How do hackers make money? How do hackers make money? How do hackers start making money?

No matter how much they earn, their work is dishonest and dirty. Although there is a certain caste of noble hackers who, like Robin Hoods, strive to restore justice in this crazy world. But there are only a few of them. Basically, these are scammers with a criminal mindset, or forced laboring nerds in the service of the special services - sorry for the pun. However, this is all lyrics, let’s try to roughly reproduce the numbers they have from their criminal works.

Hackers are in more demand than ever. Governments and individuals seek them out for their ability to target online organizations and listen to global digital communications. Much of their work is usually illegal - and unethical - but like us, they too need money to survive. There are many ways to pay hackers, and they include anything from "meeting in a dark alley" to handing over bitcoins.

To understand them better, here are six hacker “services.” One such transfer was documented in a recent article on a tech site. The funds were transferred through a regular bank transfer and he even sent them an invoice. Sometimes wire transfers are not an option. When this happens, the hacker may want to trade their services for various gift cards, drugs, valuables, or equally valuable information. These transactions typically take place on one of the dark web sites and forums where the transaction was usually struck in the first place.

Well-known fighters against hacker programs, the guys from Kaspersky, say that the income from a hacker attack can exceed the costs of organizing it by as much as 20 orders of magnitude. And their incomes are growing year after year, because our life has turned into continuous cyberspace - count how many different operations humanity now performs on the Internet. Almost all important matters are conducted over the network, money, correspondence, exchange of information and media. And where there is supply, there is demand. The bulk of cybercrimes, of course, involve the theft of money from accounts and cards.

To find a thief, you must think like one. Governments typically hire hackers to track others or perform other tasks vital to national security, such as stealing military data or even industrial and economic espionage. Hackers hired by a hacker get paid like a regular employee or freelancer. Governments aren't the only ones who hire hackers.

General market trend

According to the latest open source data, which is now outdated and dates back to 2011, the global cybercrime market was worth $12.5 billion, up $5.5 billion from 2010 data. It is not surprising if today, in 2016, this figure has increased significantly!

A modern hacker is not a genius programmer; there are only a few of them. A modern hacker practically does not develop his own software, he buys them and uses them for his own purposes - for this you do not need to have seven spans of intelligence. Even the cheapest hacking programs generate significant income. Today, a hacker is more of a psychologist, marketer and fraudster than an evil genius. Having acquired a malicious program, the main thing is to be able to fully use it, that is, to introduce it into the victim’s camp, which is where various psychological marketing tricks are used in letters and mailings.

Whether you're working as a white hat hacker testing pen and test systems or capturing data to sell on the black market, most hackers can easily make six figures or more. Sometimes raw data is worth more money on the black market than individual transactions. Extortion, fraud, and social engineering also allow the hacker to extract money from their victims more frequently, often at a much higher rate of return.

Data breaches are quickly reported in the news, but it is often unclear what the motivation for the attack began or what happens to the stolen assets after the attack. To improve your security, you may wonder what information or systems you really need to secure. Before you can start using more secure methods and programs, you must first get inside the hacker's head. Knowing their motivations, habits, skills and psychology can be the first way to create a safer environment.

To create a fake account on social networks and spam mailings from it, it will cost approximately $150-200. And if at least a hundred people take the bait and send their data to cybercriminals, you can earn $10,000 or more by selling only the confidential information obtained this way.

Trojans

But Trojan programs bring the bulk of hackers' profits. For example, a simple case is a screen locker. They infect a computer with it, and not only a computer - a smartphone, a tablet, and then a ransom is required to unlock it. The Trojan code usually costs $1,000, and requires $100-200 to unlock. By infecting 15-20 users, you can pay for the Trojan and make a profit. You can also make money from ransomware Trojans, although they cost more – about $2,000.

Stolen credit cards, identities, and digital assets are obvious motivations for a person to become a criminal hacker. However, organized large group attacks or penetration tests performed by white hat hackers may be more difficult to understand. Some hackers are motivated solely by personal passions, such as political movements, fame, power, or attempts to protect a greater good, which is difficult to distinguish from the intention of monetary gain.

The motivation for the hackers was simple: selling valid credit cards and IDs on the black market is very profitable. Selling this information on the black market gave hackers higher volume and made it easier to disperse than if they charged per card. Moreover, the anonymity of these hackers remains intact.

The heavy artillery of this type of crime is banking Trojans. They provide access to the victim's accounts. The banking Trojan code costs more than $3,000, and the average income after its implementation is $75,000.

Millionaire hackers

There is evidence that in Russia alone hackers earn more than $1 billion a year. The average hacker makes approximately $50,000 per year. Much of this money is from Russian victims of their attacks. There are approximately 20,000 hackers in Russia. Typically, most of them in the regions receive 10-20 thousand dollars a year. But there are also dollar millionaires among hackers, more than a hundred of them. Some Russian hacker groups make up to $10 million a week. The recorded record amount of earnings for the hacker group is $24 and $26 million.

They will likely leave, giving them the opportunity to attack other businesses in the future. With a lot of time spent testing and auditing the code, this vulnerability may never have been released. If the point of entry was more obscure and difficult to completely prevent, the breach could have been detected with more frequent white hat and audit checks. Violating the target is even more difficult to defend. When an attacker breaches the network, they are effectively trapped by a fake and lead to them making changes to the real thing.

Second side

Those who oppose hackers are the same hackers, but on the other side of the barricades - they get much less. Their usual salary is 1000-1500 dollars per month. In Moscow, of course, it’s more – from $2,500 per month. Usually these are employees of companies developing computer security systems and hackers in intelligence agencies.

The general trend is that Russia today is the absolute leader in the number of cyber incidents using Trojans - this is 72% of the total number of incidents in all countries, and the income of criminals, on average, according to experts, is $10 million per week.

This allows security teams to respond to abnormal activity before allowing communication with real machines. Stolen credit cards or user identities are one of the most common items. Most hackers are not interested in further attacks on victims, instead they sell this data to others who may have a specific agenda or operation. Some buyers look for user authentication databases to test the same email and password for other services.

The secret of business is knowing what others don't know. - Aristotle Onassis

Making money is always and everywhere very difficult, unless of course your dad is an oil worker. You will have to study everything, find out information. In addition, information that helps you earn serious money is not just in the public domain, it deliberately hiding, so it will be even more difficult for you. I myself know some private information, but I do not disclose it, due to the natural closure of shops after this.
Morality: if you do the same thing as everyone else, you will earn the same amount as everyone else. But if you think for yourself, look for solutions, think, you will earn as much as few others earn. In the world, 5% of the population uses 95% of the resources produced by all humanity, and the remaining 95% are content with the remaining 5 percent.

Hacking accounts, websites on order

Least profitable and least business. It's like freelancing in hack. Most beginners think that money in hacking is made by hacking to order. Actually this is not true.

Botnets

Botnet is a network of infected computers (zombie computers), which hackers use at their discretion. Hackers install special software on zombie computers that communicates with the hacker’s server, expecting a new command from it. A hacker, using the botnet control panel, can, for example, set the command “to doc such and such a site.” Zombie computers will read this “order” and begin sending a lot of useless data packets to the attacked site, and the site will crash. There are thousands, tens of thousands, and even millions of zombie computers in botnets. Since infected computers have "immunity" - this is anti-virus software, hacker bots from computers gradually fall off ("fire"), and the botnet needs constant replenishment.

Users' computers are infected through sites on which they are installed. iframes with bundles of exploits. The site owner may not be aware that his site has been hacked and is being used by hackers to infect visitors' computers. Hackers usually serve hacked websites through web shell: this is a script that is uploaded to the site, through which you can interact with the site’s files and database. Currently, a shell called WSO (Web Shell by oRb) is widely used. Previously, c99shell was popular.

Others may be interested in using stolen data for extortion. Surprisingly, there are even a large number of legitimate businesses that buy data on the black market to send spam emails to try to sell a product or service.

Like any other petty thief, many hackers work calmly and independently to make less ambitious lives of smaller targets. There are many ways a petty thief can operate, and since their crimes are smaller, they can do this for years without any real threat of prosecution or prosecution. Keep in mind that the word "hacker" does not always represent a criminal. Many hackers are hired as security exports or certified ethical hackers. These hackers are hiring on your side, and the best ones are black hat thinkers.

Let’s break it down into detail, what brings in how much profit. These are well-known topics (see). But everyone can come up with their own way to shake out the money from hacked computers. If the topic is worthwhile, the hacker assembles a team, develops software, encrypts it, and uploads it to computers.

Carding and fraud

Purposeful pissing of money. It is most severely prosecuted by law, and the perpetrators are sought through Interpol.
There are 2 types:

• Carding- money is stolen from credit cards and bank accounts.
• Stealing money from payment systems.

Link:

I'm new, how can I join?

Let's say you have recently learned to use a computer, or you have some knowledge of coding in Delphi. You are standing on the threshold of a world of giant money, but you don’t know how to do anything, you’re afraid, and you have no idea what to do. What to do?

It all starts with simple pampering - removing passwords with a fake, throwing a conic to the lamer, defacement of the site with the inscription “H4ck3d by Tv0y_kulkh@tsk3rsky_nik”... But then you begin to understand what’s what, you slowly begin to see the big picture. At some point, you will have your own ideas for schemes for cutting cabbage in your head: you will feel your knowledge gaps and will self-teach the necessary technologies, communicate with people, hang out on hack forums. And someday you will take the first step (it usually starts with announcements in sections on the hacker forum). In the beginning it will be difficult, everything will oppose you (the antivirus industry is not asleep either!). After working for years on your chosen topic, you will gradually become a guru. You will have a lot of assets, you will no longer be chasing money, but money will come to you. The main thing is not to give up, but to steadily move towards your goal. You only need to quit if the topic you are interested in really won’t bring you any money (you have calculated, thought through everything, and are disappointed). A the most important- This. Freedom is more valuable than any money. When the sky is checkered and the fools are striped, no amount of money will make you happy.

Of course, black hats are often hired as well. More advanced hackers tend to take some time to track them down and can often only be found by contacting their group. Malicious hackers are often hired for personal vendettas to secure websites or businesses or government agencies that want to infiltrate and steal secrets. Every person has to earn a living, and some hackers make their living by working for governments. American and Israeli intelligence agencies are often funded to create offensive measures using some of the best and brightest hackers.

Improvement of the article

The article is still very crude (there is no information about spam, carding, DDoS, and very little about hacking customized accounts). I suggest that adherents in hack business topics supplement the article. Write your additions below, in the style of this article. In general, beginners should understand the principle of operation, and there should be specific numbers (what makes how much money). Of course, private information should not be posted in the article. After all, hackers are not born. 19:33:00 10

MyP3uk

Direct theft of funds from accounts

There are a lot of malware on the Internet that, if handled correctly, bring very good money. In particular, when a user becomes infected with a virus, the Nth amount of money is stolen from WebMoney and transferred to another wallet.
Also, the topic of a Trojan is slowly spreading online, sending SMS to paid numbers from USB modems.
Such a business can easily bring in 1500$ per day at minimal cost.

Bays for various details

Let's say you have a botnet, a lot of bots filled with business traffic. Accordingly, there are many accounts for payment systems, but draining money yourself will take a lot of time, and besides, not many people know how to do it. Basically, in such situations, people look for a partner who is involved in withdrawing funds. This is called a pour - for a certain percentage, a person cashes out a sum of money and transfers most of it to the pourer.
You can also see advertisements for bays, but this should be perceived a little differently. The person simply transfers funds to your account for 50% of their value. You pay before adding funds.

Virus making

Virus maker- a person who writes malware (Trojans, rootkit caps, cryptors, etc.). The earnings of such specialists are about 4.000$-10.000$ 21:56:36 8

This dangerous virus was deployed at uranium enrichment facilities in Iran with the function of spinning centrifuges at nuclear power plants at unequal speeds, hiding data from operators. Given the control and secrecy of the program, it could be used to create much more disastrous results, especially if they were deployed for more malicious purposes. Another suspected government attack comes from China. In recent years, they have been unofficially blamed for numerous cyber attacks against the United States government as cyber wars begin to escalate.

MyP3uk

Passive hacking

I consider the following topics to be passive hacking:

• Selling hosting located in offshore zones - bulletproof hosting
• Sale Socks 4\5
• Selling Proxy servers
• Selling Dedicatied servers

All this little thing can bring up to 2000$ monthly!
Moreover, such people are mostly resellers and it is not possible to track them. Thus they often remain in the shadows.

Selling experience

Many people online sell courses/manuals, conduct webinars on various topics, etc. These people are selling you their experience. Let’s say you want to learn something, self-education will take too much time, but by participating in any webinar you will immediately reach a level no lower than average. I won’t name the cost of webinars; it varies everywhere. 10:01:45 5

Unless you are the CEO of a utility company or the head of security for your country, you may not worry too much about these types of attacks. However, it is important to recognize the consequences and the fact that governments will authorize such attacks. Preventative measures against these organizations are difficult because you have to outwit some very sharp hackers. The best defense in this case is to better understand and consider abstract possibilities, as a hacker does.

Emotions can be very motivating. Hackers in particular tend to be very selfish and proud, which causes them to react with extremes. Many little hackers love to gain public recognition and have their egos bruised. Impressive attacks can also serve as a basis for gaining access to more powerful organized crime units. These attacks are usually carried out by smart but amateur scriptwriters and black hat hackers. In other cases, they are an ego boost for one hacker who wants to be recognized for his skills.

MyP3uk

Dockering

Dockers - sellers who sell documents. An advanced docker can easily issue you an individual entrepreneur/private entrepreneur, can get you a visa to any country, provide you with an offshore account in a foreign bank, or can even provide you with an entire offshore company!
It all depends on your wallet size. Only they themselves know how much they earn. For example, a scan of a set of documents (main page of passport and registration, income certificate, Taxpayer Identification Number, medical policy, water license) costs about 200-250$ .
An offshore company in the Seychelles is worth RUR 50,000. And an individual entrepreneur/private enterprise will cost you 400$ .
Dockerization is quite a profitable business, but you need a lot of documents to start, and to assemble them you need channels...
As soon as I have an extra 15 minutes, I’ll write about the types of scams. I think this also applies to business. 18:41:13 5

In any case, these attacks tend to be quite common and the most annoying to most organizations. Defending against these attacks is actually quite simple. The most successful businesses are those who regularly consult with experts and audit and update their software.

If you use a credit or debit card, online banking, or make any electronic financial transaction, you are at risk of having your personal information or money stolen. This means that almost everyone is exposed to this threat. And data breaches, where many of these financial misdeeds began, became commonplace.

oeyii

Drop farming

Dropovd - a person or woman who breeds drops (denominations)
Drop - a person who either in a clear mind becomes a drop in order to take part in not entirely legal affairs, or is plunged into it through SI, divorce, or concealing certain details of what he will be involved in.

During the breach, user contact information for 76 million households and 7 million small businesses was stolen. More than 5 million records were believed to have been exposed in these breaches. So who pays when the data or money is taken?

Gerson says these incidents require consumers time and effort to correct errors and can lead to job losses and increased banking costs. Banks are raising hundreds of millions of dollars to fight wire fraud. Someone is going to foot the bill for this,” he says.

Drop leaders are usually smart people and have excellent skills in espionage, communication psychology, seduction and brainwashing. They create drops for some of the following topics:

• Service of nominee directors (nominees)

• Bays, accepting staff, opening bank accounts

• Registration of any property, bank cards, accounts

Kidalovo online

Ripper(from English R.I.P.- lazy, asshole) - a fraudster who is trying in one way or another to deceive his/his partners, thereby luring them out of some things useful to him.
I have scammed a lot on the internet, I think they can be divided into several groups:
• Carding scammers
• Spinognaws
• Homeless people
Now about each group in more detail.

Carding scammers- they often pretend to be cool carders or entire offices of carders, and try to foist you off by any means" plastic for cashing", cardboard, equipment and all other related tools, which they, of course, do not have and never had. Basically, in carding they are familiar only with general concepts and then from articles whose authors are those who are not involved in carding, so they are eliminated when using slang. They are also very keen on money, let’s say if you offer 50% of the price for their product - they will happily agree. Be careful - there are plenty of such individuals on the Internet!

So how can you reduce your risk? Some app stores may have been infiltrated by hackers who may be uploading fake apps that look almost identical to the real thing. In the near future, they may even use other biometrics such as iris scanning, facial recognition or voice prints. If your bank's online system still requires a username and password - and many do - it is important for security reasons that you create a unique password and update it frequently.

"Use something that's not easy to guess, and it might contain some capital letters, some numbers, and a special character to make it even harder," says Insko. Use an available smartphone passcode or fingerprint feature. Unless you post information on social media that could be used to guess your passwords or answer your security questions. Many people do not have any password protection on their mobile device. If you downloaded a banking app and didn't use your fingerprint or anything like that, that's not good, says Insko.

Spinognaws- these are such crazy guys who often ask decent sellers for something “for review”, and then they leave with another portion of freebies. For ordinary users they are not dangerous in any way, but for sellers they pose, although not a serious, but still a threat, one might even say, not a threat, but an untidiness, because giving away goods is also not very desirable...

Homeless people- a special individual! This type is dangerous because they “represent” a wide range of “services”, so they can scam you without looking back. They don’t give a damn about their reputation, there were cases when a guy cheated ~17 people for a ridiculous amount on Achat - 1 ruble ! It is these individuals who are the moral leaders of the Homeless.

To avoid being scammed, you should work through guarantors and trusted sellers.

23:35:57 4

16:46 2018

Let's figure out how white hackers differ from black hackers, what hacking is today and whether it can be a real profession.

The main character of the film "The Matrix" - Thomas Andersen - seemed like a respectable citizen during the day, and at night he hacked into networks under the nickname "Neo". Perhaps this is the stereotypical image of a hacker that has developed in popular culture: a hacker is a talented programmer who fights against an imperfect system, committing daring crimes.

In reality, everything is less dramatic. There are black hackers - cybercriminals who steal other people's intellectual property. And there are white hackers - specialists in the field of cybersecurity who work quite legally for the benefit of businesses and users, receiving a “white” salary.

Hacking: Terminology

Hacking is the unauthorized intrusion into a computer or network. And this is also any “hacking of the system.” For example, a growth hacker is a specialist who finds non-standard approaches to marketing, product development, team development, and sales strategies.

The arsenal of “computer” hackers includes guessing passwords, intercepting data, gaining access to a device’s webcam, remembering all the characters entered using the keyboard, stealing files, introducing malware and other hacking mechanisms.

Hackers can access information on a device remotely or crack the password on a stolen or lost device. For example, in 2012, NASA said that agency employees lost several work laptops with important unencrypted information (part of the code for controlling the International Space Station). Therefore, ensuring the security of gadgets that store personal or commercial information is critically important.

“To protect personal information on your phone or tablet, I advise you to store it in password-protected folders. Most modern smartphones have this function, but if it doesn’t, you can use applications like Best Secret Folder or Secret Calculator. A strong password or access settings will help protect your phone from being unlocked by fingerprint.

To avoid losing control of your lost device, install an application for geolocation tracking and remote control. There are free options like Find My iPhone (Apple) or Find My Mobile (Samsung), which are pre-installed on devices, and there are paid ones with wider functionality. For example, the mySafety application for the phone works even when the Internet is turned off,” recommends Sergey Vlasko, CEO of the personal belongings protection company “mySafety Ukraine”.

The most famous hackers in history

Technology magazines and the hacker community compile numerous rankings of the most famous hackers. The names on these lists vary from publication to publication, but some hackers almost always rank at the top.

Kevin Mitnick

He was awarded the title of the most wanted computer criminal in US history "according to" the United States Department of Justice. Kevin's story is so non-trivial that it formed the basis of the script for the film TakeDown (in Russian language distribution - "Breaking").

Mitnick served a one-year sentence in prison after hacking into the Digital Equipment Corporation network, after which he was released on supervised release for 3 years. At the end of his supervision, he escaped and was discovered hacking into America's national defense warning system. Mitnik was eventually caught and given 5 years in prison. After his release from prison, the ex-hacker became a popular speaker at computer security conferences and founded his own business, Mitnick Security Consulting.

Jonathan James

The tragic story of a hacker under the nickname c0mrade once again shows that black hacking is destructive for all participants in the hack. As a teenager, Jonathan began hacking into commercial and government networks, such as NASA's. The young hacker downloaded several files, including the source code of the International Orbital Station. As punishment for this, James was sent to prison at the age of 16. After his release in 2007, he again came under suspicion of hacking several networks of large private companies. However, James denied any involvement in these crimes.

Officials say Jonathan James committed suicide on May 18, 2008, believing he would be sent back to prison as punishment for crimes he said he did not commit. According to another version, the suicide was a falsification, but in fact James was killed by government agencies.

Kevin Poulsen

A hacker under the nickname Dark Dante was famous for his skills in hacking and tapping telephone networks. One day, for fun, he hacked the radio station's telephone network and declared himself the winner of a competition, who would receive a brand new Porsche as a prize.

After hacking into federal systems and stealing wiretap information, Poulsen was wanted by the FBI. Kevin was sentenced to 51 months in prison and a fine. After his release from prison in 1995, the former hacker switched to the light side of the force: he became editor-in-chief of Wired magazine, and in 2006 he even helped law enforcement agencies identify 744 sex offenders on the social network MySpace.

"There are two main reasons why many hackers become blackhat. The first is more money. As a blackhat you can sell everything: access to websites (shell, rdp, cpanel, etc.), vulnerabilities and exploits, website databases, bank account information and so on. Even though white hat hackers can access the same data, we consider it as a dirty market and dirty money because blackhats are in the business of stealing. The second reason is more freedom. Black hat hackers tend to think, that they are cooler than whites: no one knows their real identity; they are not limited by the scope or policy of the program; once they gain access to systems or networks, they maintain it until they gain maximum benefit.

I've talked about the "cool" side of black hat hacking, but there is a downside.

For example, as a black hat hacker, you have every chance of going to jail at any time. For a white hat hacker, such a scenario is impossible.

As a black hat hacker, you cannot publish any posts, speak at public conferences, or have a resume to mention accomplishments. As a white hat hacker, you can report [the vulnerability found] to the website and get paid according to their bonus program.

You can also get a CVE number and have an impressive resume citing your successes. Perhaps this will help you find a job in a high-tech company. If you want to work at Google, you will definitely be asked about your work experience. As a black hat hacker, you cannot mention any references or you will end up in jail. As a white hat hacker, you can publish your research, become a conference speaker or a talk show star,” says ethical hacker and Deloitte senior consultant Ibrahim Hegazi.

He notes that thanks to white hat hacking, you can even become a millionaire.

For example, Mark Litchfield, a famous white hat hacker and bug bounty hunter, earned more than $500,000 in a year. He simply looked for vulnerabilities on websites and reported them.

Thanks to the publications, Mark was offered a job at Oath, a company that owns Yahoo, AOL, TechCrunch and other brands.

"You can follow Mark's example by participating in the bug bounty programs of Google, Facebook, Twitter, Uber and other companies. Google pays $7500 for a simple XSS vulnerability. You can also join bonus platforms such as Hackerone.com, Bugcrowed.com , Synack.com, Hackenproof.com, and start making money,” recommends Hegazy.

Light side of the force

It may seem that hacking is an unambiguous evil. In fact, the ability to bypass computer protection is only a skill that can be used with good intentions.

White hat hackers are cybersecurity professionals who have the same knowledge and skills as malicious hackers, but, unlike the latter, use them to look for vulnerabilities in computer systems and help debug them.

They pass the information obtained during a “responsible hack” to the security department to eliminate loopholes that could be exploited by malicious hackers. White hat (or ethical) hackers are also called "white hat hackers". Apparently, this analogy comes from the Wild West movies, in which the good guys wore white hats and the bad guys dressed in black.

Today, white hat hackers have become the most powerful weapon in the fight against cybercriminals. After all, they know how to penetrate the security of online infrastructure and exploit the same vulnerabilities as “black hat hackers.” Ethical hackers are an integral part of the cybersecurity community.

How do white hat hackers make money?

Black hat hackers usually make money from theft, fraud and extortion. Ethical hackers use their skills to provide services to the security departments of large organizations. They know how attackers work, which helps prevent attacks.

Another way that ethical hackers can make a living is by participating in legal bug bounty searches.

Large companies (especially tech companies, such as Facebook, Microsoft or Google) offer rewards to white hat hackers if they find holes in the security of networks or software.

This way, white hat hackers make significant money, and the business fixes the vulnerability before cybercriminals take advantage of it.

But organizing your own bug-bounty program is quite difficult. To save resources, companies often resort to special bug-bounty platforms.

"In several years of working in cybersecurity, I have not seen a single company that did not have vulnerabilities. These could be errors in their own code, vulnerabilities in third-party software that the company uses, or errors in business logic. And when management understands these risks are a sign of the company's maturity.

To protect your products and customers, you need to find and fix bugs before black hat hackers find out about them. To do this, it’s worth bringing white hat hackers on your side: either hiring your own security researchers department (the most expensive option), or through a bug bounty program or platform.

Bug bounty translates as “bug hunting”: you assign a reward for each vulnerability found, regulate the process and get help from white hat hackers in finding bugs. Only giant companies can afford their own bug bounty programs, but platforms like HackenProof are available to almost everyone. Their advantage is that you do not have to spend a lot of resources on organizing the process, searching for ethical hackers and other routine issues. Hundreds of reliable specialists from all over the world are already on the platform,” explains Dmitry Budorin, CEO of the cybersecurity company Hacken.

Today, the threat of cyber attacks is greater than ever. Therefore, every company and organization, every ministry and government agency needs to be on alert and check its security. And ethical hacking is one of the best ways to find vulnerabilities in computer systems. Such cooperation helps businesses protect themselves and their clients, and provides talented hackers with the opportunity to make legal money.

Does hacking bring real income?

Of course, the activities of hackers are illegal, so they cannot be considered in the context of an official source of income. But, nevertheless, such an activity brings a certain “profit”, sometimes quite considerable. As such, hackers can be roughly divided into good and bad. The first ones find errors in a program or system and subsequently “sell” them to the owners of the resource, but what of it - Google pays almost half a thousand dollars to those who help find flaws on their sites. But bad hackers literally profit from such mistakes - they can intercept emails and then blackmail their recipients on behalf of an anonymous person, and “leak” goods from online stores.

According to Kaspersky Lab, hackers' profits can be 20 or more times higher than the amount they spend on organizing attacks. The calculation is very simple: spam mailing from a fake page on a social network will cost, for example, 150 dollars, even if its victims are 100 people who send their data upon request, then cybercriminals will receive about 10 thousand dollars. A virus for smartphones that requires a “ransom” costs about a thousand dollars, and to unlock a device, you will need to pay 100-200 dollars, that is, from the same hundred people you can get from 10 to 20 thousand dollars. You can earn about the same amount from ransomware.

It is not difficult to assume that the most profitable are considered to be banking virus programs that, based on stolen data, provide full access to clients’ cash accounts. The cost of such hacking work will be approximately three thousand dollars, but usually it also includes an exploit, as well as spam mailing, which already costs $70,000. Moreover, income from criminal cyber activities has been growing for years. There is also a growing market for malware, where lazy hackers buy tools to make money - ready-made programs that can hack and steal data.

To receive an income of several million every month, you must, of course, be a high-class professional. The question is: how many months will the hacker receive this huge amount of money? After all, sooner or later anyone, even the most “cunningly encrypted” criminal, will be caught. As they say: “There is no trick against scrap…”. So, the hacker will no longer be able to independently and voluntarily leave everything and leave. Firstly, it is almost impossible to stop when you have already started stealing on a grand scale, and secondly, such a “worker” will be surrounded by people who are eager to share with him his triumph, or rather profit. And you will have to share! The most interesting thing is that a person has one interesting feature - his needs adapt to his income level automatically, and now he begins to run out of money again.

It is worth noting that there are different types of hackers. Sometimes here too there are “revolutionaries” who work for an idea and have their own scores that they want to settle and so on. Often cybercriminals are people with an unbalanced psyche, because their work leaves its mark on their personality.

On May 12, disappointing news spread across the planet: a Trojan-based encryption virus called WannaCry could have infiltrated computers around the world. Moreover, the meanness of this “pest” also lay in the fact that from an infected PC that was connected to another network, this software spread further in an avalanche-like flow. In total, 74 countries were attacked. Russia suffered the most - our systems of the Ministry of Health, the Ministry of Internal Affairs and Sberbank were subjected to cyber attacks. According to very rough estimates, on the very first day, an attempt at infection was recorded in more than 50,000 thousand cases around the world. Several clinics and other organizations have stopped operating in Britain. Serious harm was done to India, Taiwan and Ukraine.

The essence of the virus is standard - it encrypts files on the computer and, in order to decrypt them, demands a ransom. It converts the encrypted data into an extension, which makes it completely unreadable. To decrypt, the attackers initially demanded a “modest” amount of $300 from users, and then their appetites increased to $600.

At the same time, the hackers have also come up with a means of intimidating the user - they say that in three days they will increase the ransom amount, and in a week it will no longer be possible to decrypt the files. Of course, no one provides any guarantees that after transferring the amount requested by the criminals, the data will be decrypted. There are cases where data was simply deleted, while the attackers cheerfully continued to demand a ransom for it.

By the way, recently it became known about a new variety (or imitation) of the WannaCry virus. It works on the same principles, using Windows vulnerabilities, as its “big brother”, but is much more difficult to detect. Its goal is to steal virtual currency. The new creation of hackers is called Adylkuzz. Already 200 thousand computers have become its victims.

Disputes about which country hackers came from put the entire planet in this situation continue, although little depends on their results. Russia's opponents, of course, loudly accuse the Russian Federation of this, but would it be logical for us to expose all the most important systems of the functioning of the state to attack in order to launch a virus into the computers of other countries?! Russian hackers indeed occupied the leading position in terms of income for several years in a row, but there is no evidence that this was their doing.

Money is good. Nobody argues with this. And how to earn tons of them on the Internet is told at every turn. But you have to live by the principle: “Believe only in yourself and your favorite magazine starting with the letter X.” Therefore, today we will tell you how to really make money without doing practically anything.

You've probably heard about different sponsors. These are, like, companies that make money from advertising. The trick is this:

1. You can receive it like spam in your mailbox (we won’t even talk about this, why should we read all sorts of letters, click on the links in them and get cents for it).
2. You can bring sponsorship advertising to the people from your pages using banners. (yes... with this kind of traffic, you and I will only earn money for beer)
3. And finally, surfing sponsors - like, you have to click on banners, move the mouse, and other gimmicks that prevent you from doing your job.

Okay, don’t lose your temper, X won’t let you die from the lack of bukazoids. We found a real way to make money. Listen, there is such a sponsor, DesktopDollars... Calm down, I know that he no longer accepts peppers from the CIS, but don’t forget, you read X :) So:

1. The sponsor actually pays - verified by us.
2. Issues a credit card for free, which will give you green presidents. No, well, of course, you can choose a check as a payment method and wait for it from 3 weeks to 3 months :)
3. There is no need to click on banners, move the mouse, you can turn off the browser and go about your business. The maximum that is required of you is to click “Continue” once an hour, like “I don’t sleep and watch your banners :)”
4. No time limit :)
5. Every minute of your surfing is taken into account, the statistics server is updated every 6 hours.
6. Constantly growing pay (from $0.5 per hour and above - 45% of the profit from the sponsor)
7. Referral system - like, peppers attracted by you to this program.

Level 1 - 15%
Level 2 - 10%
Level 3 - 5%
Level 4 - 5%
Level 5 - 5%
Level 6 - 5%

Imagine, you attracted 2 peppers, they also attracted 2 (this is, like, on average, but you can attract 20 people), in general, each attracted two people. And you spent only one hour a day on the Internet. What will you get from this:
(0,5$*1+0,075$*2+0,05$*4+0,025$*8+0,025$*16+0,025$*32)*30=67,5$

67.5 bucks a month for an hour a day! Very good indeed :)

So what do you need to do:

1. Fill out the form (indicate the country, for example Sweden - read on to learn how to make sure you are from Russia)
2. Download the program - viewbar (1.44 MB)
3. In principle, that’s it: attract your friends and don’t forget to turn on the viewbar when surfing. But here’s the problem: the money will go to Sweden, but you and I are from Russia.

Registration in "X" style:

1. You log into your account. Click "Change your info". Then you save the html code of this page to your screw. Let's call this file xakep.htm
2. Open xakep.htm in notepad and look for the line
   Puerto Rico
   and insert the line after it
   Russian Federation
3. Then you look for the form action line. You will meet her twice. Both times you insert it into the form action as the path to the asp file, http://www.desktopdollars.com/ . As a result, you will get:
   
   
   And
   
4. Open xakep.htm offline, select the country Russian Federation and press Submit. That's all :)

Run to REGISTER.
P.S. If not scrapped, then in the I was referred by field, please indicate my soap: [email protected]
Happy earnings!

The income of the organizers of a ransomware attack is an order of magnitude less than the damage they cause. But the cheapness and availability of malware provide hackers with good profitability.

The BadRabbit ransomware virus attack turned out to be much more modest than its predecessors - WannaCry in May and NotPetya in June. “Bad Bunny” blocked the information systems of Odessa airport, the Kyiv metro, the Ministry of Infrastructure of Ukraine, the Russian news agency Interfax and the online newspaper Fontanka. ESET reported that BadRabbit also tried to infect computers in Bulgaria (10.2% of attacks), Turkey (6.4%), Japan (3.8%) and other countries (2.4%). However, the vast majority of attacks were repulsed by security systems.

Just a few hours after the start of the attack, the virus was analyzed by almost all the largest companies in the field of Internet security. Experts from ESET, Proofpoint and Kaspersky Lab found that BadRabbit was distributed under the guise of fake Adobe Flash updates and installers.

Analysts at the Russian cybercrime investigation company Group-IB reported that “Bad Rabbit is a modified version of NotPetya with errors in the encryption algorithm corrected.” The NotPetya ransomware virus, in turn, is a modification of WannaCry, created on the basis of the EternalBlue hacker program, which was developed by the United States National Security Agency and then stolen by hackers.

Damage and benefit

According to Intel estimates, the total number of infected computers exceeded 530 thousand. In particular, the UK National Health Care System, the Spanish telecommunications company Telefonica, the Russian Ministry of Emergency Situations, the Ministry of Internal Affairs, Russian Railways, Sberbank, Megafon and VimpelCom suffered from virus attacks. WannaCry encrypted users’ files; for decryption, the extortionists demanded to pay $600 in Bitcoin cryptocurrency.

According to American experts, the extortionists received only 302 payments totaling $128,000. At the same time, the total damage to companies subjected to WannaCry attacks exceeded a billion dollars.

The extortionists received a total of 302 payments totaling $128,000. At the same time, the total damage to companies subjected to WannaCry attacks exceeded a billion dollars.

On June 27, 2017, attacks by the NotPetya ransomware virus began. As with WannaCry, the hackers demanded a ransom to restore the computer's functionality, but this time only $300 in Bitcoin.

More than 20 thousand companies in 60 countries on all continents were affected by the NotPetya attack, but more than 70% of the total number of virus infections occurred in Ukraine. The ransomware's revenue amounted to about $10,000, while FedEx and Moller-Maersk alone estimated their damage from the virus attack at $300 million each.

As for BadRabbit, both the losses of the affected companies and the income of the hackers, apparently, were close to zero.

Extortion on the cheap

The WannaCry – NotPetya – BadRabbit family of ransomware viruses is no longer dangerous, and now hackers will have to develop something completely new. There is no doubt that they will do this, especially since creating a ransomware virus is much easier than, for example, a banking Trojan. Thanks to this, in particular, the creation of ransomware is one of the most profitable areas of hacker activity.

Moreover, as experts from Positive Technologies have found out, the “ransomware-as-a-service” model is increasingly spreading among attackers, in which software authors are not the organizers of attacks, but make money by selling or renting viruses to criminal groups. For example, the developer of the Petya virus asks for 25 to 85% of victims' payments, and another ransomware virus, Karmen, is sold on the black market for $175.

Ransomware developers are not the organizers of the attacks, but make money by selling or renting viruses to criminal groups.

The source code of the ransomware that attacked MongoDB databases late last year with a ransom demand of 0.2 to 1 bitcoin was sold on the black market for just $200, along with a list of 100,000 IP addresses of unprotected databases and a scanner for search for new victims. According to experts, the total profit of hackers from using this program could exceed $6 million.

This year, ransomware viruses have become the undisputed champions in the number of computer infections. In addition to the aforementioned top three, this spring the Jaff family of ransomware, distributed through PDF documents, caused a lot of problems for computer owners. However, amid the hype around WannaCry, the media ignored this virus.

In September, according to the Israeli virus protection company Check Point, the Locky ransomware, which began spreading in February 2016, returned to the top ten most active malware.

Among other leaders this year, experts note the Adylkuzz8 virus, which infected many computers and used their computing power to mine cryptocurrency. “Controlled computing power allowed the hacker to earn about $2,000 a day,” Positive Technologies experts report.

Information overload

Stealing credentials is now second most popular among hackers. 16% of hacker attacks are aimed at this (introducing viruses - 38%). Cybercriminals either sell the information they receive on the black market or demand a ransom for it.

However, opportunities for making money in this area are rapidly declining. Thus, as a result of an attack on the American mobile operator U.S. Cellular hackers were able to steal the personal information of 126,761,168 Americans. This entire database was later put up for sale for just $500. In one Russian private clinic, IP web cameras were hacked; access to them was sold for only 300 rubles.

“We are seeing a decrease in the cost of personal data, which is probably due to the oversaturation of the market and the fact that information ceases to be unique, because it has been stolen for quite a long time,” notes a review by Positive Technologies. “In addition, it should be noted that in At the end of March, US President Donald Trump lifted the ban on the collection and transfer of personal data by providers (information about location, search history and time spent on a particular web page), which was introduced by Barack Obama.

“We are seeing a decline in the value of personal data, which is likely due to the oversaturation of the market and the fact that information is no longer unique, because it has been stolen for a long time.”

From a review by Positive Technologies

However, the most skilled hackers manage to make good money by stealing personal data. In the spring, hackers stole the credentials of users of two of the largest cryptocurrency exchanges – Bithumb and Tapizon. Having hacked into the accounts of 31,800 users, the attackers were then able to gain access to their accounts, stealing a total of more than $6 million.

In Russia, a hacker who received the mailbox data of one of the users began to blackmail the owner, threatening to register web resources on behalf of the victim, where he would publish pornography or sell drugs. Such a pressure tool can be quite effective and force victims to pay - to protect their reputation, as well as under the threat of criminal liability

The third place among the favorite tools of hackers today is occupied by the so-called social engineering - experts call this various ways of luring users to fake sites in order to lure out their credit card and bank account information. For example, at the beginning of the year, attackers used spam mailings to lure potential victims to fake PayPal pages and extort their bank card information.

In Russia, hackers sent victims notices of traffic police fines under the guise of a notification from the State Services portal. The authenticity of the letter was confirmed by the e-government logo, and the letter itself allegedly contained a photo of the offender’s car. When attempting to open the photo, the victim was redirected to a fake website that required entering email information.

Blackmail Request

The greatest concern of computer security experts today is DDoS attacks, the strength of which has increased manifold over the past year. The purpose of such an attack is to disable the site by submitting a large number of requests. DDoS attacks are used mainly for blackmail, since blocking the website of an online retailer or bank can bring multimillion-dollar losses to its owner.

It is difficult to estimate the scale of income in this area of ​​the hacker industry, since companies whose activities were disrupted due to DDoS attacks try not to advertise it. Positive Technologies notes that in the spring, the Skype service was unavailable for users from Europe and part of the USA for two days.
It is believed that this was caused by a DDoS attack, for which the hacker group CyberTeam took responsibility. It is unknown whether the hackers received any ransom from Skype or not.

Often, criminals will launch a weak attack and demand a ransom, threatening that next time it will be stronger, but this turns out to be a bluff. Such horror stories are being used more and more often.

In the summer, five South Korean banks at once became victims of blackmailers who demanded about 315 thousand dollars, threatening a massive DDoS attack.

In the summer, five South Korean banks (KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank and NH Bank) became victims of blackmailers who demanded about 315 thousand dollars, threatening a massive DDoS attack. Since no violations were observed in the work of these financial institutions, either the threats turned out to be groundless and the attackers did not have the resources necessary for the attack, or the banks were sufficiently protected, or they paid the required amount.

DDoS attacks are also used to combat competitors and other unwanted persons. As noted in a new Europol cybersecurity report, such attacks are often carried out for specific events: for example, targeting florists in the run-up to Valentine's Day or online bookmakers before large-scale sporting events.

At the beginning of this year, hackers organized DDoS attacks on the resources of the Dr.Web company with a capacity of 200 thousand to 500 thousand requests per second - in retaliation for the activities of the antivirus developer.

Dangerous things

Today, experts warn about the possibility of new, unprecedentedly powerful DDoS attacks due to the development of the Internet of Things. Currently, there are more than 6 billion electronic devices connected to the Internet around the world - IP cameras, routers, access control and management systems, as well as smart home systems (from light bulbs to door locks).

Each of these devices can become the source of a DDoS attack, especially since they all have many security flaws that allow attackers to access them from the Internet.

Check Point specialists reported the discovery of a giant Reaper botnet, which includes millions of devices, including most D-Link, Netgear and Linksys routers, as well as Internet-connected surveillance cameras.

In September 2016, cybersecurity specialist Brian Krebs' website was brought down by a DDoS attack carried out by a network of one and a half million routers and security cameras infected with the Mirai virus. Last week, Check Point reported the discovery of a giant Reaper botnet that includes millions of devices, including most D-Link, Netgear, and Linksys routers, as well as Internet-connected surveillance cameras from companies such as Vacron, GoAhead and AVTech.

Reaper has not yet shown any activity, but Chinese antivirus company Qihoo 360, which also discovered the botnet, warns that the virus could change and reactivate at any time, causing large swathes of the global internet to shut down.

Either insure or don’t insure

The intensity of cyber attacks is increasing every year. Check Point estimates that today, on average, one malicious program is downloaded every 4 seconds in the world, and this is eight and a half times more often than a year ago. The Russian company Krok reports that the number of customer requests related to the elimination of ransomware viruses has increased fivefold over the year.

One of the main reasons for the spread of cyber threats is rightly considered to be the frivolous attitude of many companies to computer security issues. In this regard, the EU plans to introduce fines for weak cyber protection measures.

The volume of insurance premiums in the field of cyber insurance today exceeds 3 billion euros, and by 2020 it will grow to 8.9 billion euros.

In Russia, as part of the Digital Economy program, by 2020 it is planned to introduce a standard for information security and compulsory insurance against cyber attacks for strategic companies - banks, airports, train stations, metallurgy, mechanical engineering, shipbuilding and aircraft industries.

It should be noted that in Europe cyber insurance has long become a serious and thriving business. According to Europol estimates, the volume of insurance premiums in this area today exceeds 3 billion euros, and by 2020 will grow to 8.9 billion euros. However, the organization warns that “cyber insurance encourages complacency among companies by relying on it instead of investing in proactive measures to protect against hackers.”