Hacking Is a Profitable Business Model

Recently, charges were filed against three persons for committing various hacking crimes against financial services companies and media outlets. One of the charges included what prosecutors say is the “one of the largest thefts of financial-related data in history.” It was the data breach incident in 2014 against JP Morgan Chase that resulted in theft of data of over 83 million customers. Financial account records are the most profitable information available on the Dark Web; going for $200-$500 per record. This one heist alone could have raked in over $16 Billion.

Other crimes perpetrated by these men included running an illegal bitcoin exchange, manipulating stock prices which proceeds were in the tens of millions of dollars, and using data stolen from various breaches such as from Scottrade (in 2013) and e-Trade earlier this year to try to sell stocks to those companies’ customers.

The fact that data breaches occur is not big news. They happen more often than anyone would like. However, there is considerable news here. In this case, the criminals appear to be using hacking into organizations as a business model. In one instance, prosecutors said that the supposed ringleader, Shalon expressed desire to get credit card data on Scottrade customers so when they approached them for trades, it would seem more legitimate and trustworthy. The group, which is thought to have hundreds of employees and co-conspirators bought stocks very cheaply, manipulated them, and subsequently sold them to customers whose information they had stolen.

While it is good news that an indictment for cybersecurity crimes has been filed, there is not a lot that individuals can do to keep their information safe once it is provided to companies. We have to have a bit of faith that they will do as much as possible to keep it safe. However, they are not perfect at doing so, as we have experienced with the Office of Personnel Management (OPM) breach, the various healthcare company breaches such as Anthem and Excellus Blue Cross Blue Shield, or any of the financial organizations mentioned here. There is discussion ongoing about how companies can collaborate more to try to prevent these and in the future, there is hope that results of those communications will keep organizations one step ahead of the cyber thieves.

However, until that time, we can do something. We can order our free annual credit reports and monitor them for fraudulent charges. We can watch our payment card statements closely and report suspicious charges to the issuing financial institution for resolution, and we can research companies to whom we give money.

Never give any information to someone who cold calls you or sends unsolicited mail or email. Instead, find out the company name and contact information and do separate research on them. Make sure it is a company you feel you can trust with your data, regardless of whether they have your credit card details or trade information from another organization. In fact, if they claim to have such information, you should spend extra time finding out about them.

Other counts filed against the three in this case included wire fraud, money laundering, and operating and securities fraud, identity theft, conspiring to commit money laundering, computer hacking, wire fraud, and illegal internet gambling. These charges cover crimes dating back to 2007.

According to US Attorney Preet Bharara this type of crime may be “the next frontier in securities fraud. Sophisticated hacking to steal material non-public information is something the defendants allegedly discussed for the next stage of their sprawling criminal enterprise.” The next stage could be committed using complete profiles of the data they have acquired to commit more sophisticated attacks. We all need to be prepared.

© Copyright 2016 Stickley on Security