Example en.wikipedia.org/wiki/2014_Sony_Pictures_hack
Maybe I misunderstood what a hacker can do, but why not rob someone’s credit card or bank account if they can do it to Sony?
As everyone knows, hackers must wear a ski mask while hacking
If government hackers can infiltrate big companies, why not hack normal people?
Submitted 1 day ago by 65gmexl3@lemmy.world to nostupidquestions@lemmy.world
https://lemmy.world/pictrs/image/51039b9f-f51b-4757-9810-b12b3b54567a.jpeg
Comments
holycrap@lemm.ee 23 hours ago
hakunawazo@lemmy.world 19 hours ago
It prevents that the bugs flying in their faces. It’s an OSHA requirement.
Scipitie@lemmy.dbzer0.com 1 day ago
It’s a question of effort. Sony has a shitload of public presence. For social engineering I can learn many mid level manager names from LinkedIn for example and their infrastructure is necessarily public facing to allow people to work there.
And that’s not talking about their public web presence and services.
And now we’ll switch to … You! If I’d try to target you I would have to first find anything from you to actually target.
Once I have your phone number, public IP or anything that gives me a lead I have to find my way in. And that way in will be because you’ve made a mistake, are lax with your passwords or use an out of date service.
But that’s like 2/3 of the work I had for Sony as well. And now I see that you’re a student with a net fortune of 50$ and a car from 1989.
To out it another way: for companies I aim with s rifle as they are a worthy prey. For individual people I use a shotgun and hope something hits something.
some_guy@lemmy.sdf.org 16 hours ago
Most people have little for hackers to gain / exploit by hacking them.
Red_October@lemmy.world 20 hours ago
If I went to all the trouble of hacking you and I emptier your bank account and savings, I’d get $12.
If I emptied Sony’s accounts, not only would I have potentially millions or more, but I could also get industrial secrets that could be worth even more, or possibly could be used to further my own electronics industry.
One of these isn’t worth the effort.
deadcatbounce@reddthat.com 23 hours ago
Because they don’t need to. As Zuckerberg himself said: people will voluntarily give all kinds of private information to corporates without being asked or by the gentlest of requests.
Zenith@lemm.ee 17 hours ago
Why would anyone hack me? I’m poor, I’m boring, I have basically nothing to offer
deafboy@lemmy.world 6 hours ago
The best thieves steal from the poor.
zxqwas@lemmy.world 16 hours ago
You have to pay a highly educated individual to spend hours finding any weakness to hack anything.
If you hack a big organization you’ll get more then a few dollars from a bank account. They also have a lot more things that could be vulnerable to hacking.
_cryptagion@lemmy.dbzer0.com 1 day ago
Keep in mind, in some cases it’s harder to hack an individual, especially if they are the slightest bit security conscious. Big corporations often use outdated software, sometimes painfully so. It’s not really uncommon to hear about corporations using software that has been abandoned for decades. Meanwhile, your laptop and cell phone automatically update. Meaning, there’s a chance you are a little more secure than your average corporation.
adhocfungus@midwest.social 1 day ago
Also your data is meant to be private and accessed by a single person. Basically a big wall around your stuff with a single door.
Corporate data, by design, needs to be accessed by many people inside and outside the company. So they are adding another door for each person, department, or API that needs access. Even if the wall is higher and stronger, it’s still full of doors to try.
9point6@lemmy.world 1 day ago
The amount of effort necessary doesn’t make it worth it usually
unexposedhazard@discuss.tchncs.de 1 day ago
Yeah this is like asking “Why rob a bank when you could just rob a random person on the street”
Yeah sure you can do that, but the comparably tiny amount of money you get is not really worth the effort and risk.
remotelove@lemmy.ca 23 hours ago
Effort vs Reward vs Ability vs Inital investment
In most cases, think of this kind of thing like a legitimate business. Same concepts. I’ll grade a few scenarios based on what I have seen over the last 20 or so years. (The ratings are arbitrary and just trying to explain my point.)
Do you have the means to rent a botnet and phish a few million people for lots of credit card numbers? Can you manage that kind of data, test all those numbers and maybe end up just selling that data? Low Risk/Moderate Reward (“Selling shovels” analogy is probably a better scheme than actually renting the botnet, IMHO)
Could you setup a “call center” in India and run a scam ring like an 8-5 business? Are there enough people you can hire to do this work? That requires training, infrastructure and time. You also may need to “work with” law enforcement to ensure your scam isn’t busted by legitimate cops. Moderate Risk/Moderate Reward.
Are you part of a small group with an insane amount of skill that has the time to pull off an extortion scheme against a Fortune 500 company for a few million bucks? High risk/High reward
Those are all normal scenarios above and it’s based on profitability and initial investment. Risk/Reward is always a balance.
(Sorry. I pulled a “wHellll aKshUallY” when you said it’s not worth the time for the small targets.)
falidorn@lemmy.world 22 hours ago
Not everyone has access to a Gibson.
FriendOfDeSoto@startrek.website 1 day ago
I think the Sony hack is not a great example because there is a very good chance it was more politically motivated than financially. It’s one of those cases where we might never know but there is a good chance it was orchestrated by North Korea in response to a Sony movie that made Kim III not look very divine. NK is most likely connected to other hacks as well that were really just a way to get hard currency/to evade sanctions.
Effort and reward are like supply and demand. If I want to steal your credit card number to go shopping, it might take me a long time to get to it. And then it turns out there is only $500 left on it. Too much effort for not enough reward. That’s why phishing, Nigerian princes, texted IRS/DMV fines, missed FedEx deliveries, and all that jazz happens. Low effort to throw a net out and then catch the dumbest of the fish. If you are a person of interest to me though the math if different. Maybe I’m a stalker (look behind you, I’m there right now). Or maybe horny me is looking for your (perfectly legal) sexting thread. Or you’re a pedo, a socialist, a cult leader, or all of the above. Private people get hacked. But it rarely makes a splash in the news like the Sony hack.
Also, hacker ≠ hacker. There are good guys who hack stuff to show what needs fixing or to hold people to account. There are bad guys who do it for money or because they like it. There are those with one foot on either side of that fence. Motivations differ wildly.
Grandwolf319@sh.itjust.works 1 day ago
Sounds like someone hasn’t been a target of fraud or a scam.
I’m Canadian, and when my phone rings with a unfamiliar number, I assume it’s someone trying to trick me to get my money, usually by pretending to be Chinese and having a package for me.
Zeppo@sh.itjust.works 1 day ago
That does happen, but mainly through automated mass means like phishing and ransomware. Individuals also get targeted by tactics like romance or finance scams. I think you could probably see how a large corporation would be a more lucrative hacking target worth a lot of dedicated time vs. one individual.
deafboy@lemmy.world 6 hours ago
Sometimes the victims even pay the attackers money upfront and install the wiretap themselves. looking at my IPTV box suspiciously, while the robotic vacuum hums in the background
AbnormalHumanBeing@lemmy.abnormalbeings.space 1 day ago
Also, one can lead to the other. If you catch the right fish with a scam, they may just unwittingly give you a way in to an institution. Only the latter would make the news, though.
Grandwolf319@sh.itjust.works 1 day ago
Yeah, there is a whole playbook for it called pig butchering