What the cyberhackers do with your personal information

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

What the cyberhackers do with your personal information

Any of us knows that we have to protect our personal information, but what will happen if it is attacked? Meridith Levinson made an investigation about this matter.

When the online shopping store Zappos announced to its customers that names, email addresses, invoices and delivery address as well as phone numbers and the last 4 digits of their credit cards could be exposed in a data leakage in January, it emphasized that “credit card information and important payment data weren’t affected or accessed.”

It was such a consolation for 24 million customers whose information could be leaked in this case. They didn’t have to worry about the finding of secret money in their credit announcement at the end of the month. It hasn’t been yet.

So why do we have to worry? According to the experts, most often information security risks happened to customers included the annoyance (more spasm in inbox) to the dangerous fraudulent emails. In this case, the senders pretended to be a trustworthy individual or organization so that you were taken in clicking a link which would download  Trojans into your computers or supply the senders with confidential information like your passwords, credit card number or even your welfare numbers.

The cyberhackers hacked into the database of Zappos accessed many information. Other cases, such as some attackes into web servers did by hackers, only names and email addressed were found. Whether these were big or small, these vulnerabilities raised a lot of concerns.

Why was data precious?

Personal information was the “money” for the underworld. It was what the criminals exchange in the literal sense. The hackers who had that kind of information could sell it to many buyers, including identity thefts, criminal organizations, spammers and botnet operators, who used data to make more money.

For example, the spammers could buy a list of new email addresses for sending their advertisements about Viagra or something like that. They earned money (supposing 50p per click) from the replies or amounts of pop-up advertisements/websites. Meanwhile, identity thefts could use email addresses to build up a fraudulent plan to fool everyone into giving them their credit cards or bank accounts. 

Rod Rasmussen, president and CTO of Internet Identity, an American Internet security, said cyberhackers exchanged information with each other to a full picture of an individual. “You can add and combine more information about everyone for a bigger loss. You get their names, credit card numbers, PIN, email addresses and phone numbers from many sources to have a fully information about them”.

What was the monetary value?

A name or an email address is worth 1 cent to £1/file, depending on the quality and latest of the data, according to the security experts.   

“There are far too much floating data, you have to have plenty of them in order to get paid in the underworld”, Rasmussen explained “Even a credit card number is worth $1”.

It seemed a tiny amount of money but if you multiplied it into millions of files, the resutl would increase incredibly. Take Zappos as an example: if hackers sold 5 millions out of 24 millions of customers’ email addresses with 5p per address, they earned £250,000.

 The botnet operators could even make more money. Supposing you owned 1 botnet including 100 thousand computers, you could let the spammers hire it out with £500 – £1,000/hour. As what Stu Sjouwerman, the founder and CEO of KnowB, a Internet security training company said, if you hired or bought 24 millions files from Zappos, then you could send malwares to these emails, even just 20% of the receivers’ computers were contaminated and your malwares took the control of their computers, you could have increased your botnet into 5 millions computers with little attempts.

“Then you can charge $5,000/hour instead of $1,000/hour for 5 millions botnets which started to send spams”, Sjouwerman said. “These guys made a really big fortune”. Of course their illegal activities would also mean the criminal cases, prisons and monetary compensation.

What did the Cyberhackers need?

All the cyberhackers needed to start making money was your email address. Then, they could “blitz” your emails with plenty of spams.

In order to steal someone’s identity or credit card fraud, the cyberhackers needed your passwords, credit card or welfare numbers. If they had everyone’s emails, occasionally they could have your sensitive information by sending fraudulent emails or distribute malwares through emails. Some malwares installed keylogging software recording usernames and passwords whenever you signed in online accounts. If one of them was bank account, the cyberhackers could easily withdraw it completely without doubt. 

In case the cyberhackers had the last 4 digits in credit or debit cards, they could use it to reset the password in an e-commercial website, according to Rasmussen. They would start buying by your accounts afterwards. However, he added, there were big possibilities that “they will sell these information for those who intended to make another attack to you”.

How long would it happen?

Also according to Rasmussen, the period between the time cyberhackers had your information and illegitimate amount of money suddenly appeared in your credit announcement depended on the cyberhackers and the type of information they got. If it was related with credit card numbers, the fraudsters would use it right away.

The cyberhackers using emails for fraud acted so quickly. In order to take many people in downloading malwares into their own computers or revealling their sensitive information, the cyberhackers would send them a false announcement about the information leakage and request for resetting their passwords on one website pretended to be a true website, before the hacked companies send their official announcements, in accordance with  Sjouverman said.

This is the reason why the fatal action towards organizations whose customers’ information was leaked was sending announcements as soon as they knew what happened and who were affected. Rasmussen added that EU was under consideration about a bill requesting the companies to inform to the related customers within 24 hours.

And the risk?

If your email was affected in a security vulnerability, you had to prepare yourself for receiving tons of spams, fraudulent emails or much more malwares arriving to your mail. Besides, malwares could allow the cyberhackers to take control your PC to make it become a part of botnet. It could even permit them to activate webcam or microphone on your PC to track your activities. Moreover, it could download keylogging software for recording your passwords.

If they had much more information than names and email addresses – maybe your phone numbers, addresses and the last 4 digits of your credit cards – they could set up an effective and persuasive fraudulent plan resulted in identity thefts and credit card fraud.

How about the ratio?

Rasmussen and Sjouwerman both agreed that you could receive much more spams if your email address was exposed in a security vulnerability. And another worry to you is fraudulent emails.

4 out of 10 would be involved into fraudulent attacks, based on Sjouwerman’s research. He run a test with one of KnowB4’s clients, in which KnowB4 made a false email, was believed to be sent from the CEO of the company, to its 100 employees’ emails found on web. In the mail, KnowB4, pretended to be the CEO, requested their employees to change their welfare in a website they set up, the result was 40% of the employees was fallen into the trap.

 Unless your credit card number or bank accout were hurt, there was no need for you to worry about the credit card fraud – of course with the condition that you didn’t reveal it to the fraudsters afterwards.

If the cyberhackers got your credit card number, it was surely that fraudulent amount of money would appear on your next invoice, and you ought to inform your credit card information and credit report companies as soon as possible that your information was hurt. 

Not all vulneralbilities would relate with identity theft and credit card fraud – or fraudulent emails and spams in addtition. Although the hackers had only everyone’ names and emal address, according to Rasmussen, what made people worried most was “the feeling of being a victim: someone will publish something about you without permission”.

  •  Multifaceted Tests : Attempting Server-Side Includes (SSI) Injection Systematically, Attempting Log Injection Interactively & Attempting LDAP Injection Interactively
  •  Multifaceted Tests : Attempting XPath Injection Interactively & Attempting Server-Side Includes (SSI) Injection Interactively
  •  Multifaceted Tests : Attempting Command Injection Interactively & Attempting Command Injection Systematically
  •  Multifaceted Tests : Attempting PHP Include File Injection Interactively & Creating Decompression Bombs
  •  Programming .NET Components : Addressing Other Security Issues
  •  Programming .NET Components : Principal-Based Security
  •  Programming .NET Components : Visual Studio 2005 and Security
  •  Multifaceted Tests : Modifying Host Headers & Brute-Force Guessing Usernames and Passwords
  •  Multifaceted Tests : Bypassing Field Length Restrictions & Attempting Cross-Site Tracing Interactively
  •  Multifaceted Tests : Making HTTP Requests Using XSS & Attempting DOM-Based XSS Interactively
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us