The Worst kind of hackers

The news articles call them hackers because there is no commonly accepted word that describes a thief with a computer. "Hacking" to steal money is not real hacking. There are a few ways that thieves do this:
1) Ransom ware - https://github.com/goliate/hidden-tear
2) Skimmers - https://securityaffairs.co/wordpress/33173/hacking/black-box-attack-raspberry.html
3) Database dumps as ransom, Give me money or I will make your data public - https://www.theverge.com/2015/10/2/9439077/patreon-hack-user-database-2-million-users

The list could go on...

While all of these illegal activities do create turmoil for the world, they create jobs for security analysts. They FORCE us to sharpen our swords in an attempt to combat the problems. This isn't particularly a new problem. When passwords were first created most people simply accepted the login process. One person fought back. Richard Stallman thinks that setting security features for digital access is a BAD thing, but has since agreed to personal privacy with regards to online banking & a few other tools. When an open & educational system was setup with an authentication process of Username & password, Richard found that he could set his username and password to blank values. He accessed the database of all accounts and told them that you COULD do this. About 20% of all users set their password to blank which opened access to thousands more as you now only had to guess a username which people were doing. The people who coded the authentication process had to sharpen their swords by setting a minimum limit to what a password had to be and what passwords could NOT be.

Most ransom ware softwares have already been decrypted and the keys are available online, FREE of charge. The problem with this attack is that when a ransomware encrypts a system & people pay to get the decryption, the attacker shows their full hand.

Skimmers are particularly bad because banking systems don't tend to keep up with technology. In order to access your money, banks must provide large scale systems that make it easy for people to purchase goods. A bank must set their entire services accessible to the least educated people. I can't say this enough, do NOT use hacking to steal money.

If you get a Database, why dump it for others to see. A true hacker would have worked really hard to access that database, run queries, & export that data. If other people WANT that information, they can get it the same way you did. If you dump that info for everyone, you are making a noob hacker even worse! Now that noob hacker won't struggle to get in. They will give up. If you want others to be as smart as you, they NEED to be placed in front of a challenge. Further more, why would you brag to the people who you just broke into their system asking for money! That is like throwing a rock through someone's windows and demanding that they pay you to fix their window. What a waste of time. Never demand payment for being a nuisance.

If you hack, do it for the right reasons. If you find an exploit, tell the owners. Challenge your ability to solve the most complicated puzzles. Decrypt, engage, get in. Raise the bar for how high the community must jump. I will never back down from a challenge. Challenge me with the most complicated, in-accessible, encrypted data. I will find a way. So should you.
Go get 'em hackers!

Comments

Popular Posts