Here’s a late night infomercial for you: How’s that burger flipping going? That cubicle working out? Anyway, I’m sure your boss is such a nice guy. Guess what! If you’re interested in a career in criminal hacking, you don’t even need a computer! This (scary) special, one-time offer comes to you right now from the Internet! Get your credit card ready!
Yes people, this is no joke. Everything you, ‘the average person,’ need to conduct cybercrime can now be purchased online—for example, you can get access to your spouse, neighbors or bosses emails, conduct research, create malware, execute an attack—all of it! Today’s cybercriminals don’t need great technical expertise, or even need to own a computer. Everything can be available for a price.
I often hear people say, “If criminals just used their skills for good, think of how much money they could make and how much better the world would be.” The sad fact is that the bad guys can make in one day what the good guys make in a year.
In a new report called “Cybercrime Exposed,” Raj Samani, vice president and CTO of McAfee, exposes the shift that has taken place with cybercrime easily getting in the hands of everyday people. Here’s a quick snapshot of the report:
The growth of the cybercrime “as-a-service” business model allows cybercriminals to execute attacks at considerably less expense and easily assessible tools now more than ever before.
From renting services to buying email lists for a small sum, the types of exploits that are now available with a click of the button are shocking.
The four categories of cybercrime as a service are:
Research-as-a-Service—One of the primary items research is used for is discovering and identifying vulnerabilities in software or operating systems. The sale of this information can be used for bad or good, so this is why this is considered a gray market. It becomes a cybercrime when these vulnerabilities are sold on the black market so cybercriminals can use the “holes” to exploit users.
Crimeware-as-a-Service—This is what you’d expect to find for sale in the black market. It involves the sale of online tools, or development of tools that can be used by the bad guys to carry out a cybercrime attack.
Also it includes the sale of hardware that may be used for financial fraud (for example, credit card skimming) or equipment used to hack into systems.
Cybercrime Infrastructure-as-a-Service—Once the toolset has been developed, cybercriminals are faced with the challenge of delivering their exploits to their intended victims. An example of this service is the rental of a network of computers controlled by a hacker (known as a botnet) to carry out a denial-of-service (DoS) attack. What is DoS? That’s where the criminal floods a target website with large amounts of traffic so users can’t access the site).
Hacking-as-a-Service—Getting a hold of the individual components* of an attack remains one option; but there are services that allow a criminal to outsource everything about the attack.
This path requires minimal technical expertise, although it is likely to cost more than acquiring individual components and is often used by criminals wanting to obtain information such as bank credentials, credit card data, and login details to particular websites.
While the news is grim, the solutions are not. Here’s what you can do to protect yourself from the bad guys (or your neighbor):
- For starters, use comprehensive security on all your Internet connected devices, like McAfee® LiveSafe™, that includes antivirus, anti-phishing, anti-spyware and anti-spam, and a firewall
- Keep your browser and your devices’ operating systems updated to make sure you receive critical security patches
- Beware of any emails that might contain infected links
- Secure your wireless connection by using encryption
And if you do decide to go into the business of being a criminal, make sure you have money in reserves for a lawyer because law enforcement and companies like McAfee are relentless in the pursuit of criminal groups or networks who steal your money, your information, or your identity and of those who engage in online abuse of children.
*Each cybercrime attack consists of a variety of components, such as getting a hold of usernames, email addresses, passwords, sending a phishing email, finding the mobile number, determining someone’s Operating System identification, etc.
Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- New Mobile Security App for Android Smartphones
Consumers with smartphones understand they are carrying around the functions of a computer, but most users are unaware that smartphones are susceptible to the same security threats that plague laptops and desktops. As more online retailers introduce mobile e-commerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC
- What Should I Know about Mobile Cybercrime?
The Internet has dissolved the geographical boundaries and technological limitations that have constrained organized cybercrime in the past. We now live with cybercrime syndicates based in the US, Russia, Asia and all over the globe. When hackers in the US are sleeping, the ones in China are flexing their fingers on their keyboards, and the
- Internet Security Isn’t Getting Any Prettier
Malicious software (malware) is, in many ways, very well understood. Security experts know how it works and why. Cybercriminals’ motivations are pretty straightforward—making money from malware and related attacks. In the latest McAfee Threats Report: Q3 2012 , malware is still growing and while it’s not growing quite as fast as it was in previous quarters, the amount
- Can Hackers Use FraudFox VM to Defeat Your Fraud Prevention?
In the last few days, a number of tech magazines like Computerworld and PC Advisor have reported that FraudFox VM poses a threat to the security of online businesses—especially banks and payment services. FraudFox VM is a special version of Windows with a heavily modified version of the Firefox browser that runs on VMware’s Workstation for
- Criminals Prefer Pheasting on Phish Over Spam
Most of us are aware of spam, and while we may think it’s just an annoyance, what’s really dangerous about it is the fact that most spam are phishing attempts. Phishing is when cybercriminals attempt to fraudulently acquire your personal information, such as passwords and credit card details, by masquerading as a trustworthy person or