In my security webinars, I spend time upfront emphasizing the vast underlying business behind hacking. The objective in stressing this to users is so they can realize they aren’t dealing with individuals looking out to attack and exploit “them”, but to comprehend that ransomware and other malware attacks are huge businesses built at scale.
It’s basically the difference between defending yourself from a single home break-in, or defending yourself from the entire might of a nation-state military with its thousands of men, planes, tanks, etc, and the full ecosystem (Manufacturing, research, supporting systems) behind their declared war.
I am not exaggerating – much.
This article over at Kreb’s Security quantifies just a small attack that yields a couple of hundred thousand dollars in just a few months, just from selling account credentials.
So far this year, customers of this service have purchased more than 35,000 credentials he’s sold to this service, earning him more than $288,000 in just a few months.
Curious to know more?
The prices for individual credentials are set by value.
For example, credentials for Uber are $30 for each account.
You have a military-only account with NavyFederal.com? Each account there is for sell for $60 each.
But it is not just account credentials. Entire identities can range up to $150 each, depending on the individuals FICO score (let that sink in a moment). Oh, you can also by their credit reports while you’re there.
Remember The Rockford Files? Starring James Garner, it was a bit like Bret Maverick as a modern-day out-of-luck private investigator that barely had enough money to repair his run-down mobile home.
Did you know that Tom Selleck was on two episodes as “Lance White”, a P.I. that was the opposite of Rockford, and after the cancellation of the show, the producers of The Rockford Files tapped Selleck for the starring role of Magnum, P.I.?
And that the Pontiac Firebird Espirit was really a Pontiac Formula, but was modified to look like the more modestly-priced Espirit?
Perhaps the most interesting part of the show was the opening scene. Each episode had a unique answering message left by all sorts of people that provided insight into Rockford the man, usually unrelated to the episode itself. That Eric Alper site has the recordings, and thesandbox.net has them transcribed (I know it is silly to have to go to two sites, but the sandbox site’s mp3 links are all broken).
This is Shirley from the bank. The answers are: no, no and yes. No, we won’t loan you money. No, we won’t accept any co-signers; and yes, your account’s overdrawn. I get off at 4:30. Play MP3
It’s Betty from up the street. I’m phoning all the neighbors because Spotty is loose. If you see him, call me. Oh, don’t wear musk cologne. Leopards have a thing about that. Play MP3
Remember the factors: darkness, a week-long stay, good clear weather, picking your location and planning your itinerary. With all these taken into account, hopefully you will look up and be dazzled by the beautiful dancing lights. And if they don’t show themselves, you will still have had a great adventure in Iceland!
Leaving Monday for Iceland and Oslo, Norway to see Aurora Borealis.
Auroras are produced when the magnetosphere is sufficiently disturbed by the solar wind that the trajectories of charged particles in both solar wind and magnetospheric plasma, mainly in the form of electrons and protons, precipitate them into the upper atmosphere (thermosphere/exosphere) due to Earth’s magnetic field, where their energy is lost.
The resulting ionization and excitation of atmospheric constituents emits light of varying color and complexity. The form of the aurora, occurring within bands around both polar regions, is also dependent on the amount of acceleration imparted to the precipitating particles. Precipitating protons generally produce optical emissions as incident hydrogen atoms after gaining electrons from the atmosphere. Proton auroras are usually observed at lower latitudes.
So, besides learning to spell Reyjavik, I’ve learned that there are two Auroras, the Aurora Borealis (Northern Lights) and Arora Australis (Southern Lights).
Auroras are created by atoms colliding and releasing photons as they interact with the magnetosphere surrounding the Earth. A wonderful blend of both astrophysics and elemental physics:
The northern lights are caused by collisions between fast-moving particles (electrons) from space and the oxygen and nitrogen gas in our atmosphere. These electrons originate in the magnetosphere, the region of space controlled by Earth’s magnetic field. As they rain into the atmosphere, the electrons impart energy to oxygen and nitrogen molecules, making them excited. When the molecules return to their normal state, they release photons, small bursts of energy in the form of light.
Some other facts in case you are appearing on Jeopardy!:
Seneca wrote about auroras in the first book of his Naturales Quaestiones,
Benjamin Franklin hypothesized the explanation for the phenomenon in his paper, Aurora Borealis, Suppositions and Conjectures towards forming an Hypothesis for its Explanation
During the Battle of Fredericksburg, an aurora was seen from the battlefield.
Mozilla has a new version of Firefox called Quantum, or version 57. It is a near-total rewrite. Firefox had fallen behind in speed over the years, but many, many people still had a fondness for the open-source browser, even though it’s speed was much, uchslower than Chrome and Safari.
I’ve been teting the new version on Apple and Windows products, and am changing my default browser for a few days to get a real-world feel for how it works. So far, so good.
The Linux Gamer has a quick rundown on the practical reasons why he is blown away, and it is not all about speed or battery life specs:
The NSA, presumably the most stalwart of the United States’ cybersecurity organizations, was infiltrated by a group know as the Shadow Brokers over a year ago. The group stole the NSA’s hacking tools, and provided them to everyone for money. State-sponsored hacking never had it so easy.
These hacking tools are causing miilions, if not billions, of dollars of harm all over the world, including small businesses and individuals. The recent cryptoware WannaCry was spread worldwide by use of the NSA’s lost tools:
Millions of people saw their computers shut down by ransomware, with demands for payments in digital currency to have their access restored. Tens of thousands of employees at Mondelez International, the maker of Oreo cookies, had their data completely wiped. FedEx reported that an attack on a European subsidiary had halted deliveries and cost $300 million. Hospitals in Pennsylvania, Britain and Indonesia had to turn away patients. The attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide.
…they have a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft’s Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.
Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both.
Imagine if Apple provides a “back-door” to law enforcement agencies in response to isolated incidents of terror. The NSA can’t even keep their tools safe. Do you think the FBI, New York State Police or Sherriff Andy Taylor would be able to keep these vulnerabilities out of everyone’s hands?
Vulnerabilities exist. They always have, and they likely always will. The way to privacy and security for all is to guard against any attempt to weaken security endeavors.
Apple’s business model does not include selling their customer’s personal information. Nor does most open-source software companies (like Firefox). Facebook, Google, and others harvesting data and building extensive dossiers on every single user of their services. The data is shared with their clients for highly targeted advertising and other uses. Think that data is safe? Think it already hasn’t been used against your best interests?