"Hacking" these days - purpose?

Laszlo Hanyecz laszlo at heliacal.net
Mon Dec 14 17:44:30 UTC 2020

On 2020-12-14 16:48, Mark Tinka wrote:
> On 12/14/20 18:38, David Bass wrote:
>> It becomes more clear when you think about the options out there, and 
>> get a little creative.  Now a days it’s definitely chess that’s being 
>> played.
> You're right, it really doesn't take much. Preying on humanity can 
> yield great results.
> One that has started springing up in my neck of the woods - to 
> simplify car-jacking) - is to obtain a list of customers that 
> subscribe to a vehicle tracking service. The thugs will then call a 
> customer, claiming their tracking device is faulty and needs to be 
> checked physically. The thugs will come to your home or office, tell 
> you that in order to finalize the fix, they need to test drive your 
> car. And boom, that's your car gone!
> The hacking, now, IMHO, is to obtain user information to profile who 
> is exploitable, and how. After that, low-tech rules.
> Mark.

This stuff is definitely the most visible type of scamming but this is 
not any different from swindling people at a flea market.  It isn't so 
much hacking as just using internet to communicate with people and then 
tricking them.  I think this is a different skill set than gaining 
access to personal data though.

Gaining access to someone else's computer's files has historically not 
been a big deal, so I'm guessing it didn't become a huge problem because 
there was little to gain from doing it.  It might be inconvenient for 
people, it might be used as part of a larger con against a victim, but 
it still requires a lot more steps to profit from it.  We all know that 
we can't stop that from happening, but even going back to the early 90s 
we've had malware protection vendors making money off this fear, and the 
problem has now reached a point where the placebo security won't cut it 
and we'll have to start figuring this problem out.

The impact of these kinds of breaches has always been minor, but in the 
past 10 years we've placed more and more things into primary storage on 
a computer, including cryptographic secrets which only function if 
they're kept secret.  Losing a wallet full of credit cards isn't as bad 
as losing a wallet full of cash.  There wasn't any way to put money into 
computer files before, but now there is. Even if only a few people carry 
money, if it's easy to steal millions of wallets and costs nothing, it's 
worth doing it for the hope of eventually hitting a money holder.


More information about the NANOG mailing list