One of 2012's biggest tech stories was Mat Honan's detailed account of a hacker dismantling his digital life. The Wired story spurred just about everyone to reexamine the strength of the password and cover the social engineering that took advantage of security flaws at Amazon and Apple. Not all hackers are out to wreak havoc or steal identities for their own use, though--some just want to sell your data.
A recent blog post from Krebs on Security delves into the underworld of account resellers, who use botnets to hack hundreds or thousands of computers and collect all kinds of information about their owners. Malware can easily pull the passwords from a web browser and pick up on the data entered into web forms. And instead of using that information to go on a spending spree, some botnet masters simply put that data up for sale.
Some of the account details are sold individually for a few dollars. Krebs on Security found resellers on underweb forums offering individual accounts to sites like Amazon, Overstock and Wal-mart (where active credit cards are likely ready and waiting to be used), and to sites like UPS and Fedex, which could be used for reshipping scams. Active account passwords to online merchants go for two bucks each, and accounts to shipping sites trade on the scam market for five bucks a pop.
Some other sellers simply offer data logs in bulk, which is also a scary prospect. Having someone hijack an Amazon account and go on a spending spree would be bad news, but hackers with access to more data are likely to cause even more damage. Social engineering is the name of the game: the more of your personal information they know, the easier it is for them to call up a big company and breeze through their security system.
Having secure passwords is worthless if your computer gets hit with a bit of information-gathering malware, so keep those antivirus definitions up to date and watch out for those shady executables. The start of the new year is a good time to remind yourself of these best practices for safer computing.