I would have to disagree. Considering the amount of people who have bitcoin, and even less the amount of people who farm it, or have farmed it before it became so difficult. It seems much more likely that the wide-spread infiltrations of every-day systems is for information and DDoS over bitcoins. I seriously doubt it’s that hard to sell information to companies, as they most likely don’t care how you got that information. If information wasn’t key, whether it be for selling to another party, or scraping that data for easy to social engineer targets; then I also don’t think that fraudulent calls would be so prevalent these days. Where the main target is older people who will fall for their basic tricks and end up losing potentially thousands per person. -- Ryland From: Laszlo Hanyecz<mailto:laszlo@heliacal.net> Sent: Monday, December 14, 2020 10:17 AM To: nanog@nanog.org<mailto:nanog@nanog.org> Subject: Re: "Hacking" these days - purpose? Bitcoin. There wasn't much purpose to 'hacking' for a long time. Even when talking about DDoS stuff, it's still just temporary vandalism, it's only an inconvenience, and it can be undone pretty quickly. The whole idea of providing security has been turned into a wink-wink scam where people pretend to do busy work for money but everyone knows you'll still get breached and it doesn't really matter, so long as you can blame it on someone else and it's in the fine print. Look at what a business DDoS has become, both on the provider and the protection side. Stealing data is also a thing but even that is not inherently valuable unless you can blackmail the victim or sell it to a buyer. That kind of business requires more skills than just computer hacking to pull off, and carries a lot of risk in dealing with other humans who already know you're a data thief. This all changed with bitcoin, because now simply gaining access and finding the data is the pay dirt and it can be claimed anonymously without dealing with any other humans. -Laszlo On 2020-12-12 22:26, Peter E. Fry wrote:
Simple question: What's the purpose of obtaining illicit access to random devices on the Internet these days, considering that a large majority of attacks are now launched from cheap, readily available and poorly managed/overseen "cloud" services? Finding anything worthwhile to steal on random machines on the Internet seems unlikely, as does obtaining access superior (in e.g. location, bandwidth, anonymity, etc.) to the service from which the attack was launched.
I was thinking about this the other day as I was poking at my firewall, and hopped onto the archives (here and elsewhere) to see if I could find any discussion. I found a few mentions (e.g. "Microsoft is hacking my Asterisk???"), but I didn't catch any mention of purpose. Am I missing something obvious (either a purpose or a discussion of such)? Have I lost my mind entirely? (Can't hurt to check, as I'd likely be the last to know.)
Peter E. Fry