Are your social media accounts preventing hacker bloopers? Unfortunately, when it comes to organisational and personal cybercrime attempts, your company LinkedIn page may offer up too much info. In Forbes, Sue Poremba writes that your company’s social media can provide “very specific details about the company’s decision-makers and other key personnel,” such as the name, contact info, and writing style of said key decision-makers.
Social engineering from open source intelligence (OSINT) posted on public channels is behind the surge in whaling attacks, defined as well researched and highly targeted financial cybercrime. A spoofed email from the Snapchat CEO to the company’s payroll department resulted in the loss of sensitive employee data last year—and this attack was likely enabled by widely available social media content.
Hackers love easy targets. Criminals aren’t in the business of crime to make money the honest way, which is why they go for the office printer with poor security or launch ransomware at someone whose data isn’t backed up. Check out five of the dumbest hacker bloopers in recent cybercrime history.
1. Hacking someone with a backup
Ransomware extortion threats equal data loss unless you pony up cash or bitcoins to release your data. Right? Not necessarily—and not if you have a cloud backup or other security technologies to restore your data. Right?
Maria Korolov of CSO writes that the technology is definitely there for companies to ignore extortion attempts and simply restore cloud-based backups. But she’s found that companies are sacrificing protection for money savings, writing that “some organizations don’t include all their important files in their backups, or don’t run their backups often enough.”
Other companies aren’t testing backup availability or ensuring their data is segregated enough to stay safe from ransomware. Luckily, with enough budget for decent backups, this is one type of horrifying cybercrime where the bad guys don’t have to win.
2. Leaving digital fingerprints
Have you heard the one about Kelly Osbourne’s creeper? After gaining access to the celebrity’s email account, he decided he’d do a data export to review her protected information at a later date. Unfortunately, he set forwarding access for all her future emails to his own personal account.
While not all cybercriminals will leave such an incredibly obvious set of tracks, many leave other traces of evidence that make it easy to identify them or, at the least, shut them out. In one case detailed on McAfee, a hacker known as w0rmer failed to remove the exchangeable image file format (Exif) metadata from photos on his social media.
3. Significantly missing the target
In a true story that’s practically internet legend, a hacker once asked a chat companion for their IP address. After given the IP of 127.0.0.1, the hacker gleefully stated, “you idiot your hard drive g: is deleted… and d: is at 45% you idiot lolololol… you’re so stupid never give your IP on the internet” [SIC].
What they didn’t know was that 127.01.0.1 was a loop back IP, which pointed right at their own location. While few hackers are ever dumb enough to delete their own hard drive, missing the mark and facing a failed hacking attempt is pretty common.
4. Making silly typos
It would’ve been one of the biggest digitally fueled bank heists of all time if it wasn’t for a spelling error. In early 2016, a crime collective targeted Bangladesh’s central bank and attempted to transfer millions into their own offshore bank accounts. But a series of massive transfers were held up due to a typo.
According to the news reports, “hackers misspelled ‘foundation’ in the NGO’s name as ‘fandation’.” Difficulties transferring the funds prompted the routing bank to seek clarification, causing the entire financial scheme to crumble. The source estimates this typo saved the bank at least $870 million.
5. Blending in with recent crime
Remember the absolute terror of Mirai Dyn—the day when Amazon, Netflix, Reddit, and Twitter were all down for hours in North America? This was a high-profile attack with impact—but it can also be categorized as a “dumb” cybercrime.
Tech enthusiast Dr. Chris Tozzi defines a dumb cybercrime as anything that doesn’t “rely on sophisticated hacks to steal data or take control of devices.” Sadly for us, due to the wide availability of malicious code on hacker forums or the ease of setting up a phishing attack, hackers can get away with quite a bit these days. It’s up to security pros to shift the tables to make sure it’s not that easy.
There’s no reason to let dumb or lazy criminals win. If you’re lucky, they’ll be stupid enough to commit one of the most classic hacking bloopers, like deleting their own hard drive. If not, ransomware-safe data backups, smarter office printers and other equipment, and comprehensive security can help you fight the good fight.