New “Hacker Matching” Services Increase Vulnerability for Small Businesses, Municipalities and Others
With the media reporting on cybercrime syndicates in Russia and other foreign countries, it’s easy to envision hackers as faceless strangers sitting in some far-away cubicle. Nothing could be further from the truth, and this false assumption is putting all of us at greater risk.
Enterprising individuals have now created hacker-matching services where anyone can connect with a hacker that meets the target profile. Even the smallest “jobs” can be picked up by those with the skills, knowledge and/or access to complete the task.
This last criteria―access―is perhaps the most troubling of all. To qualify as a “hacker,” one doesn’t need special training. In many cases, these hacking jobs require nothing more than being able to access someone else’s digital assets.
From disgruntled ex-employees whose credentials haven’t been revoked to individuals surfing on a neighbor’s Wi-Fi connection, the number of people that have access to unauthorized information is staggering. In the past, finding someone willing to pay for this access wasn’t easy. Now, thanks to websites like “Hackers List,” it is.
On this site, individuals seeking information or assistance―from breaking into Facebook accounts to gathering corporate information―can post their jobs and pay rates and then wait for someone to bid. In the first few months of operation, hundreds of these postings appeared. For each job, both the requestor and the respondent remain anonymous, with Hacker’s List collecting a fee for making the match.
Sites such as these have disclaimers that state it is illegal and inappropriate to gather information or hack into a resource without permission from the owner. By keeping the process anonymous, the site’s owners contend, they stay at arm’s length from these transactions and therefore have no knowledge of any wrongdoing that might occur.
Whether or not these services are legal remains to be seen. Nevertheless, we anticipate there is enough demand for small hacking jobs that sites like these will keep popping up. At least one expert has postulated that inexperienced, non-professional “hackers” who extract and share information illegally may be able to argue successfully that they didn’t know they were committing a crime.
This new cottage industry is raising the stakes for everyone and reinforcing the need, not only to keep information secure but also to have stringently enforced policies regarding sharing of corporate data. After all, it’s not possible to “secure” the knowledge inside someone’s head, should he or she decide it is OK to sell it.
As part of our security services, we routinely help our customers assess and remediate vulnerabilities in all corners of their operations, from leaky networks to uninformed personnel. To learn more, please email us or give us a call at 770-643-4400 (toll-free: 877-841-8069).