In the world of computers, to perform any action, including malicious actions, tools are needed – software. Any cyberattack requires its own set of tools. Yes, it is obvious but let us dive into details.
There are many ready-made exploits and viruses sold on the network for almost any task. At the same time, hackers often create their own software. For what? After all, everything has already been created before; you can buy it and use it. Maybe there are so many attack vectors that it is impossible to find a ready-made solution for everything? Such questions cause great difficulties. Therefore, today I will try to explain why hackers need new viruses. We will try to understand who modern hackers are and why they are completely different from what they were 10 or 20 years ago.
Writing your own virus, even such a primitive one as Search Marquis, has many advantages. Whatever attack you have in mind, you will have to figure out how to configure the infrastructure even if you do not make a virus from scratch.
Virus development is one of the fastest-growing areas. To get a lot of money, you need to use the latest innovations, discover vulnerabilities, or start an attack in a newly discovered direction faster than anyone else. With this in mind, the main skill of a hacker now is the ability to build a process.
In the days of Windows 98, security was largely neglected. Then, to become a hacker, it was enough to deal with several programs that made you the god of hacking. At the time, there was a big security problem – the inability to deliver important updates to everyone quickly. Therefore, the discovered vulnerability could exist without patches for months. At that time, there were sets of tools for cracking, which included powerful exploits that worked almost everywhere. The only way to be protected then was not to connect to unfamiliar networks. If there is no access to the computer, then it cannot be hacked.
You may say that nothing has changed. Wandering around hacker forums can really give the impression that everything is possible. Stealers can get any data from the system, miners support all existing crypto coins, botnets help with any type of attack. If you open the exploit-db, there are more than 43k exploits for any program and system. And for the most popular attacks, there are also separate programs. If you do not want to deal with empire to run EternalBlue, there is a program that will scan the IP address range and give you addresses of vulnerable machines. It remains only to create a hacker emulator. It will have only two buttons – to hack everything and take a pause. It will look for exploits, vulnerabilities, trends, and automatically find victims.
But we see that hacking is developing in a different way. The era of free mega utilities that require no registration has not come. The reason for this is the security trend that has been developing quickly too. To be honest, in most cases, this is just marketing, and new security features only add new vulnerabilities. However, we see that new security holes are closed much faster than before, and today’s admins and ordinary programmers have a much greater understanding of security. If a new vulnerability is discovered now, it gets quickly patched. By the way, this also depends on the developers. For example, Flash, which was widely used in browsers until recently, was famous for its vulnerabilities not being patched for a very long time. It was a catastrophic security issue. As a result, the problem was radically resolved with the arrival of HTML5 and a massive rejection of Flash. Today, we see that vulnerable technologies are removed from the market.
But do not think that with all this security rush, the systems became more secure, and fast patches cut any opportunity to get inside. It is still not the case. We see that the pace of development is growing. New versions and features appear every week. Companies simply do not have enough time to make completely safe products. And so modern programs are full of flaws.
The hacker community has gone deeper underground; no one else puts valuable vulnerabilities in prominent places so that developers could learn about them and fix them promptly. Just read about the Windows SMB vulnerability and the WannaCry virus. It reminds of a time when security was not there at all.
So, who are the hackers now? These are not the geeks who re-read the Linux kernel code before going to bed and who have Snowden’s posters hanging in the closet. These are the organizers and managers of the hacking process. They have a full understanding of the attacked technologies’ internal structure and extensive experience in launching attacks.
Hackers can be compared to the heads of companies who build processes and lead the day-to-day operations. The head of a restaurant chain is not necessarily a good chef, nor does he need to memorize all cuisine dishes. But this person understands the subject matter and knows what is in demand now. He knows where to get the ingredients and where to invite the chefs from.
The same is true about modern hackers. They do not need to know everything, but they definitely need to understand the principles of this “kitchen” and what the “ingredients” are. You need to be able to quickly build the hacking process because when ready-made tools for some vulnerability come out, it is already too late. Everything has been fixed and updated 100 times. To be on time for dinner, you need to start acting as early as possible when the new attack has only a theoretical concept.
To better understand the structure of modern attacks, let us take a look at one project. A hacker works with the banking sector and data. He is not engaged in cashing but extracts financial data hacking various payment systems.
The essence of one of his schemes is as follows. This hacker decided to make a free mobile application with paid features inside. There are plenty of them now. The idea was to make a really good application that people would like. Almost everything in this app was free but one function was opened only after the payment.
Do you think I am telling you how he made a good app and got $50 a day for a cup of tea and cookies? No, he earned about $100k. If after reading this, you started going through the scam schemes in your head in order to understand how he did it, you think like a hacker.
Well, those of you who think that by creating ordinary applications from time to time you can get so rich, you do not understand how really big money is made. So, the only paid feature in that app cost a few pence. It was ridiculously cheap but at the same time extremely useful and a lot of people started paying for it. It looked like a symbolic “donation” to the developers to pay for the project servers. The payment was made not through the mechanisms built into the phone but through a special webpage. Users entered the card details, and a one-time charge took place.
As you can imagine, the main purpose was to collect card data. In a short time, that person accumulated a large database with names, numbers, expiration dates, and CVV codes, which was successfully converted into large revenue.
Let us look at the role played by the hacker who coordinated that project. He knows nothing about mobile development, is bad in foreign languages; he has no idea how to pass an application test with scam functionality before publishing.
But he knows what data may bring him money, how it all works, and how to find the right people. He created the concept of the application, outsourced the development to an ordinary app studio. He also found translators so that the application could be distributed to the largest number of countries. He paid for advertising. He found a darknet mobile developer who provided a workaround for the app store verification service. And finally, he built a simple site for collecting card data. As you can see, he did not have to run through hundreds of thousands of lines in assembler.
Part of the money earned is spent on new attacks, part goes for day-to-day life, and one more part is left untouched. You always need to have some kind of reserve of funds. Not all attacks end well.
Well, let us go straight to attack budgets. The entry point is very low. You can come up with a bunch of schemes for which you just need an understanding of the topic and small expenses to cover hosting, domains, etc. A publicly available scheme may have zero launch costs, but such schemes are often poorly scalable, poorly automated, and not really profitable. I am not saying that all zero costs schemes are bad, but publicly available schemes do not really work.
To earn a lot, you do not have to work hard, but you have to apply your knowledge in new directions. When creating your own scheme, its launch cost may be small, but since no one is working in this direction, you can get the greatest benefit.
The created scheme should not necessarily be 100% unique. After even a cursory acquaintance with the topic, it becomes obvious that many hacking directions can be substantially improved.
It is useful to monitor the progress of publicly available third-party tools. If you decide to use them, the main rule is to do this as quickly as possible. The amount of money you can get depends on the speed.
Let us now take a look at some hacking directions. To begin with, let us think about what image pops up in our heads when we hear the word – hacker. For many people, a hacker is a person who wears dark clothes, fences himself off from the whole world, does not communicate with anyone, and spends almost all his time at the computer. Is this just a myth? No, there are many people like this. Perhaps most hackers 20 years ago fell under this type. But now, such people represent only a small part of the hacking community. Such geeks are directly involved in the vulnerability research and everything that is closely related to hardware and programs. They earn by harvesting basic info and selling it. Previously, the chain started and also ended on such people. They found the vulnerabilities, breached the banks, leaked valuable information, sold it. These were one-man bands. Why sell something if you can use it yourself?
Times have changed, and vulnerabilities are often sold after their discovery. The fact is that due to the growth of the dark market and the constant appearance of new programs and systems, it becomes more profitable for crackers to focus on finding more and more gaps. They do what they are really good at. They do it very quickly and provide high-quality results. It is easier for crackers to sell a vulnerability to others. The role of others is to build a plan around the vulnerability, figure out how to make the most profit from it, and put the plan into action. So, again, it is not always appropriate to ask a hacker “what programming language he uses” or “can he read binary code.”
Today lazy people may earn plenty of money: YouTube bloggers filming their crazy life hacks, Instagram chicks, game streamers, etc. These are examples that are in plain sight, but something is happening among hackers too.
Modern technologies change the nature of hacking. At the same time, nothing has changed in education. Colleges continue to produce specialists who will work for $50k. In the middle ages, great scientists were burned because others did not understand or want their inventions. Now we live in a civilized world and do not burn anyone, but the adoption of new things often remains slow. The one who adapts faster will survive. Given the current progress, in the next 10 – 20 years, the nature of work will change dramatically, just as it changed when computers were invented.
Today, Internet businessmen have become the standard of luxury professions. The most recent large-scale boom in easy money is Bitcoin. Many people have become millionaires and billionaires. What about ICOs? Does anybody know how much money did fake projects collect? Everything is changing.
Where am I leading? Not everyone can become a blogger or buy Bitcoins for a couple of cents. Hacking in the next decades will go side by side with all other technological trends. We all understand that Internet technologies develop quickly. The hacker does not care what new trend will appear. He thinks about how to make money from it.
Why are hackers so successful? Everything that is created by people can be hacked by other people. Man is vulnerable and his creation is vulnerable. Therefore, the main thing is a special type of thinking. The hacker always looks from a different angle than the ordinary person.
If a hacker did not manage to buy Bitcoins for pennies, he would steal them from someone who managed to do so. There are no eternally working profitable schemes, and actually hacker does not need them. His main scheme is his brain and only then the use of tools to achieve the goal. A hacker is a multifunctional unit. He can have two-three passive sources of income, while simultaneously making one-time attacks that bring him tens of thousands of dollars. Hacking cannot die. Well, except that people will become robots.