In this guest post Douglas Nicol takes us on a journey through the surprisingly easy-to-find hacker black market.
Today I went live shopping for other people’s personal information. And it made me realise I really am in the wrong business; I should have been a hacker.
A young Brit called Adam Tyler, who looked like a homeless 16-year-old, gave an utterly compelling presentation at SXSW.
It’s his job to understand the threat of hackers and educate brands accordingly. Basically it was a workshop for upskilling us in the world of malware, DDoS and other nasty things. We went live shopping for personal data and it was so easy to pick up other peoples’ credit card data and whole world of other valuable data, too.
It was really more like going to buy a pair of sneakers on ASOS. It is disturbingly easy and very lucrative financially too.
However, I am less likely to go to jail in my current job. I hope.
There’s been a revolution in hacking over the past two years, it used to be there was a distinct hacker profile – typically male, significant coding skills and a criminal disposition. But now the elite few have been over run by new players who are ‘democratising’ crime, so a hacker can be unskilled, it could be be you, or me, or anyone.
Symantec counts some 1 million new malware threats released every day and rising fast. This is the new ‘democracy’ in action.
Without wanting to share every detail of my newly acquired skills, here’s some of what I learnt:
- It costs about US$1.49 to buy a single Uber login name and password, allowing you to travel for free on someone else’s credit card.
- US$400 will buy you an official diploma from the world’s leading hotels training school. This normally takes years to complete.
- US$10 will buy you 20,000 BA Frequent Flyer Points
To get this stuff you don’t have to go to some deep dark encrypted part of the internet, you just Google it (won’t say exactly what you Google for legal reasons) and go to the dozens of on line aggregators who have websites in the style of eBay, nice UX and design and seller reviews that rate how ‘reliable’ the hacker is.
They even have banner ads that say things like ‘ACME, your one stop shop. Reliable. No Bullshit’.
The latest wave of this evil can only be described as ‘CAS’: Crime As a Service.
For example, take ‘ransomware’– certain CAS websites will package up a Trojan (i.e. malicious software) that disables your victims’ computer until you pay a ransom. Ransom payments are made in Bitcoin. Going rate for this is around 2 Bit Coins (US$800). In the workshop It was all created in 5 minutes, ready to be distributed in your channel of choice, in this case spam email.
This is why in the past 12 months relatively unskilled teenagers have hacked into highly secure environments like the CIA and the National Crime Agency in the UK.
If you are marketer and your company stores customer data, you need to take time to properly understand what a threat this criminal activity is to your brand. Don’t pay lip service to it. You need to act now because its only going to get worse.
Douglas Nicol is creative partner at The Works