"Hacking" these days - purpose?
laszlo at heliacal.net
Mon Dec 14 17:44:30 UTC 2020
On 2020-12-14 16:48, Mark Tinka wrote:
> On 12/14/20 18:38, David Bass wrote:
>> It becomes more clear when you think about the options out there, and
>> get a little creative. Now a days it’s definitely chess that’s being
> You're right, it really doesn't take much. Preying on humanity can
> yield great results.
> One that has started springing up in my neck of the woods - to
> simplify car-jacking) - is to obtain a list of customers that
> subscribe to a vehicle tracking service. The thugs will then call a
> customer, claiming their tracking device is faulty and needs to be
> checked physically. The thugs will come to your home or office, tell
> you that in order to finalize the fix, they need to test drive your
> car. And boom, that's your car gone!
> The hacking, now, IMHO, is to obtain user information to profile who
> is exploitable, and how. After that, low-tech rules.
This stuff is definitely the most visible type of scamming but this is
not any different from swindling people at a flea market. It isn't so
much hacking as just using internet to communicate with people and then
tricking them. I think this is a different skill set than gaining
access to personal data though.
Gaining access to someone else's computer's files has historically not
been a big deal, so I'm guessing it didn't become a huge problem because
there was little to gain from doing it. It might be inconvenient for
people, it might be used as part of a larger con against a victim, but
it still requires a lot more steps to profit from it. We all know that
we can't stop that from happening, but even going back to the early 90s
we've had malware protection vendors making money off this fear, and the
problem has now reached a point where the placebo security won't cut it
and we'll have to start figuring this problem out.
The impact of these kinds of breaches has always been minor, but in the
past 10 years we've placed more and more things into primary storage on
a computer, including cryptographic secrets which only function if
they're kept secret. Losing a wallet full of credit cards isn't as bad
as losing a wallet full of cash. There wasn't any way to put money into
computer files before, but now there is. Even if only a few people carry
money, if it's easy to steal millions of wallets and costs nothing, it's
worth doing it for the hope of eventually hitting a money holder.
More information about the NANOG