Security Bytes

Feb 2 2010   1:36PM GMT

Chinese hacker says most are not skilled coders

Robert Westervelt Robert Westervelt Profile: Robert Westervelt

Automated tools fuel rise in less savvy hackers. How much do they really profit?

The New York Times managed to track down and interview a China-based hacker, offering a glimpse into what it says is a thriving hacking community there. The headline says “Hacking for Fun and Profit in China’s Underworld.” But there’s no real evidence of profit.

David Barboza’s description of the hacker, who goes by the name Majia, lives up to the old-school hacker stereotype: He’s young. He seems to be in it for the fame and he lives in a dingy apartment. He has a government job by day and at night spends long hours checking the statistics on his automated tools and time seeking out website vulnerabilities to crack into business websites in China and other countries to steal sensitive data or to install a malicious script to expand the scope of his automated attack tool’s reach. He claims to be making a lot of money. But then Barboza tells us this:

Majia lives with his parents, and his bedroom has little more than a desktop computer, a high-speed Internet connection and a large closet. The walls are bare.

Barboza found a very active community of hackers, willing to share and trade information. But the hacker Majia admits that today most hackers aren’t very skilled at all. We’ve been reporting on SearchSecurity about the rising level of automated attack tools making it relatively easy for non-technical people to become cybercriminals.

Last summer new research emerged painting a picture of the economics driving many underground black hat hacker communities. Security researchers Cormac Herley and Dinei Florencio found that there are far too many people attempting to make money phishing for passwords, account numbers and other sensitive data. While the picture isn’t exactly crystal clear and their work centered around automated phishing tools, it appears that a majority of the money being made in cybercriminal activity are by a handful of individuals. It’s like a pyramid scheme. The most skilled hackers are at the top. They create and sell (also rent) the automated tools to the minions below them. Those in the lower levels of the pyramid are often exposed to data stealing malware themselves. There’s a lot of infighting. There’s a lot of grandstanding. Most hackers need to prove themselves as legitimate.

“Some people probably try it for a while, don’t make much, and then wander off to try something else,” Herley told me at the time. “Breathless stories about ‘easy money’ probably ensures enough new entrants to keep the phenomenon going.”

More research needs to be done to get a clearer picture. Security researchers Billy Rios and Nitesh Dhanjani, who infiltrated the underground phishing market in 2008, agreed with the main points of Herley and Florencio’s assessment: The total annual losses associated with phishing at $61 million. Much less than the $3.2 billion estimated by Gartner Inc.

Unless he’s investing his earnings in a retirement fund, the hacker Majia is far from the top of the hacking pyramid. That’s why he’s living with his parents in a dingy apartment in one of China’s poorest neighborhoods.

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • 1993
    I really believe this really is post is very essential end up being endorsed to all anyone who has enjoyed within this years. due to the fact some times similar to this everyone requirements the existence of any information about technologies along with almost all it's improvement. so when together with things technologies could also often be served. [A href="http://itknowledgeexchange.techtarget.com/security-bytes/browser-exploit-kit-probe-highlights-need-for-patching-vigilance/#comments"]Browser exploit kit probe highlights need for patching, vigilance[/A] | [A href="http://genpocker.info/"]Hairstyles[/A]
    0 pointsBadges:
    report
  • Erwjan
    Nice review of the subject , I was looking to understand this matter further and found this information to be informative :)
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: