Pullin’ a Rabbit out of a Black Hat
In the past, step 2 generally consisted of several intricate steps that required a significant amount of effort and skill. Even if a system was filled with valuable data, it was highly unlikely that any of said data was actually valuable to the hacker.
Therefore, at this point, one generally had to undergo several steps to turn a profit:
1. Find a buyer who was interested in the data.
2. Sell the data.
3. Seller had to make sure buyer sent funds.
4. Buyer had to make sure seller sent data.
5. All steps needed to be conducted anonymously.
This meant that hackers had to create fake bank accounts, which meant they had to create fake identities, which meant they needed to purchase these from yet another untrusted source in order to conduct the anonymous transaction. As one can see, these were quite daunting tasks. Of course, there were (and still are) major criminal organizations, as well as highly entrepreneurial hackers, that have solved these problems. But, overall, these persons and organizations represented a minority percentage of the people who wished to hack for profit. For everyone else, the difficulties and risks involved in obtaining bank accounts with false identities or receiving payments in some other anonymous manner just wasn’t worth it.
For most hackers, there was little opportunity to profit from hacking, and therefore, most hacking was conducted for purely non financial reasons. Many of the most talented hackers were not criminal by nature, and as such, were unwilling to take the dangerous risks required to financially gain from a hack. As such, much hacking was conducted for seemingly altruistic reasons (e.g., showing the site they infiltrated it, how they did it, and how to fix it). Many hackers did this to obtain a job, or merely to feel good about themselves after helping someone out (as well as internet fame).
However, everything changed when a new money was created out of thin air. Bitcoin solves all of the above problems for hackers entirely and, moreover, quite elegantly. Suddenly, hackers are able to profit with minimal effort:
2. Grab Bitcoin Private Keys.
3. Transfer Bitcoins to oneself.
At this point the hacker has already profited. They can go further and put the Bitcoins through a mixing service to anonymize them and then cash them out at an exchange for USD. Furthermore, this can all be done over Tor to remain fully untraceable.
When compared to the previous monetization schemes associated with hacking, this is several orders of magnitude easier. All one needs to do is simply find a system with Bitcoins on them. While this is scarce now, it is highly likely that Bitcoins will become much more prevalent over time. Additionally, it is fairly simple to find servers who are holding Bitcoins (see Linode) as well as monitor the Bitcoin P2P network for IPs associated with Bitcoin transactions.
Even script-kiddies who distribute applications to create botnets which can be used for mining or DDoS attacks no longer need to DDoS sites and hold them ransom. Instead, they can simply steal Bitcoins off any computer they control.
Hacking has changed. And while money can be generated with a computer, it can now also be stolen through black hat hacking even faster. It’s not Houdini; but rather, Who dun’ it? And, today, it looks like we’ll never know.
Some tips on staying safe:
1. Use a VPN or Tor to mask your IP on the Bitcoin P2P network.
2. Keep all of your Bitcoins in an offline wallet.
3. Use a BrainWallet.
If you have other suggestions, please feel free to leave them in the comments!