Spam and Malware: Why Do They Exist?
Email spam, viruses, ransomware attacks, identity theft, phishing, malicious links and other cybercrimes have become commonplace. A medium meant for information sharing has become a minefield of privacy and security risks. Who does this stuff, and what the heck is wrong with them? Let's take a look at what motivates the miscreants who menace millions on the Internet…
Hackers, Spammers and Cybercriminals
A few days ago I got a letter in the mail advising me of a “data security incident” at a website where I made an online purchase. I was advised that the person(s) responsible for this data breach likely gained access to my name, address, phone number, email address, credit card number, CVV code, and expiration date. The company recommended that I “remain vigilant to protect against potential fraud” by carefully reviewing my account statements and credit reports.
I sighed and tossed the letter in the trash. I knew already that all of that information, along with my social security number, shoe size, and my dog’s name was for sale on the dark web. And yours is too.
Today, ArsTechnica published a list of the top ten hack and breaches of 2020. Among them are the Solarwinds hack, which exposed thousands of corporate and government networks. Also in the top ten was the Twitter hack (perpetrated by teenagers) which compromised accounts belonging to politicians and celebrities. (No, Bill Gates and Elon Musk, and Barack Obama are not giving away free bitcoins.)
Have you ever wondered why there's so much spam, so many computer viruses, rampant identity theft, and other perils of using the Internet? Perhaps it boils down to the ancient philosophical question, “Why is there evil in the world?”
Greed is the most common motivation for cybercrimes, as it is in the real world. There are big bucks to be made in malware that steals credit card, bank account, and identity details, corporate secrets, and other valuable data. The gullible will readily give money in exchange for counterfeit goods or just the false promise of goods. Some people will pay good money to damage the reputation of business competitors. Ransomware affects the entire spectrum of the online world, from large companies to home users. Most of the online damage is done for money.
Hatred is another ugly motivator. Often, it is disguised as heroism, a noble fight against a perceived evil enemy, which may be an individual, organization, corporation or government. But it’s hatred, none the less. Examples of this include those who spread disinformation or maliciously deface the websites of organizations with whom they disagree. Or it could be a "hacktivist" group that perpetrates denial of service attacks against their philosophical enemies.
Egotism is a third motivation. The desire to show the world how good your skills are, to do what others have failed to do, to make yourself look smart by making others look stupid, are all very satisfying to insecure egos. Some hacking groups have done this by breaking into websites, stealing embarrassing or confidential information, and publishing it online.
Grab That Cash With Both Hands and Make a Stash...
How do cybercrooks make money? The answer has changed over time. But mostly, it’s All About the Money. (Hat tips to Pink Floyd and Travis Tritt.)
Sanford Wallace was the original self-styled “Spam King.” In the 1990's, he had an ostensibly legitimate advertising business, sending out millions of unsolicited emails that advertise products or services for sale. He got paid a pittance for each email he sent, and a commission for each sale consummated in response to an email. According to “Spamford,” he made millions of dollars providing a perfectly legal service to merchants and consumers.
But eventually, spam stopped paying so well. Spam filters improved, and consumers became more wary of unsolicited offers. Spammers increasingly switched from selling things in annoying but legitimate ways to deliberately trying to defraud people. (More on the fate of Spamford below.)
That accounts for the rapid rise of ransomware and high-profile data breaches. By exploiting human error and security vulnerabilities, even low-skilled hackers can lock up the files of a single user or an entire company, and demand that a ransom be paid to restore access. Massive data breaches make the news regularly, compromising millions of usernames, passwords, credit cards, social security numbers, and other private information. These valuable troves of data are sold in the dark corners of the Internet, and the information is used to perpetrate fraud and identity theft.
Then there are the low-volume, high-value cybercrooks. They include so-called Nigerian "419 scammers" who find affluent and gullible victims to milk for thousands of dollars. I wrote about the 419 Scam back in 2006, and it's still going strong today. Similarly, so-called spear phishing attacks target wealthy or influential people via social engineering.
Cybercrime and (occasionally) Punishment
Relatively few online crooks are caught and punished. It’s very difficult to investigate and prove such crimes because the criminal activity is hard to trace and often spans international borders. The double-edged sword of encryption protects both the innocent and the guilty. The few successful prosecutions we read about tend to be very large cases that are worth the trouble and expense to prosecutors.
"Spamford" Wallace continued with a string of fraudulent enterprises for a dozen years, was eventually fined several hundred thousand dollars, and sentenced to 20 months in prison. He was released in May 2018. Oleg Nikolaenko was a Russian “spam king” in the who allegedly ran a botnet that churned out over 10 billion spam emails every day, an estimated one-third of all spam in the late 2000s. He served three years in prison on charges of violating the U.S. CAN-SPAM Act. The FBI is still busy putting online crooks in custody. See the FBI Cyber Crime news and press releases.
There is no end in sight to the war on cybercrime. It’s an arms race in which the players on both sides are necessarily becoming more and more sophisticated. The anonymous nature of digital currencies like Bitcoin makes it difficult to "follow the money". The best that YOU can do is try to avoid becoming a victim. Keep your malware and anti-spam defenses up. Be wary of email phishing attempts. And Monitor your credit reports and bank accounts for unauthorized transactions.
Your thoughts on this topic are welcome! Post your comment or question below...
This article was posted by Bob Rankin on 28 Dec 2020
|For Fun: Buy Bob a Snickers.|
Geekly Update - 17 December 2020
The Top Twenty
HOWTO: Searching the Deep Web and the Dark Web
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Spam and Malware: Why Do They Exist? (Posted: 28 Dec 2020)
Copyright © 2005 - Bob Rankin - All Rights Reserved