How Hackers Profit From You

If you’re just an average joe on the Internet, you probably think you and your data are relatively safe from hackers because, well, “why would anyone want to hack me?” I’m not rich, I’m not a celebrity or other public figure, what could a hacker possibly want with my data?” Well, this article is going to answer why everyone is a potentially lucrative target for hackers, how they do it, and some ways you can safeguard your accounts and computer. 

You’re watching FutureNow, videos about the future of tech and society. Thanks largely to movies and television, most people have a pretty warped view of what hackers actually do. In this video, I’m not talking about some guy in a hoodie sitting in a dark room hacking into the Pentagon by just tapping on a keyboard on a laptop.

Most tactics used by the average hackers are fairly unsophisticated and much less dramatic. There are several different strategies  hackers can use to make a quick buck, and one of the most common is the use of ransomware. The easiest way for  hackers to do this is to get access to a list of email addresses and send thousands of people emails with either a hyperlink or an attachment that when opened will infect the user’s computer with malware.

 This malware will then encrypt all the files to the user’s computer and display a message saying the files will be lost forever unless the user sends money to get the decryption key and regain access to their data. Usually, this money transfer is done through cryptocurrency like Bitcoin, which is very difficult to trace. Many people pay up the usually several hundred dollars because we all have a ton of files on our computers that are important to us. 

There are other versions of this extortion tactic that are even less technically complex. For example, a hacker (if you can even call them that in this situation) can simply find one of your passwords in some online Liston the darknet from a website that was hacked along with whatever email you used to create that account, and then they’ll send you a scary-looking email claiming to have access to your computer and threatening to release sensitive information if you don’t pay them.

They’ll start the email by saying “I know your password is X” as proof that they have access and because most people reuse the same passwords for most things online, you’ll actually have no way of knowing where they got the password from. Who knows, maybe a website you created an account for years ago was hacked. This method is less successful because if they really had access to your computer as they claim, why would they send you an email rather than making something pop up on your screen for example? And using the same email with a link or attachment method, hackers can do much more than just hold your data for a ransom.

 They can install what’s known as a RemoteAccess Trojan, or RAT, that gives the hackers complete administrative control over your computer without your knowledge. From here, they can search through your computer to find useful information like social security numbers and bank account numbers in files you have saved like tax forms and job applications. Or they can log your keystrokes to save the credit card information you enter when shopping online. 

Rather than trying to use this information themselves to steal your identity or drain your bank account, they’ll most likely sell it to other cybercriminals on the black market. And if you think you’re safe from these attacks because you know better than to open sketchy looking emails, and definitely know better than to click on a link or attachment in one, well there are other ways to get you to accidentally install their malware.

One way is by running software that automatically searches for vulnerabilities on thousands of websites and then once having a list, hackers can try their hand at exploiting those vulnerabilities to gain access to random websites and place downloads to their malware there without the site owner or users knowing. So you can be on someone’s blog or on a site you clicked on when Googling an answer to something when suddenly your computer is infected– usually without you noticing. 

In fact, hackers could profit from taking over your computer without even stealing from you directly. Sometimes computers are used as what’s known as “zombie computers” meaning,  hackers are using the processing power and internet connection provided by your computer to make other more powerful attacks. Networks of these zombie computers are known as botnets and one hacker could have hundreds of thousands of zombie computers on their botnet. 

They can profit through this in several ways, one being simply renting out use of their botnet to other hackers, using computers in their network to send phishing spam, meaning emails that trick people into handing over sensitive information, or infecting many more computers and growing their network.

If you’re using a zombie computer, you may not even notice outside of your computer working much slower than it normally would. Of course, because your computer is committing illegal acts on someone else’s behalf, you could find yourself implicated in a criminal investigation. If your Internet Service Provider (ISP) takes down your connection due to detecting criminal activity, that sucks for you, but from the hacker’s perspective he’s simply lost one of hundreds of thousands of bots that can easily be replaced

. Meanwhile, they’ve avoided the authorities. So far, we’ve mainly covered hacker methods that rely on tricking victims into installing some sort of malware or virus onto their computer, but that’s not the only trick they’ve got. Not to alarm you, but I hope you’re not watching this video while connected to public WiFi. This is yet another way that hackers take advantage of people just going about their day.

In what’s known as a Man-In-The-Middle attack,  hackers can intercept the data traveling from your computer to the server used by whatever website you’re using by exploiting an unencrypted public WiFi router. This means they’ll be able to access the passwords you’re entering when logging in to various websites, including perhaps if you’re checking your bank account.

 Please don’t log in to your bank’s website on public WiFi, people. They can also serve up fake versions of websites you’re trying to visit. Many websites like Facebook and Amazon have their own encryption to avoid attacks like these, but  clever hackers can redirect you to a site that looks exactly like the Facebook or Amazon login page wherein many people would enter their information without a second thought, actually giving the hacker their login info. Sites that are actually secure will have an HTTP URL, where the S stands for “secure” and will have an SSL certificate, which basically certifies that the information you enter here is encrypted and secure.

Unfortunately, both of these can also be spoofed or a hacker can simply use the aforementioned zombie computer method to direct traffic through a server that actually has a secure certificate to present you with fake malicious websites. There’s also a completely legitimate way of stealing passwords from public WiFi and sometimes even your home WiFi, if it’s not secured, called packet sniffing. Yes, packet sniffing. Despite its silly name, it can be pretty serious.

 It’s essentially just the interception and analysis of packets of data traveling over a wifi network. Packet sniffing is used in legitimate ways by network technicians who may be trying to find vulnerabilities to patch up in a network or fix connection issues. But there’s actually free open source software you can download and run, to packet sniff for less legitimate reasons, like say intercepting passwords and other sensitive information. 

Hackers can go to a local coffee shop, or just park outside and run this software on their laptop, then go home and dig through the data they got to see if there’s anything useful to sell or use themselves. I hope by now it’s pretty clear to you that most hackers are not going out and choosing specific targets to attack.

 The average target is more or less anyone with an internet connection because the ways targets are chosen depend on the software that looks for vulnerable entry points without even knowing who they’re hacking until they’rein. And even if you don’t think someone could profit much from hacking you, hackers can make a ton of money selling mass amounts of collected social security numbers, bank information, credit card numbers, and passwords on the dark web.

Thankfully there are ways to protect yourself and your information from hackers. Besides being more vigilant about what emails you’re opening and paying closer attention to the websites you’re visiting, there are services you can use to practice safe browsing, like Dashlane, which I’ve been using long before they decided to sponsor the channel. That’s because Dashlane makes staying secure online easy. 

You can use it to generate strong, hard to guess or crack passwords that are unique for every website you use and autofill it so you never have to memorize another password again. And if your password is stolen because the website you used was hacked, not only will your other accounts be safe because you’re smart and used Dashlane to create different passwords for each site, but Dashlane also offers Dark Web Monitoring to alert you if it finds your login information listed anywhere online so you can quickly change your password.

 And my favorite part of Dashlane is that it includes a VPN service, so you can browse the Internet on unsecured WiFi networks without the threat of a man-in-the-middle or packet sniffing attack.

Leave a Reply