By Hammerhead
Cyber crime is evolving as fast as the technology in which it exploits. Hackers no longer are content in just stealing your money outright; they have realized the real prize, the real pay dirt, is raw DATA. The criminals have realized that the new billionaires in the tech world are no longer the software and hardware designers, but the Data Brokers. Those obscure and often unknown companies with names like Acxiom, Epsilon and Datalogix that mine, dig, snoop and pry information about YOU from every dark corner and crevice of the internet just to find out your likes, dislikes, pleasures and pains, all so they can sell it to the highest bidder.
In what Marc Goodman called “The Surveillance Economy” in his recent book Future Crimes, the goal of these data brokers is to provide what is known as “behavioral or predictive targeting” on you and your life. These brokers want to understand you down to the last intricate detail, that way they can ask premium price for your “information” when they sell it to advertisers and marketers. To put it plainly, Surveillance is the new and permanent business model of the internet.
Despite how bad all this sounds, believe it or not, this is the legitimate version of data brokers. The other side of this coin, the illegitimate criminal hackers, like the ones in the Ashley Madison case, which deal in stolen data that seeks to exploit personal information mostly for financial gain and sometimes just to make a statement, are often far, far worse.
To understand the background for what data brokers, legal and illegal do, we first have to understand a simple truth:
“What we put on the web is forever permanent, so think twice before posting it!”
Contrary to popular belief, there is no true “incognito”, “erase” or “clear history” when it comes to the web. Every single word we type or website we visit on the web is “recorded for posterity” as they say. Now for your average person, at worst this may mean some embarrassment over, a how should we put it, an “exotic” choice of websites in their search history, or maybe an off-color joke or racist statement made in an email, as was the case last year when Sony Corporations Email was hacked and certain higher-up’s were found to have talked about President Obama in some “unflattering” language.
But due to the moral decay (that moral compass got tossed out a long time ago) and corruption within our society, there are websites out there that promote and peddle in far worse behavior than this. For those of you that would have no reason to know what the Toronto based Ashley Madison website is all about, all you really have to do is read their tagline to get a clue: Life is short, have an affair. That’s right, it is a website that promotes marital cheating, or to be more exact, it is a website that facilitates marital infidelity between two willing parties. And just to show you how “willing” these morally corrupt individuals are, according to a class action lawsuit filed by several ALM clients, over 37 MILLION names were stolen from the database in the hack.
What is interesting about a hack like this, is that information is the real currency being traded here; information that for the most part, most ALM clients thought had been deleted from the server. This in turn has created a very unique fallout in Canada, Europe and the U.S. For example, Police nationwide are having to investigate possible extortion and blackmail scams from people who have (or are just pretending) to have discovered “compromising information” on one of the 37 million people whose records were stolen. It’s not criminal rocket science; with just the mere possibility of information like this being exposed, I am sure certain individuals would pay HUGE amounts of “hush” money to keep their marriages intact, especially if that marriage is their “gravy train with biscuit wheels” financial security.
So besides stealing morally compromising information, what other kind of data do these illegal brokers look for? This is where the more conventional ideals of cyber-theft come into play and rear their ugly heads.
The Underground Hacker Markets
In hacker lingo it is called an Underground Ecosystem. It is a collection of forums,websites and chat rooms whose specific intent is to streamline criminal activity. Everything is for sale: Counterfeit credentials, Credit Cards, Online Bank Accounts. They even have Hacker Training Courses so you too can learn how to do criminal activity online. Want to buy some malware? or how about an Infected computer to plant at a business? Yeah, they got all that too.
Watch your Online Banking!
According to a Dell Secure Works investigation, Online Bank Accounts with all credentials (including broken username and passwords) with verified balances between $70 and 150K can be purchased for just 6% of their value! So a $70K account could be had for as little as $4200. This is where the counterfeiting market and the Online Banking theft markets converge. Counterfeiters often sell their funny money at a an agreed upon rate; so many cents on the dollar.
New Identities
Remember in the old spy movies anytime the spy needed to sneak out of the country he had to go to some ramshackle joint where a forger lived and get his new “papers?” Well, times have changed, All you have to do now is go online to the right Ecosystem and you can purchase a new identity, no problem. You can buy a new Social Security Card, Drivers License, a new Name and even a working, verifiable address. For an extra fee you can even get a copy of a utility bill so you can and apply for Govt. Assistance Programs.
Safeguards for the CO To Use
- Firewalls around your network and Web applications
- Intrusion Prevention Systems or Intrusion Detection Systems (IPS/IDS). These inspect inbound and outbound traffic for cyber threats and detect and/or block those threats
- Host Intrusion Prevention Systems (IPS)
- Advanced Malware Protection Solutions for the Endpoint and Network
- Vulnerability scanning
- Security Intelligence around the latest threats (people working on the latest threats in real-time, human intelligence)
- Encrypted email (Hushmail, Proton-Mail)
- TOR Browser (Download HERE for Free)
- Continuing Education on Cyber-Security
Stay Alert, Stay Armed, Watch out for Drones and Stay Dangerous!
Reblogged this on Brittius.