Posts

Hackers for Hire both Good and Bad

Ever see those public bulletin boards with all the business cards on them? Don’t be surprised if you spot one that says “Hacker•for•Hire.” These are hackers who will, for a nice juicy fee, hack into your wife’s Facebook account to see if she’s cheating on you.

4DHowever, there’s at least one hackmaking site that matches hackers to clients who want to infiltrate a network for personal gain or even revenge. The site, Hacker’s List, is a good idea, certainly not the first of its kind; the site’s founders (who wish to remain anonymous) get a piece of the pie for each completed job. Kind of sounds like one of those freelance job sites where someone bids on a posted job. The client must put the payment in escrow prior to the job being carried out. This pretty much guarantees payment to the hacker.

The site began operation in November. Imagine the possibilities, like business people getting a complete list of their competitors’ clients, customers, prices and trade secrets. And yes, a college student could hire a hacker for changing a grade. Makes you kind of wish you were skilled at hacking; what a freaking easy way to make a lot of money.

Is a site like this legal? After all, cracking into someone’s personal or business account is illegal. The site has a lengthy terms of service that requires agreement from users, including agreeing not to use the service for illegal activity. The verdict isn’t out if Hacker’s List is an illegal enterprise, and further complicating this is that many of the job posters are probably outside the U.S.

Hacker’s List was carefully developed, and that includes the founders having sought legal counsel to make sure they don’t get in trouble.

Hiring hackers can easily occur beyond an organized website where jobs are posted and bid on. And there’s no sign of this industry slowing down. The line of demarcation between good hackers and bad is broad and blurry, beginning with legitimate businesses hiring hackers to analyze the companies’ networks for any vulnerabilities.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

Hacking 2015 and Beyond

2015 brings us no closer to putting the lid on hackers as any other year has. The crime of Criminal hacking will prove to be as big as ever in the new year. Here’s what we have to look forward too:

4DBank Card Breaches

There will always be the bank card thieves, being that stealing data from magnetic stripe cards is relatively easy to pull off and there are different ways to do so. This includes tampering with card swiping devices, then retrieving the stolen data later on when nobody’s around.

The U.S. is moving towards replacing the magnetic stripe with chip ‘n PIN technology, but this will take time and money. Another issue is poor implementation of this technology, which makes a hacker’s job easier. It will be a while before efficiently implemented Chip and PIN technology rules the U.S.; expect lots of more bank card breaches.

Nation-State Attacks

Governments hacking governments was big in 2014 and it’s expected to continue rising. Criminals engaging in this type of threat involve interference with encryption and gaining entry to systems via “back doors,” kind of like how a robber gets into one’s home by removing a screen in the back of the house. One of the tools to accomplish this cyber assault is called a RAT which is a form of malware, and it’s predicted that this tool will be used even more (among others) to invade government and private company networks.

Data Destruction

It’s incomprehensible to the average Joe or Jane how someone (usually a team, actually) could wipe out data on the other side of the world, but it’s happened, such as with computers in South Korea, Iran and Saudi Arabia.

And this was on a large scale: banks, media companies and oil companies. Even if all the data is backed up, there’s still the monumental issue of rebuilding systems. And it’s no picnic trying to make sure that the saved data doesn’t carry malware residue that can reinfect a rebuilt system.

Extortion

Special malware (ransomware) can block a user from accessing data or a corporation from accessing its system, until money is paid to the hacker. This happened to the Sony company (data was stolen but also deleted), but the motives aren’t crystal clear. A cyber extortion requires a skilled attack, and don’t be surprised if this happens to more big companies.

Critical Infrastructure

This type of hack hasn’t really occurred big-scale in the U.S. yet, but experts believe it’s only a matter of time before it does. Cyber criminals will carry out a critical infrastructure attack, infecting networks and gaining control of them, all designed to shut down electricity, disrupt communications and poison water among other disrupting activities.

Third-Party Breaches

A third-party breach means hacking into entity “A” to get to “B.” An example is Target: Hackers got into the HVAC company that Target was contracted with to access Target’s network. Bigger third-party breaches have occurred, and experts have no reason to believe they’ve stopped, even though tighter security has been implemented (and busted through by hackers, not surprisingly).

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

The Credit Card Fraud Mob Boss

There once was a guy named Albert Gonzalez who dressed like a woman—but not because he got off on this, but because he wanted to conceal his actual appearance while he used a ream of phony cards to steal money from an ATM in 2003. A cop noticed the activity and didn’t quite buy the disguise.

2CThe police officer nabbed the thin, disheveled Gonzalez, and it turned out he possessed a computer at his New Jersey home loaded with stolen card data. He was also a moderator for Shadowcrew.com, a site for cybercriminals on how to hone their skills.

Gonzalez wasn’t arrested, but instead, the 22-year-old, who was unfortunately a drug addict at the time, was so smart at his craft that he was hired by the Secret Service. They even paid his living expenses. Over time he got off drugs and looked healthier and became clean shaven.

With his help, the Secret Service caught over a dozen Shadowcrew members. Gonzalez then moved to his hometown of Miami, at the urging of his superiors, in the name of evading revengeful Shadowcrew members who might suspect him of being the leak to the government.

Gonzalez became a paid informant for the Secret Service in 2006. He spoke at conferences and seminars and was seemingly living the life.

But while he aided the Secret Service, he led a criminal team that cracked into 180 million payment-card accounts of major corporate databases, among them being Target, JCPenney, OfficeMax and TJ Maxx.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” his chief prosecutor said. What a shame: A genius who used his talents to live a life of crime.

Gonzalez was sentenced to two consecutive 20-year terms, the longest for any U.S. cybercriminal.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 Ways you may get Hacked this Summer

Can you name 10 ways you can get hacked this summer? I can.

Hotel Hacking

4DThose hotel electronic card locks for doors aren’t as secure as you think. A criminal attaches a little electronic gizmo beneath the lock, and presto, he’s in your room. You can’t stop this, but you can make the burglary worthless by not leaving valuables in your room. Always have your door locked overnight.

Car Hacking

Forget the bent coat hanger trick — that’s for rookies. But even a dimwitted thief could hack into your car this summer. For only $5, the thief buys a “black box,” a key fob spoofer, that electronically forces car doors open. Short of disabling your keyless entry, what you can do is park your car in lighted areas and keep valuable out of it. Or have your mechanic install a kill switch.

Credit Card Skimming

Criminals set up those card readers at stores with devices that will steal your card information. If you can’t pay with cash, use a credit card since there’s a delay in payment, whereas a debit card takes money from your account at the point of purchase. Keep a close eye on your credit card statements and bank account.

Hacking a Charging Phone

Avoid charging up your phone at a public kiosk. It doesn’t take a mental giant to install malware into these kiosk plugs. Once your phone gets plugged in, it’ll get infected. Use only your plug or wall outlets.

Finders Keepers Finders Weepers

If you happen to find a CD-ROM or thumb drive lying around in public, leave it be, even if it’s labeled “Hot Summer Babes at the Seashore.” You can bet that a crook left it there on purpose and wants you to plug it into your computer. You’ll end up installing malware that will allow the thief to remotely control your computer.

Phishing for Victims

You get an e-mail with a striking message in the subject line such as “Pics of you drunk at my party!” A percentage of people for whom these messages apply to will open the e-mail and take the bait: a link to click to see the photos. The link is malware and will infect your computer.

Wi-Fi Sharing

Using a public computer is always risky, as anyone can monitor your online actions. Hackers can even “make” your device go to malicious websites that will infect your device. Stay away from public Wi-Fi or use a VPN (virtual private network) like Hotspot Shield. A VPN will protect you summertime and all time at public WiFis.

Photo Geotagging

Every time you take a picture and post online, your location will be up for grabs in cyberspace, unless you’ve disabled your device’s geotagging.

Social Media

Beware of clickjacking and XSS. Clickjackers place a phony screen over an obscured malicious link, luring you to click. The hidden link then is triggered and gives the hacker your contacts, taking you to a malicious site. XSS puts a malicious script right in your browser that will install malware. So be judicious about clicking on popular videos and whatnot.

Airplane WiFi Hacking

Connect while 35,000 feet high and you can be revealing all sorts of private goodies. Airplanes lack online security. The aforementioned VPN is your best bet when connecting to airplane WiFi

Start your summer off securely by avoiding becoming a victim of hackers.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.