The movies tell us that hackers are hip young rebels and international secret agents with black leather jackets, cool shades and wild haircuts. They might work for secret organizations or they might be anarchists trying to shake things up. They stare at fields of green text that only they can comprehend and dance their fingers along the keyboards while shouting about jacking into mainframes and subverting the dot matrix.
Screenwriters have a lot of fun coming up with exciting ways to present the computer criminal, perhaps because the reality is so boring. Here are some of the more disappointing methods hackers use to swipe your stuff:
Mass Data Theft
The recent Ashley Madison hack is eye-opening for a number of reasons, one being that it helps to dispel the myth that hackers tend to specifically target their marks. Selecting a specific individual to steal from, and then succeeding in breaking their security, is actually a lot tougher than stealing from hundreds of people at a time through a single website hack, and hoping you wind up hitting a high-value target.
123456 is the most common password on the planet. It’s easy enough to just guess passwords until you get one right, but it’s even easier to keep trying to log in to different accounts until you find one with 123456 as its password. Again, hackers aren’t picky. They don’t really aim to bust into the White House’s networks or steal code from Apple, they tend to just keep trying different targets until they find one that’s poorly secured.
Some hackers don’t even use computers, they steal actual credit cards and receipts. Here, again, they tend to be opportunists. Why pickpocket when you can just hang around a coffee shop and wait for someone to forget their wallet on a table?
“Stay Logged In?”
If you ever feel like becoming a cybercriminal, hang around a library for a day, or anywhere else where computers are free for public use. Every time someone packs up and leaves, hop on their computer and find out if they forgot to log out of their bank accounts, Paypal accounts, or email providers. Nine people out of ten remember to log out, but it’s worth turning up nine misses for one hit.
And then there’s just good old fashioned peeking. It’s not hard to watch someone’s hands as they enter a password, or look over their shoulder when they read their emails.
Data thieves who have any real computer skills are actually relatively few and far between. The vast majority are opportunists. Many of whom might never have considered data or identity theft until they saw that someone forgot their card in an ATM. This is why it’s important to stay secure, not because hackers are so gifted, but because most of them are not, and an unsecure network is a prime target for a lazy opportunist.