The Future Of Hijacking

Posted by Zac on May 5th, 2009 and filed under Finance, Legal, Security. You can follow any responses to this entry through the RSS 2.0. You can leave a response or trackback to this entry

hacking.jpg

We all know that malicious activity comes in many flavors. From the mostly simple DDOS, to DNS records, to a combo web hack. I have to give the guys that took down the Virginia PMP some credit, they are either really smart or really dumb. Here is what the Virginia PMP staff found on their website this morning:

ATTENTION VIRGINIA

I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(

For $10 million, I will gladly send along the password.

(Mirror of the full page)

Goes on to tell how to get a hold of them and all that good stuff. I know how I would do it, but I have the benefit of hoping on a plane when I want. Never underestimate the difference geographical location changes make. The best botnet in the world only protects you so much. So it will be interesting to see how this plays out.

The reason I find so much interest in this is because I feel it is the future growth of the hacking industry. Be it good or bad, people are greedy, and it doesn’t matter the industry. We have seen that with the home market, the financial market, and let’s not even bring Enron and likes into this. So how do you make money hacking?

You steal, manipulate, and sell informatian. Getting the data can be the easy part. Brokering an illegal trade can be the biggest challenge you will face. The problem is for this company, or organization, the easiest way is not to pay. You mail your customers a form letter with a line like, “Your personal information MAY have been comprimised.” Give them a number to call, and offer them free 6 months of credit monitoring. So how do you get them to pay in my opinion?

Media attention has really put hacking into the forefront. With the leaked plans of the JSF, Marine 1, then the power grid, there is a lot to talk about. I would think the most helpful thing to do, for the hackers at least, is to get some public out cry. Drive a media blitz. If you don’t drive the media to this, and have potential patients demand the PMP to pay it out to protect their data, then you will never get a payout.

What are your ideas? How do you manage to launder millions without getting caught?

Leave a Reply