How hack attacks can cost you money

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://money.cnn.com/2014/01/06/technology/security/hack-cost/

Recent hacks of millions of usernames, passwords and credit cards have many
asking: What's the worst that could happen?

Usually, having an account hacked is just annoying. But at its worst, a
hack could ruin your reputation and cost you or relatives real money.

The damage depends on the access hackers get.

In a recent case like Target's 40 million stolen credit and debit card
accounts, hackers can make fraudulent cards. Consumers aren't likely to
suffer too much though. Individuals will have to cancel their accounts and
wait for replacement cards, but banks will take the financial hit.

It's a much bigger problem when criminals make off with lists of usernames
and passwords, as they did by hacking Adobe in October.

Cybersecurity experts say that makes it easier to break into your email --
and after that, everything else.

Smart hackers will attempt to use your stolen password to access the email
attached to that account. It can prove effective, as studies show more than
half of us keep the same password for most websites.

Here are some of the most devious things that hackers can do with your
information.

Steal your Social Security number: This is the master key to your identity,
and it's all over employment and financial documents. Hackers have been
known to find Social Security numbers by logging into retirement account
websites and pulling up tax statements, according to Charles Henderson, an
ethical hacker and director at cybersecurity firm Trustwave.

Criminals can also pose as you, sending emails to your doctor and
accountant requesting documents that show your Social Security number.

Armed with that, criminals can ruin your credit history by obtaining credit
cards and bank loans in your name. It's messy to clean up, because you must
work with all three major credit reporting agencies and the federal
government. To change your Social Security number, you'll need to convince
the Social Security Administration identity theft has taken place and
you've exhausted all options for stopping the criminals.

Scam your friends and family: Using what Henderson describes as the "Hi,
Grandma scam," hackers posing as you will email friends and family asking
them to wire money their way due to some unforeseen emergency.

Some hackers may even have intimate conversations with your friends.
Hackers can trick them into revealing embarrassing secrets or sending
risqué photos that can be used for blackmail. Jonathan Vance, a hacker
using the name Metascape, did that to dozens of high school girls until he
was arrested by the FBI in 2008.

"Once [hackers are] in, for all intents and purposes, they are you," said
Tim Ryan, who leadsKroll's cyber investigations and previously supervised
the nation's largest cyber squad for the FBI.

Access your bills: Another sneaky tactic is to gain entry to services like
your cell phone account. They could then rack up charges on new devices,
text messages and phone calls.

It's an approach that's hard to spot immediately, because most people don't
pay close attention to the specific charges in their bills, said Jason
Polancich, a former member of the U.S. intelligence community who started
cybercrime news site HackSurfer.com.

Or they could find your telephone number and sell it spammers. Hackers
recently targeted social networking site Snapchat and published usernames
and partial phone numbers linked to those accounts. The group behind the
hack has claimed that they did it to pressure Snapchat to fix security
holes.

"People are really going to have to become as diligent with cybercrime as
they are with the weather. People don't realize how connected their lives
are," Polancich said.

On the bright side, security experts say these types of targeted hacks are
rare. They're usually reserved for the rich and famous. However, experts
have noticed a rise in hacks of people with access to those A-listers, such
as CEO secretaries and celebrity assistants.

One example is Christopher Chaney, a Florida man who hacked a stylist to
gain access to her client, Christina Aguilera. This hack allowed Chaney to
impersonate the stylist and get revealing photos of Aguilera sent to him.

"Most consumers don't realize we're all in the crosshairs," said Neal
O'Farrell, executive director of The Identity Theft Council, a nonprofit
awareness group. "Everyone has something worth hacking or stealing, whether
it's your own personal information, your contacts or access to corporate
networks."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.