Archives For Hackers

hackerDo You Understand The Power Hacker’s Have?

And Most of Us Are Helping Them On a Daily Basis

This October I will be delivering a keynote at the Celaes conference, put on by Florida’s International Banker’s Association (FIBA). In this month’s FIBA newsletter you’ll find an article discussing The Hacker’s Most Powerful Tool – one you won’t detect with scans or traffic analysis…I’ve provided a link here for you’re convenience.$1 HC Book Ad

The big take away here is how all of us are involved in strengthening this attack tool – simply because we underestimate it. Read and discover one of the things your clients really do need to understand if they are going to regain control of their data.

© 2016, David Stelzl

Advertisements

Hackers for Hire!

February 3, 2010 — 1 Comment

SHARE – Here’s a simple way to gain access to other people’s computers.  More importantly, here is a simple way for people to gain access to your client’s data.  Note in this article that no one is hacking through firewalls and criminals are difficult to catch.  In fact, most people don’t know they are being hit and social engineering is used to cleverly gain access to the desired data.  Thanks to our friends at Presidio for passing this along!

Posted using ShareThis

Monster Hit

January 28, 2009 — Leave a comment

Targeted attacks are growing as companies build storehouses of data – something every company seems to be doing these days.  If you’re working with larger accounts, find the assets.  Where are these storehouses, what do they contain, and who controls access – can they detect and respond to a breach? 

Just another example in today’s USA Today – http://www.usatoday.com/tech/news/2009-01-27-monster-data-hackers_N.htm – with Monster’s job search site.  Britain alone reports 4.5 million British citizens exposed (no mention of other nations on this hit). This site, along with other resume posting sites contains all kinds of great information that can be used to compromise one’s identity.  Note, these sites also contain all of the data needed to understand a company’s computing environment, as well as providing contact information to an insider that isn’t necessarily loyal to the company; i.e. a potential partner in crime.

How can the data be used?  Well, the hacker now has access to information associated with both job seekers and potential employers.  As I’ve mentioned in previous posts, storehouse type data is being gobbled up all over the world by hackers who are exploring new ways to correlate data to be used in schemes yet to be devised.  This may include access to bank accounts, corporate accounts, and various forms of fraud and ID Theft.

What company can afford this type of press in a down economy?  Use these sound bites to grab the attention of asset owners.  Asset owners are liable, care about the company’s reputation, and either approve, or greatly influence company spending.

As you know, USA today is one of my favorite sources of news.  Check out today’s article on Cybercrime and how the focus of cyberthieves is changing:  http://www.usatoday.com/tech/news/surveillance/2008-11-11-thieves-cyber-corporate-data_N.htm?loc=interstitialskip – an excellent source of attention gripping sound bites for your prospects.

Three years ago we had the Iceman – the market leader in ID Theft with total world-wide revenues totaling $67.2 Billion.  This year earnings have topped One Trillion; right in line with predictions I cited three years ago.  Sound Bite:  ID Theft is commoditizing!  That doesn’t mean it’s going away – it’s become so easy that the serious criminals are turning to more profitable cybercrime activities, while amateurs continue the ID harvest.  Prices have come down from $100/ID number to somewhere in the $10 range.  Here are some important Sound bites:

  • 1. What is the new focus? Intellectual Capital; Data thieves are harvesting corporate data in anticipation of rising demand.
  • 2. Copycat ID thieves have saturated the market driving ID prices down – it’s so easy, almost anyone can do it.
  • 3. Primary targets are corporate users using free web tools such as instant messaging, web-based email, and social networking – Especially AOL, Yahoo, MSN, and social sites including MySpace and FaceBook.
  • 4. Most valued data includes; e-mail address books, instant-messaging buddy lists, PowerPoint slides, engineering drawings, partnership agreements, price lists, bid proposals, supply contracts, etc. Intellectual property!
  • 5. Who are the buyers? This always comes up as a question…in one case cited in the above linked article; a Chinese entrepreneur was able to take stolen information to build an entire business based on stolen intellectual capital. Duplicating a business that took over ten years to build and millions in R&D, he created a counterfeit business for a fraction of the price. Law enforcement was unsuccessful in stopping him.
  • 6. This is a nine month old trend; Take as much data as possible and then sort through it. Figure out what’s worth money, and then find a buyer.

The fact is most customized applications are built for functionality; they contain little to no security in their design.  This is a giant hole in the security of digital assets.