What is the most valuable thing to a hacker?
Most people would probably assume it's a credit card number. But actually, stolen credit card numbers pale in comparison to the black market value of another type of personal information we all have. (To see the answer, skip down to #1 in the bulletpoints below.)
As more people are targeted by hackers, and a growing number of large-scale corporate and government data breaches expose people's private data to criminals around the world, it's important for everyone to understand the full scope of the risks we face.
After all, for many people, as long as they don't lose money from their bank account or get phony charges on their credit card, they could care less about getting hacked. A hijacked email account, a new card from the bank, a legally mandated corporate data breach notification in the mail - these are all just minor annoyances for the average person. You shrug it off, and move on.
But what actually happens when cybercriminals break into your online accounts, hack your devices or access your personal data? Even if you don't notice any immediate financial loss, does that really mean you're off the hook?
Cybercrime is a multi-billion dollar economy with sophisticated actors and a division of labor that includes malware authors, toolkit developers, hacking crews, forum operators, support services and "mules." There are countless sites in the dark web that offer ways for hackers to buy or sell stolen accounts, hacking tools and other criminal services.
Stolen credit card numbers aren't the only way hackers make money off of our lives. The cybercrime industry is nothing if not innovative and imaginative when it comes to finding ways to turn our personal information into cash.
Just because you haven't seen an immediate and direct consequence from a corporate data breach or reported software vulnerability, it doesn't mean your life isn't being traded online.
Here are six ways hackers monetize your life online:
Medical Identity:
What's the most valuable data you have? Forget about stolen credit card numbers. While these will always be a key commodity for hackers, they're not nearly as valuable as your personal health data.
Current estimates peg the black market value of these credentials at well over 10 times the price of stolen card numbers. Why? Because card numbers are easy to change - Social Security numbers, health insurance accounts, Medicare account numbers, these aren't so easy to replace.
There are a variety of online exchanges in the dark web where cybercriminals can buy, sell and trade this type of information, which is a gold mine for identity theft and insurance fraud. And since healthcare companies have one of the worst cybersecurity records of any industry, consumers should expect more data breaches in the future that will expose their information.
Email & Social Media:
While stolen health credentials and credit card numbers are clearly linked to fraud, other targets of cybercriminals are less obvious.
After all, why would a criminal want to buy access to your hacked Twitter account? What's in it for them?
While email and social media certainly aren't the most valuable commodities on the dark web, they still have money-making potential for scammers.
A cybercriminal can use a hacked email or social media account to distribute spam, run scams against the person's contacts and connections, and try to leverage the stolen account to break into other online accounts used by the same person.
Uber:
Perhaps equally surprising is the idea that hackers could hijack your Uber account.
However, it's important to remember that any online account which is linked to a payment method - be it credit card, checking account or PayPal - is a worthwhile target for a hacker. By hijacking your Uber account, most likely through a phishing email, they can set up fake drivers and bill you for "ghost rides."
Airline Miles:
It probably wouldn't occur to most people that their frequent flyer miles can be hacked. But believe it or not, they can. All a hacker has to do is get access to your frequent flyer account, and they can steal your airline miles, sell them to other criminals or put the whole account up for sale.
Webcams:
The camera staring you in the face every time you use your computer can be a fun bounty for criminal hackers.
All they have to do is infect your computer with a remote administration tool (RAT), and they will be able to remotely control and access your webcam.
Known as "ratters," there are a lot of communities and forums on the dark web where these individuals share information, videos and photos of their webcam "slaves," sell or trade them to other hackers, and rent access. One BBC report claimed hackers get $1 per hacked webcam for female victims, and $0.01 for men.
While in many cases, hacked webcams are done purely for the "lulz," they can also be used for extortion, harassment and intimidation.
Botnets:
There's another way hackers can monetize access to your computer, and it's similar to the use of webcam RATs - but even more dangerous.
"Botnets" are a collection of infected computers which are remotely controlled by a hacker.
When infected with botnet malware, a cybercriminal is able to capture as much of your sensitive data as he wants - including your personal information, passwords and financial credentials. They can also use the remote connection to sneak in other types of malware such as "ransomware" or "banking Trojans," which your computer will have a harder time detecting. Additionally, they can force your computer to participate in criminal schemes like distributed denial-of-service (DDoS) attacks on business or government websites, and distributing spam and malware to other users.
A hacker can make money from botnets in several ways, including financial fraud, extortion and by selling access to your computer to other hackers. "Rent-a-bot" services are increasingly popular on the dark web, and can net hackers a pretty penny.