If you’re like most people, you’ve probably thought to yourself, “Why would anyone want to hack me? I haven’t got anything they would want.” Most people assume that hackers only go after big companies for the big paydays like the massive data breaches you see in the news. While that’s true to a certain extent, there are reasons that hacker would come for small- or medium-businesses, or even home users. In today’s day and age, information is money where compromised personal information is bought and sold in the deepest darkest corners of the Internet.
As for the who, how, and why someone would hack you, we’re actually just going to focus on the why here. The who is irrelevant, just pick a bad guy, and the how is related to the other posts in this blog series—be sure to check them out. Now, what about the why? What are they really after? Do they care about the contents of your email? No, probably not, unless the hacker actually knows you personally, then that’s a whole other set of issues. In general, the bad guys are after information and computing resources.
You can probably guess what information would be appealing: usernames and passwords, financial information, social security numbers, tax information, etc. Things that could be used to either gain access your actual money or to steal your identity for other fraudulent activities—new lines of credit, fake IDs, etc. They could also be looking for your contacts who in turn become their next victims. As for computing resources, if a hacker can gain access to your system, they could set it up as a web server for distributing illegal goods or as a launching platform for attacks on other people. Your computer could be “enlisted” into a bot army of thousands and be used to launch massive spam campaigns or denial of service attacks against large networks.
This chart by Krebs on Security gives an excellent visualization of the value of a hacked computer. As you can see, the possibilities are many. These threats are just a few reasons why it’s so important to follow good security practices—strong passwords, use antivirus, update your software and hardware, backup your critical information, etc.