Dan earned his CompTIA (CIOS) certification in 2010 and worked in the computer repair/networking industry for several years.
Data Thieves: How They Steal Your Data Using Public Information
Hackers are skilled manipulators who use computers to illegally access data. Their motives vary—obtaining political information about opponents, blackmail, protesting, vandalism, and monetary gain are a few.
We’re used to hearing terms like data breach, firewall, malware, browser exploit, and ransomware—all of which seem to suggest intricate knowledge of computers is required in order to commit a computer crime. While many hackers often look for ways to improve technical expertise, sometimes little technical knowledge is needed to succeed.
Initiating a Cybercrime
Perpetrators begin hacks with the collection of data—technical details about the system being hacked and potential methods for carrying out the attack. Cybersecurity analysts refer to the data and potential techniques used in computer crime as threat intelligence.
Any information that can be gathered about the target system will help an attacker before using a computer for technical aspects of the crime. Various public sources can be queried, and when the opportunity exists, private sources.
Obtaining merely an e-mail address and some personal-type information from a social media profile is all that’s needed. For example, a person discusses an unsatisfactory experience with a credit card company on their public social media profile. The person also has an e-mail address shown on their public profile.
Using the collected information, a phony e-mail can be sent representing the credit card company, offering some type of compensation for the unsatisfactory experience. The e-mail could include a malware-laden attachment with details on how to claim the compensation.
The chances are high that the e-mail recipient will open the attachment, releasing malicious software onto their device. The computer virus can open back-door access or deliver any other type of payload—the intended end goal of the perpetrator.
The twist here, however, is the malicious software or virus attached to the e-mail doesn’t have to be designed by the perpetrator using it. Malicious software can be obtained via underground venues where the buyer can even retain a degree of support from the designer.
All a perpetrator needs is some useful information about a target that can be gathered from the public domain. Hacking can be easy for criminals, which should bring pause for all of us—the implication is that average people have the potential to commit computer-based crimes.
Malware as a Service
As discussed previously, cybercriminals do not require intricate technical knowledge of the inner workings of computers. Only basic information potentially gleaned from the public domain is needed—and some manipulation skills.
If less-savvy hackers require malicious software to commit a crime, it can be obtained via underground markets as products or even subscription-based services. Just as software-as-a-service providers offer subscriptions via the internet, computer programmers can provide malware as a service.
On September 16, 2021, an Illinois man was convicted by a federal jury for running services that enabled DDoS or distributed denial of service attacks. Paying users could flood a targeted range of computers with requests sufficient to cause internet connectivity disruption—the purpose of using this type of attack varies.
Using Computers Wisely
Digital devices, including desktops, laptops, tablets, smartphones, and data stored within, are the targets of a wide range of tech-savvy criminals. In addition to becoming familiar with computer security fundamentals—accessible via books and online resources—taking care of what information faces the public should be taken into consideration.
Don’t display phone numbers or e-mail addresses if the purpose is generally unnecessary. Do not publically discuss plans on leaving home—if hackers could gain physical access to a computer, they would certainly do so. Lastly, avoid disclosing personal details where possible—criminals could use the information to imitate somebody you know.
Following or connecting with cybersecurity sites on social media can also help. They frequently post about trends in computer crime as well as computer crime incidents.
This content is accurate and true to the best of the author’s knowledge and is not meant to substitute for formal and individualized advice from a qualified professional.
© 2022 Dan Martino