The Data-less Hack: Why this method of hacking may become more popular in the years to come

Tesla recently joined the ranks of large technology companies that have been hacked. However, in this case, not a single bit of data was stolen. Instead, the hackers used their unauthorized access to hijack computing time in order to mine for cryptocurrency. While it’s never great to see another beloved tech company become compromised, I found it incredibly interesting to interpret the nature of this hack as an indicator of what online thieves believe is most valuable these days. Check out the story, and let me know your thoughts on these next few points:

data-1-1068x601

Data is losing its relative value

For the hackers to have spared the data that was stored on the cloud, they must not have thought it was worth stealing. The act of stealing data in order to reap a profit isn’t a terribly complicated process. First, the outside party bypasses any and all security measures, assuming they understand the security measures used to safeguard the particular environment. Second, they extract the data they deem to be valuable, which may include things such as company diagnostic data, consumer information, engineering/design specs, internal memos, etc. Third, they take the data to the darknet (akin to the underbelly of the internet) to auction or sell wholesale to bidders or any other interested party. For the hackers to completely forsake any potential value of the data they ignored, the alternative must have been much better.

z2-crypto-a-20180123-870x580

The value of cryptocurrency is increasing in more ways than one

While the price of Bitcoin has rebounded from its most recent low, there potentially are other factors at play which make Bitcoin, and other cryptocurrencies, much more useful in the illicit world of hacking. Cryptocurrencies can be extremely difficult to trace for oversight boards and governments. Data leaves a trail. These two facts alone should make it clear that some hackers are getting wise about the risk involved in their activities. In the wake of the global revelation about international spying occurring with frequency in cyberspace, many have become acutely aware and uncomfortable with being monitored. Privacy is the name of the game, and these hackers are wise about how to play it well. Whereas they would have had to contend with possible tracing efforts years ago, there are less tedious methods of getting paid for bypassing security nowadays.

1_LQe3se5v_7CuJ8gEtYNT-w

Possible increases in hacking attempts overall

By obtaining cryptocurrency directly vs. selling data assets to obtain currency, the hackers have found a faster means of getting their money. This means one less barrier to getting paid, making the prospect of cybercrime all the more alluring for other would-be hackers. This enticement could mean an uptick in the number of cyber attacks that occur in the future. Further, since it doesn’t matter how valuable stored data is anymore, hackers may begin to target smaller and previously considered less attractive online businesses. Such businesses may have little or no security measures in place to even protect against hacking efforts – all that would be considered is the company server’s ability to process blockchain.

 

Although I’m sure there will be no immediate decline in hacking attempts aimed at obtaining consumer data, this new method of exploiting others for the sake of profit presents a unique set of dangers. Because the user or server admin isn’t noticeably affected by breaches for the sake of exploiting processing power, such breaches will take much longer to resolve. And the rising value of blockchain currencies coupled with the liquidity of the assets will be additional draws for those who believed that hacking was too high-risk, low-reward. This may lead to an increase in the number of hacking incidents worldwide, especially for previously less-attractive targets for hacking.

In the face of such incidents, we would all do well to become more cautious about our online activity. Some may recall the phishing attempt early last year, when Google was compromised, and links were sent to us seemingly from our own BC contacts. While there were very few incidents that became serious, this perfectly showcases the types of attacks we may see more of in the future – only this time, we would grant thieves access to profit opportunities at the cost of our own processing capacity.

6 comments

  1. MqZhang, I really enjoyed your post for several reasons. It was wildly educational. I never knew hacking was as easy as a three step process. After learning about the potential profits, I’m enticed to try it out myself (Kidding!). I also loved how easy it was to follow, especially being that the most I previously knew about cryptocurrency was Bitcoin… similar to Professor Kane’s son, that’s about all I knew. As the value of cryptocurrency rises, it will be intriguing to see how hacker rates react.

    Out of curiosity, how difficult is it to trace hackers? Is there some sort of fear of getting caught or would hackers only hack if they know their privacy is protected?

    1. Thanks, Tara! I’m simplifying some fairly complex processes, so I’m sure there are folks who work in cybersecurity that could detail each and every nuance about the steps that are typically involved. Since this has been a recent development in the hacking community, we may begin to see a correlation between rising cryptocurrency prices and the popularity of such attacks soon!

      With regards to tracing attackers, it depends on the method of entry that the hackers use. Everyone leaves a kind of “signature” when they input code and execute programming on a server. Depending on how familiar people are with a certain method of entry, it’s possible to link attacks together to point to the same person or group that may be carrying out the attacks.

  2. A great post! One thing I was quite surprised about was the fact that the hackers could care less about Tesla’s data and used that unauthorized access to mine cryptocurrency. To think about it, unless the hackers are against a particular group or organization for a specific reason, they mainly hack to earn some cash for themselves. Given that cryptocurrency is a great way to make a profit these days, this incident does not shock me as much, but I never imagined hacking to be used in this way. With your speculation that such incidents will occur more frequently, governments’ attempts to regulate cryptocurrency will be stronger, eventually making the value of cryptocurrency to plummet. I am guessing it will eventually converge until people finally find the “true value” of cryptocurrency. I guess it’s good in the long term, but who knows.

  3. Interesting article! I think that crypto currency and the sophistication of hackers will expand hacking significantly. However, I think consumer data will still continue to be a major point and reason for hacking. I think this is definitely an interesting way to look at the expansion of hacking for the future and to see how the up and down of crypto will effect this landscape. As this article mentions, this also shows a huge potential for problems with cloud storage and potential breaches with its security. Will be interested to see how companies react to these security threats!

  4. In my blog post, I also discussed about the potential cyber security issues. I’ve mentioned more about risks toward individual information on social media platforms, but still I believe we both agree that the nature of internet/online structure is vulnerable to certain kinds of infringements. Hacking, even before the cryptocurrency, has been really big concerns around the world. There have been many cases in which countries hack each others’ military intelligences as well, and they have been extremely detrimental. Similarly, as the value of cryptocurrency these days have exploded, more and more hackers would be targeting it (even right now at this moment).

  5. My first thought about this article (right after imagining a hacker using computing resources like a digital grand theft auto) is that this would be a really great strategy for a cyberattack distraction. What I mean is that how do we know all they really did was use the servers to mine bitcoin? If you have a sophisticated enough hacker, they will leave a trace of one action but leave without a trace on a completely separate one. Even if that is not the case in this situation, I am convinced such a strategy may become more popular amongst criminals in the future.

%d bloggers like this: