The Miscreants Who Menace Millions
Philosophers have pondered the nature of evil for centuries. Perhaps you also have wondered how a medium meant for information sharing has become a minefield of privacy and security risks. Spam, viruses, ransomware, identity theft, data breaches, phishing, malicious links and other cybercrimes have become commonplace. Who does this stuff, and what the heck is wrong with them? Let's take a look at what motivates the bad guys who lurk in the dark corners of the Internet... |
Hackers, Spammers and Cybercriminals - What Motivates Them?
Not long ago, I got a letter in the mail advising me of a “data security incident” at a website where I made an online purchase. I was advised that the person(s) responsible for this data breach likely gained access to my name, address, phone number, email address, credit card number, CVV code, and expiration date. The company recommended that I “remain vigilant to protect against potential fraud” by carefully reviewing my account statements and credit reports.
I sighed and tossed the letter in the trash. I knew already that all of that information, along with my social security number, shoe size, and my dog’s name was for sale on the dark web. And yours is too.
In February of this year, the Harvard Business Review published an article titled Why Data Breaches Spiked in 2023. That piece claimed a 20% rise in data breaches from the previous year, and blamed it mostly on companies that stored data in the cloud without proper security (and sometimes with no protection at all). Other cited factors resulting in high-profile breaches that compromised millions of consumer records were ransomware and the oursourcing of cybersecurity to incompetent vendors.
These are not "Mom and Pop" businesses lacking the time and resources to lock down the data they collect from you. They are banks, hotels, health insurance companies, government agencies, and phone companies that have carelessly exposed the personal information of millions of customers, and resulting in losses totaling hundreds of millions of dollars.
And sadly, the drumbeat of data breach reports continues well into 2024. An AT&T breach affected 73 million customers; 49 million at Dell; 560 million at Ticketmaster, just to name a few.
Have you ever wondered why there's so much spam, so many computer viruses, rampant identity theft, and other perils of using the Internet? Perhaps it boils down to the ancient philosophical question, “Why is there evil in the world?”
Greed is the most common motivation for cybercrimes, as it is in the real world. There are big bucks to be made in malware that steals credit card, bank account, and identity details, corporate secrets, and other valuable data. The gullible will readily give money in exchange for counterfeit goods or just the false promise of goods. Some people will pay good money to damage the reputation of business competitors. Ransomware affects the entire spectrum of the online world, from large companies to home users. Most of the online damage is done for money.
Hatred is another ugly motivator. Often, it is disguised as heroism, a noble fight against a perceived evil enemy, which may be an individual, organization, corporation or government. But it’s hatred, none the less. Examples of this include those who spread disinformation or maliciously deface the websites of organizations with whom they disagree. Or it could be a "hacktivist" group that perpetrates denial of service attacks against their philosophical enemies.
Egotism is a third motivation. The desire to show the world how good your skills are, to do what others have failed to do, to make yourself look smart by making others look stupid, are all very satisfying to insecure egos. Some hacking groups have done this by breaking into websites, stealing embarrassing or confidential information, and publishing it online.
Grab That Cash With Both Hands and Make a Stash...
How do cybercrooks make money? The answer has changed over time. But mostly, it’s All About the Money. (Hat tips to Pink Floyd and Travis Tritt.)
Sanford Wallace was the original self-styled “Spam King.” In the 1990's, he had an ostensibly legitimate advertising business, sending out millions of unsolicited emails that advertise products or services for sale. He got paid a pittance for each email he sent, and a commission for each sale consummated in response to an email. According to “Spamford,” he made millions of dollars providing a perfectly legal service to merchants and consumers.
But eventually, spam stopped paying so well. Spam filters improved, and consumers became more wary of unsolicited offers. Spammers increasingly switched from selling things in annoying but legitimate ways to deliberately trying to defraud people. (More on the fate of Spamford below.)
That accounts for the rapid rise of ransomware and high-profile data breaches. By exploiting human error and security vulnerabilities, even low-skilled hackers using inexpensive "exploit kits"can lock up the files of a single user or an entire company, and demand that a ransom be paid to restore access. Massive data breaches make the news regularly, compromising millions of usernames, passwords, credit cards, social security numbers, and other private information. These valuable troves of data are sold in the dark corners of the Internet, and the information is used to perpetrate fraud and identity theft.
Then there are the low-volume, high-value cybercrooks. They include so-called Nigerian "419 scammers" who find affluent and gullible victims to milk for thousands of dollars. I wrote about the 419 Scam back in 2006, and it's still going strong today. Similarly, so-called spear phishing attacks target wealthy or influential people via social engineering.
Cybercrime and (occasionally) Punishment
Relatively few online crooks are caught and punished. It’s very difficult to investigate and prove such crimes because the criminal activity is hard to trace and often spans international borders. The double-edged sword of encryption protects both the innocent and the guilty. The few successful prosecutions we read about tend to be very large cases that are worth the trouble and expense to prosecutors.
"Spamford" Wallace continued with a string of fraudulent enterprises for a dozen years, was eventually fined several hundred thousand dollars, and sentenced to 20 months in prison. He was released in May 2018. Oleg Nikolaenko was a Russian “spam king” in the who allegedly ran a botnet that churned out over 10 billion spam emails every day, an estimated one-third of all spam in the late 2000s. He served three years in prison on charges of violating the U.S. CAN-SPAM Act. The FBI is still busy putting online crooks in custody. See the FBI Cyber Crime news and press releases.
There is no end in sight to the war on cybercrime. It’s an arms race in which the players on both sides are necessarily becoming more and more sophisticated. The anonymous nature of digital currencies like Bitcoin makes it difficult to "follow the money". The best that YOU can do is try to avoid becoming a victim. Keep your malware and anti-spam defenses up. Be wary of email phishing attempts. And Monitor your credit reports and bank accounts for unauthorized transactions.
Your thoughts on this topic are welcome! Post your comment or question below...https://www.csoonline.com/article/566789/what-is-spear-phishing-examples-tactics-and-techniques.html
This article was posted by Bob Rankin on 12 Jul 2024
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Was Your Password Just Revealed in a Massive Data Breach? |
The Top Twenty |
Next Article: Here's How to Take Better Smartphone Photos |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- The Miscreants Who Menace Millions (Posted: 12 Jul 2024)
Source: https://askbobrankin.com/the_miscreants_who_menace_millions.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "The Miscreants Who Menace Millions"
Posted by:
PL
12 Jul 2024
All true, but you forgot one thing: outsourcing. The more of our data is processed overseas, the more vulnerable it is to hackers. The more that companies rely on overseas workers, the worse it's going to get.
Posted by:
James
12 Jul 2024
My mother-in-law has been involved in a romance scam that has netted the criminal about $35,000. We have filed complaints about the scammer to Facebook who ignored us. We filed a complaint to the sheriff's office. The bank knows that this is happening but they deny any culpability. If my mother-in-law suffered from dementia we would have legal recourse. We know where the money is going but we cannot confirm the identity of the offender. Frustrating.
Posted by:
Paul S
12 Jul 2024
Skepticism, critical thinking and independent verification are "skills" sorely lacking or under/not utilized by too many folks using the internet for "information". The mantra seems to be keep repeating lies endlessly without making any effort to substantiate claims with reliable sources. Chaos is very possibly on the horizon!
Posted by:
Ernest N. Wilcox Jr. (Oldster)
12 Jul 2024
I've always known that the reasons cybercriminals do the dastardly deeds they do are the same as for any crime - greed, laziness, ego, hatred, etc. Because these miscreants are essentially without ethics or morality, they do what they do to get whatever they decide they want. The only thing I can do to protect myself is to make me a more difficult target than most others, and protect what I have as carefully as I can.
1. I freeze six credit bureau accounts (I have no interest in getting a loan or a new credit card any time soon) so when my info gets hacked, I have some protection from theft.
2. I keep my computer as updated with security patches as I can. I update Windows monthly on patch Tuesday, I check updates for on all my installed apps weekly, and I check for updates on my installed GNU/Linux distributions any time the updater informs me updates are available (often more frequently than once a week).
3. I enable 2FA on all my Internet accounts, and I use Windows Hello to log into my Windows computers.
4. I employ Cognitive Security on the Internet (I never click any hyperlinks - I navigate to the purported destination using Internet searches, I never post specific information about me, my family, or my friends - I use generic terms like "my Son", "my wife", etc., I never post anything to indicate when/if I'll be away from home.).
I perform system maintenance routines that encompass what I've listed above on a weekly, monthly, semiannual, and annual schedule to ensure that I keep my computers as secure, efficient, and up-to-date as possible.
It's my hope this helps others,
Ernie (Oldster)
Posted by:
Linds
12 Jul 2024
Yesterday I got a (419) spam from Mr. Otumbo of the Central Bank of Nigeria. He wrote to let me know that I have $20 million USD waiting for me.
All I have to do to claim the money is send him my personal information, which he would already know if his offer was legit.
He didn't even put my name anywhere in the spam, and his reply address is a Gmail account. It's incredible that people are still falling for this decades-old con.
The public schools teach students how to use computers, they should teach them how to spot scams like this.
Posted by:
Ian
13 Jul 2024
I got a call a few years ago saying there was a problem with my internet and I was to download software so that he could check my IP addresss - obviously to get me to download software to lock the hard disk. I said I had downloaded it (I hadn't) and told him my IP address was 17.160.257.18. This had the desired effect and shouting, he demanded I checked it again as it was wrong. I said I was sorry, it was wrong, it should have been 17.160.258.18. After he spent some time insulting me he ended the call.
Posted by:
Will
13 Jul 2024
For many months I have received texts with USPS images and the declaration that my address is incomplete for a parcel and that I should respond with correction or I will not receive it. It looks official but it is not.
Of course I didn't reply. It is a scam. Beware.
Posted by:
Emily Booth
16 Jul 2024
If you can commit fraud and theft electronically, you should be able to prevent it electronically. Right now, there are anti-spammers on You Tube who are exposing these thieves. One YouTube channel is Spammer Payback. He's been doing this for 4 years.