[OPLIN 4cast] OPLIN 4cast #447: The business of hacking

OPLIN Support support at oplin.ohio.gov
Wed Jul 22 10:30:13 EDT 2015 

    Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>  [image: OPLIN 4Cast]

OPLIN 4cast #447: The business of hacking
July 22nd, 2015

[image: hacker]Hacking into the computer files of a company or government
agency often is not a very lucrative occupation, unless the hacker has some
way to convert stolen information to cash. So a current trend seems to be
for hackers or hacker groups to sell their services, before the hack, to
someone who wants specific information. The business side of hacking has
been highlighted in some recent news reports, like news about the Hacking
Team
<http://www.theguardian.com/technology/2015/jul/20/hacking-team-police-investigate-employees-inside-job-claims>
company being hacked themselves, and the takedown of the Darkode
<http://www.darkreading.com/cloud/darkode-shuttered-but-cybercrime-still-alive-and-well--/d/d-id/1321359>
forum for hackers. You may think that libraries are safe from this kind of
cyber crime (why attack a library?), but by that logic, we also should not
be seeing denial of service attacks on libraries - yet we are.

   - Hackers on demand
   <http://www.fastcompany.com/3043016/the-cybercrime-service-economy>
   (Fast Company | Steven Melendez)  "At Hackers List
   <https://hackerslist.com/projects>, for instance, hackers bid on
   projects in a manner similar to other contract-work marketplaces like
   Elance. Those in the market for hackers can post jobs for free, or pay
   extra to have their listings displayed more prominently. Hackers generally
   pay a $3 fee to bid on projects, and users are also charged for sending
   messages. The site provides an escrow mechanism to ensure vendors get paid
   only when the hacking's done."
   - Hackers for hire: How online forums make cybercrime easier than ever
   <https://www.washingtonpost.com/blogs/the-switch/wp/2015/07/16/how-cybercriminals-have-turned-forums-into-sophisticated-blackmarkets/>
   (Washington Post | Andrea Peterson)  "These forums and black markets
   offering physical goods as well as digital services - such as the now
   defunct Silk Road - have helped drive the popularity of cybercrime, because
   the sites contain almost everything someone would need to get into hacking
   for profit, [Raj] Samani [of Intel Security] said. Even those without
   technical knowledge can visit the forums or black markets and hire people
   to do the individual components of a scam - or outsource it altogether in a
   subcontractor-style set up, he said."
   - Sophisticated hacker group strikes for profit, not politics
   <http://www.toptechnews.com/article/index.php?story_id=020000MIVK1S>
   (Top Tech News | Jef Cozza)  "Almost as unnerving as Morpho's habit of
   targeting enterprise assets is its familiarity with the inner workings of
   its victims. The group has successfully compromised commonly used e-mail
   servers such as Microsoft Exchange and Lotus Domino, according to Symantec.
   It has also targeted enterprise content management systems, where it could
   have gained access to valuable documents such as financial records, product
   descriptions, and legal documents. And unlike attacks by other hacker
   groups suspected of working for the Chinese, Russian, or North Korean
   governments, Morpho's malware tools are well documented in fluent English."
   - Hacker for hire
   <http://www.itweb.co.za/index.php?option=com_content&view=article&id=144418>
   (ITWeb | Jon Tullett)  "Managing consultant [Tyrone Erasmus] at security
   specialist firm MWR InfoSecurity, he and his teams are hired to audit their
   clients' security, mimicking the behaviour of criminal syndicates that are
   after the same valuable details: financial systems, intellectual property
   and trade secrets. 'I'm a bad guy who plays by good guy rules,' he
   proclaims, with a nearly straight face. Since the '70s and '80s, when
   hackers like Kevin Mitnick and John Draper burst onto the scene, corporate
   information security has improved greatly, it's far stronger and...haha.
   Just kidding. 'We have a 100-percent success rate,' Erasmus says, deadpan."

 *Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - The business of hacking and birth of an industry.
   <http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=4be14fb1-ee95-4b17-9ef3-534d0d9de920%40sessionmgr4001&crlhashurl=login.aspx%253fdirect%253dtrue%2526db%253dbuh%2526AN%253d84503895%2526site%253dehost-live&hid=4101&vid=0&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=buh&AN=84503895>
   (*Bell Labs Technical Journal*, Dec. 2012, p.5-16 | Matt Bowles)
   - IT security for you and your library.
   <http://web.b.ebscohost.com.proxy.oplin.org/chc/detail?sid=5fb8cbb5-e93f-4077-b428-61e219071140%40sessionmgr113&crlhashurl=login.aspx%253fdirect%253dtrue%2526db%253dcmh%2526AN%253d94311325%2526site%253dehost-live&hid=124&vid=0&bdata=JnNpdGU9Y2hjLWxpdmU%3d#db=cmh&AN=94311325>
   (*Computers in Libraries*, Jan/Feb. 2014, p.13-16 | Blake Carver)
   - The rising strategic risks of cyberattacks.
   <http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=68a82ec8-f497-44e3-9639-c185c6b89534%40sessionmgr4004&crlhashurl=login.aspx%253fdirect%253dtrue%2526db%253dbuh%2526AN%253d102092395%2526site%253dehost-live&hid=4101&vid=0&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=buh&AN=102092395>
   (*McKinsey Quarterly*, 2014 2nd Quarter, p.17-22 | Tucker Bailey, Andrea
   Del Miglio, and Wolf Richter)

    ------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://mail.oplin.org/mailman/listinfo/OPLIN4cast.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20150722/0b934d6d/attachment.html>

More information about the OPLIN4cast mailing list