We’ve known for some time that the long-haired, humble, pot-smoking, mayhem-reeking hacker sitting alone in his mom’s basement, hacking for fun and fame, no longer exists. He cut his hair short and has now graduated to a full-time professional criminal hacker, hacking government secrets and financial gains.
His contacts are global, many from Russia and Eastern Europe, and include bright teens, twenty-somethings, even clinical psychologists who are organized international cybercriminals.
We are in the middle of a cold war against cybercrime.
Their sole motivation is money and information and they find their way into networks through application glitches, or they psychologically work with their victims and trick them into entering usernames and passwords or clicking on links.
According to a new report from Verizon, a staggering 285 million records were compromised in 2008, more than the total losses for the 2004-2007 period combined. Up to 93% of breaches were targeted attacks that occurred at financial institutions.
Hackers made $10 million by hacking into RBS Worldpay’s system, then loaded dummy cards and blank gift cards and sent mules to use at ATMs. The entire plan took less than a day to carry out.
Many of these hacks occur due to design flaws in web applications. Criminals send out “sniffers,” who look for those flaws. Once they meet, the attack begins. Malware typically implants itself on the network to extract usernames and passwords. Once the criminals have full access, they use the breached system as their own, storing the stolen data and eventually turning it into cash.
Meanwhile, hackers have created approximately 1.6 million security threats, according to Symantec’s Internet Security Threat Report. 90% of these attacks were designed to steal personal information, including names, addresses, and credit card details. Almost every American has had their data compromised in some way.
Unsuspecting computer users who fail to update their PC’s basic security, including Windows updates, critical security patches, or antivirus definitions, often become infected as part of a botnet. Botnets are used to execute many of the attacks on unprotected networks.
The same study shows that computer users received 349 billion spam and phishing messages. Many were tricked into giving up personal information. It’s common sense not to enter data into an email that appears to be from your bank, asking to update your account. Attacks targeting mobile phones are also on the rise. “Phexting” is when a text message impersonates personal data. Just hit delete.
Much of the stolen data is out of your hands. Invest in identity theft protection and keep your McAfee Internet security software up to date.