Even the smallest piece of data can prove valuable
There was a time when owning a cross-cut shredder for home use was considered the height of personal data security. Oh, how the world has changed!
Today we all receive incredible volumes of communication through email, social media, text messages, and phone calls, and each of these messages provides intimate details about us.
When you answer the phone, you are telling the caller that this is a viable phone line, and by your accent, you are exposing your age, origins, sex, and more. When you open an email, the sender will be able to identify dozens of parameters about you and the platform you are using, if you allow images within these emails to display on your system they will learn even more details about the operating system you use, if you are a Mac or PC or a phone user. They will learn what levels of updates you have installed and even get information on how fast your network is. When you view content on social media sites or respond to a post, you are allowing incredibly rich data about yourself to be shared.
This data may seem valueless, but in the hands of someone with a plan all this data builds up into a profile that can easily be used to extract value from you, even without you knowing.
Create a massive data warehouse of user data, and you can then mine this data to match profiles to any specific need and charge for this information.
If you are looking for 10,000 profiles using a specific version of java and have a specific browser on a specific operating system, for which you have an exploit that will allow you to take over their machines, and then send emails from their emailing application, imagine what you could do. You could then for example send a message to all their friends asking for help, by running a program you send them in the email. This program could then start to capture their keystrokes and send them back to a server you set up without them knowing. Then you could hunt through these logged keystrokes later looking for logins to banks or commercial services. Now you have access to their accounts and can buy goods in their name or send money to other places. And your keylogging code can be designed to delete itself after a few days.
And the people you are stealing from have absolutely no idea who you are, and there is almost no way it can be traced back to you.
If you ever wondered why you get so many requests from people you don’t know for things you don’t care about on all your different ways of communicating, this is often what they are up to, building profiles to sell to others, who then sell this access to others in combination with other services, all with the eventual aim of theft.
Many of the people in the chain have no idea how their efforts are being used, and they don’t care, it’s just a job, in a company in a business park somewhere in the world.
The methods by which even the most trivial pieces of information can be used to steal are incredible. And the sophistication of those who develop and deploy these systems is growing daily.
The sophistication that users and businesses now need to have to counter these threats is incredible. We need to know so much more today to protect ourselves and our businesses from the theft of not just money and goods, but also information that is massive.
For better or worse we are all living in a very connected world.