Example https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack
Maybe I misunderstood what a hacker can do, but why not rob someone’s credit card or bank account if they can do it to Sony?
That does happen, but mainly through automated mass means like phishing and ransomware. Individuals also get targeted by tactics like romance or finance scams. I think you could probably see how a large corporation would be a more lucrative hacking target worth a lot of dedicated time vs. one individual.
Also, one can lead to the other. If you catch the right fish with a scam, they may just unwittingly give you a way in to an institution. Only the latter would make the news, though.
Yeah, there is a whole playbook for it called pig butchering
Sometimes the victims even pay the attackers money upfront and install the wiretap themselves. looking at my IPTV box suspiciously, while the robotic vacuum hums in the background
As everyone knows, hackers must wear a ski mask while hacking
It prevents that the bugs flying in their faces. It’s an OSHA requirement.
If I went to all the trouble of hacking you and I emptied your bank account and savings, I’d get $12.
If I emptied Sony’s accounts, not only would I have potentially millions or more, but I could also get industrial secrets that could be worth even more, or possibly could be used to further my own electronics industry.
One of these isn’t worth the effort.
Most people have little for hackers to gain / exploit by hacking them.
Why would anyone hack me? I’m poor, I’m boring, I have basically nothing to offer
The best thieves steal from the poor.
And they’re usually elected so it’s perfectly legal.
The amount of effort necessary doesn’t make it worth it usually
Yeah this is like asking “Why rob a bank when you could just rob a random person on the street”
Sure you can do that, but the comparably tiny amount of money you get is not really worth the effort and risk.
Effort vs Reward vs Ability vs Inital investment
In most cases, think of this kind of thing like a legitimate business. Same concepts. I’ll grade a few scenarios based on what I have seen over the last 20 or so years. (The ratings are arbitrary and just trying to explain my point.)
Do you have the means to rent a botnet and phish a few million people for lots of credit card numbers? Can you manage that kind of data, test all those numbers and maybe end up just selling that data? Low Risk/Moderate Reward (“Selling shovels” analogy is probably a better scheme than actually renting the botnet, IMHO)
Could you setup a “call center” in India and run a scam ring like an 8-5 business? Are there enough people you can hire to do this work? That requires training, infrastructure and time. You also may need to “work with” law enforcement to ensure your scam isn’t busted by legitimate cops. Moderate Risk/Moderate Reward.
Are you part of a small group with an insane amount of skill that has the time to pull off an extortion scheme against a Fortune 500 company for a few million bucks? High risk/High reward
Those are all normal scenarios above and it’s based on profitability and initial investment. Risk/Reward is always a balance.
(Sorry. I pulled a “wHellll aKshUallY” when you said it’s not worth the time for the small targets.)
You have to pay a highly educated individual to spend hours finding any weakness to hack anything.
If you hack a big organization you’ll get more then a few dollars from a bank account. They also have a lot more things that could be vulnerable to hacking.
Not everyone has access to a Gibson.
Sounds like someone hasn’t been a target of fraud or a scam.
I’m Canadian, and when my phone rings with a unfamiliar number, I assume it’s someone trying to trick me to get my money, usually by pretending to be Chinese and having a package for me.
