Obtain information to use in plotting terrorist attacks (for example, hacking to find out when weapons are being transported between facilities and can be stolen)
Finance terrorist operations (see the earlier section on criminals)
Build credibility and invigorate supporters by demonstrating cyberattack prowess.
Rogue insiders
Disgruntled employees, rogue contractors, and employees who have been financially incentivized by an unscrupulous party pose serious threats to businesses and their employees alike.
Insiders intent on stealing data or inflicting harm are normally considered to be the most dangerous group of cyberattackers. They typically know far more than do any outsiders about what data and computer systems a company possesses, where those systems are located, how they are protected, and other information pertinent to the target systems and their potential vulnerabilities. Rogue insiders may target a businesses for one or more reasons:
They may seek to disrupt operations in order to lighten their own personal workloads or to help a competitor.
They may seek revenge for not receiving a promotion or bonus.
They may want to make another employee, or team of employees, look bad.
They may want to cause their employer financial harm.
They may plan on leaving and want to steal data that will be valuable in their next job or in their future endeavors.
Cyberattackers and Their Colored Hats
Cyberattackers are typically grouped based on their goals:
Black hat hackers have evil intent and hack in order to steal, manipulate, and/or destroy. When typical people think of a hacker, they are thinking of a black hat hacker.
White hat hackers are ethical hackers who hack in order to test, repair, and enhance the security of systems and networks. These folks are typically computer security experts who specialize in penetration testing, and who are hired by businesses and governments to find vulnerabilities in their IT systems. Hackers are considered to be white hat hackers only if they have explicit permission to hack from the owner of the systems that they are hacking.
Grey hat hackers are hackers who do not have the malicious intent of black hat hackers, but who, at least at times, act unethically or otherwise violate anti-hacking laws. Hackers who attempt to find vulnerabilities in a system without the permission of the system’s owner and who report their findings to the owner without inflicting any damage to any systems that they scan are acting as grey hat hackers. Grey hat hackers sometimes act as such to make money. For example, when they report vulnerabilities to system owners, they may offer to fix the problems if the owner pays them some consulting fees. Some of the hackers who many people consider to be black hat hackers are actually grey hats.
Green hat hackers are novices who seek to become experts. Where green hats fall within the white-grey-black spectrum may evolve over time, as does their level of experience.
Blue hat hackers are paid to test software for exploitable bugs before the software is released into the market.
For the purposes of this book, black and gray hat hackers are the hackers that should primarily concern you as you seek to cyberprotect yourself and your loved ones.
How Cybercriminals Monetize Their Actions
Many, but not all, cyberattackers seek to profit financially from their crimes. Cyberattackers can make money through cyberattacks in several ways:
Direct financial fraud
Indirect financial fraud
Ransomware
Cryptominers
Direct financial fraud
Hackers may seek to steal money directly through attacks. For example, hackers may install malware on people’s computers to capture victims’ online banking sessions and instruct the online banking server to send money to the criminals’ accounts. Of course, criminals know that bank systems are often well-protected against such forms of fraud, so many have migrated to target less well-defended systems. For example, some criminals now focus more on capturing login credentials (usernames and passwords) to systems that store credits — for example, coffee shop apps that allow users to store prepaid card values — and steal the money effectively banked in such accounts by using it elsewhere in order to purchase goods and services. Furthermore, if criminals compromise accounts of users that have auto-refill capabilities configured, criminals can repetitively steal the value after each auto-reload. Likewise, criminals may seek to compromise people’s frequent traveler accounts and transfer the points to other accounts, purchase goods, or obtain plane tickets and hotel rooms that they sell to other people for cash. Criminals can also steal credit card numbers and either use them or quickly sell them to other crooks who then use them to commit fraud.
Direct is not a black-and-white concept; there are many shades of grey.
Indirect financial fraud
Sophisticated cybercriminals often avoid cybercrimes that entail direct financial fraud because these schemes often deliver relatively small dollar amounts, can be undermined by the compromised parties even after the fact (for example, by reversing fraudulent transactions or invalidating an order for goods made with stolen information), and create relatively significant risks of getting caught. Instead, they may seek to obtain data that they can monetize for indirect fraud. Several examples of such crimes include
Profiting off illegal trading of securities
Stealing credit card, debit card, or other payment-related information
Stealing goods
Stealing data
Profiting off illegal trading of securities
Cybercriminals can make fortunes through illegal trading of securities, such as stocks, bonds, and options, in several ways:
Pump and dump: Criminals hack a company and steal data, short the company’s stock, and then leak the company’s data online to cause the company’s stock price to drop, at which point they buy the stock (to cover the short sale) at a lower price than they previously sold it.
Bogus press releases and social media posts: Criminals either buy or sell a company’s stock and then release a bogus press release or otherwise spread fake news about a company by hacking into the company’s marketing systems or social media accounts and issuing false bad or good news via the company’s official channels.
Insider information: A criminal may seek to steal drafts of press releases from a public company’s PR department in order to see whether any surprising quarterly earnings announcements will occur. If the crook finds that a company is going to announce much better numbers than expected by Wall Street, the criminal may purchase call options (options that give the crook the right to purchase the stock of the company at a certain price), which can skyrocket in value after such an announcement. Likewise, if a company is about to announce some bad news, the crook may short the company’s stock or purchase put options (options that give the crook the right to sell the stock of the company at a certain price), which, for obvious reasons, can skyrocket in value if the market price of the associated