a way to make money from almost everything we own. All they need to do is open a door that leads them to the valuables. We have built modern doors on our computers, on our phones, and through the technology-driven lifestyles that we may or may not realize are wide open or unlocked. Articles flow daily with stories of how hackers can steal passwords through popular social media accounts, which can prove to be much more valuable, profitable, and continuously usable than any credit card they could lift from your wallet to use for a day of wild spending. Today's hackers have found ways to profit from your medical records, personal photos, work history, spending statistics, and global locations because people want to use it to make more money and help others exploit your existence. Yes, this is very dramatic and darkly colored, but unfortunately, it is taken very seriously. A recent article published by Reuters stated that hackers would sell stolen names, birth dates, insurance policy information, and bank information to those criminal groups who generate counterfeit professional identification, which allows them to buy specialty merchandise – pharmaceutical drugs, medical equipment, high-level technology – which they can resell posed as legitimate dealers.

Reuters said that "cybercriminals make around ten times more money hacking someone's medical information than from stealing their credit card details._" It is believed that approximately 80,000 people are reached by hacker organizations which then have the potential to convert all desired data into hundreds of millions of dollars which is used to continue their illegal course. Unfortunately, from what we read each day, it seems that these activities and relentless waves of attack are not subsiding but only increasing. Constant recruitment from the underground hacker networks has made it easier for motivated, opportunistic, criminally-minded individuals to learn more about joining the world of stealing, buying, and selling information. Keep your eyes open and your ears to the ground – but most importantly, never assume that _your data is not valuable.

Read more articles about hackers, data breaches, and security vulnerabilities on the internet in the Hostwinds Blog Archive.

Written by Bryon Turcotte  /  October 17, 2014

Need help? Chat now!