Hackers for hire: The business of hacking
Cyber-crime is now more prominent than ever before, but is your business at risk, or could you use hacking to your advantage?Peter Iantorno February 4, 2015
In the early days of computing, a hacker tended to be some spotty teenager holed-up in his bedroom with way too much time on his hands.
However, nowadays that teenager has graduated into an expert hacker for hire, and more and more individuals and even companies are turning to them to do their dirty work online. It's illegal, it's cheap and it's a growing problem. According to estimates from the Center for Strategic and International Studies in the US, as many as 30,000 websites are hacked every day, costing the global economy around $300 billion annually.
2014 saw security breaches at Sony, resulting in sensitive emails being leaked, the Home Depot hack, which put as many as 56 million of the American retailer's customer's credit card details at risk and, of course, the infamous celebrity naked photos scandal, which saw saucy pictures and videos of Jennifer Lawrence and dozens of other celebrities leaked on to the web for the whole world to see.
With frightening statistics and high-profile incidents like that, it's no surprise that hacking is an extremely hot topic at the moment. And it doesn't look like it's going to slip from the public consciousness any time soon. Just last month Blackhat (trailer below) was released. The film tells the fictional yet almost believable story (apart from the fact that Chris Hemsworth, who previously played superhero Thor, plays a computer genius...) of a convicted hacker being brought in to help catch a high-level cyber crime network. While the image of Thor having a gun battle with a group of evil computer hackers is all pretty pie in the sky stuff, the message behind the film - that cyber crime can have a massive effect on business and the world's economy as a whole - is certainly one that is valid.
But away from headline-grabbing, super-sophisticated, government-sponsored attacks and huge corporations coming under threat, on a much smaller scale, how can hacking affect our day-to-day lives? Well, the relatively recent rise in the number of people with advanced computer skills has also seen an increase in these skills being marketed as a way to help normal people solve their problems.
For example, various websites (for obvious reasons, we're not going to name any names - just Google it!) are now offering their hacking services to help with all manner of issues. Some of these are definitely positive - finding missing people, stopping cyber bullying, locating online scammers and tracking stolen computers - however, some services, such as checking up on partners, cracking email passwords and even removing mugshots or links to criminal records from Google, are rather less innocent.
And it turns out that it really doesn't cost very much at all to get a hacking company to do your online bidding. One company offers Distributed Denial of Service (DDoS) attacks, which can be used to completely block a website, for as little as $60 to $90 per day, and for between $100 to $200, they'll hack into the site and harvest any information stored in there. How do you fight it?
Guarding against hacking was even brought up at President Obama's State of the Union address at the start of 2015. He proposed an initiative that would compel any business that has been hacked to share the details of the hack within 30 days, so other companies can upgrade their security against that kind of breach - almost like changing the locks when you know a criminal may have your keys.
There's also been a rise in cybersecurity insurance, where the various insurers will offer cyber-liability insurance, which varies in cost according to the risk and potential losses from any cyber attack. For example, online retail and finance companies have got an awful lot to lose from a security breach, so their premiums would be high, whereas a company that uses its site merely as a source of information should expect low premiums.
Such is the concern for businesses about potential losses as a result of hacking, some are even considering the possibility of going on the offensive. While previously all a company could do in the event of an attack was try to patch up the holes in the security and hope the hackers moved on, now the option to 'hack back' is very much on the table. One way of doing this is by using something called a 'beacon', which attaches itself to any sensitive data and can be easily tracked, meaning anybody who steals the information would be putting themselves at risk of exposure. Another is to trick hackers into stealing an entirely fake batch of data. Just imagine if every online retailer kept 1,000 sets of fake credit card details - it'd be impossible to know which ones are genuine. Although fighting back offers businesses the satisfaction of at least being able to do something about being attacked, the official line from both the UK and the US government is that it's not a wise thing to do, as it could easily escalate into a full-blown cyber war, which would end up affecting a far larger number of people than a single attack.
Of course in the murky world of hacking, everyone is fair game, and this was put into the spotlight just last week, when prominent hacking group Lizard Squad, who had just started accepting payments for their services, had their Twitter hacked and website blocked by another group called Anonymous. And that's the really big problem with hacking as a business. Putting aside the ethics and effect on innocent people, the biggest issue is that there are no rules, no holds barred and absolutely anyone can become a victim.
Do you think 'hacking back' is a good idea? Let us know in the comments below.