Can Evil Hackers Destroy Your Enemy’s Life For $20?

I recently read a blog that addressed the question, “Can hackers destroy a person’s life for as little as $20 per month“. The blogger responded, “Yes and absolutely.” He apparently gave a very racy account to a Seattle paper that was following up on a story that some hackers are advertising their ability to destroy somebody’s life at a rate of $20 per month because they (the hackers) were going to be “doing it anyway”. The following was my response on his blog. That blog may be behind a registration requirement, so I am putting my response here as well.

What makes you think they are planning to DO anything at all?
What makes you think “they” are hackers in the first place?

This is a classic fraud/sting scenario.

“I am skilled in the occult arts and can cast an evil spell on your enemy,” is the old-fashioned way to phrase it. Today’s occult arts are medicine and network security. I do not admit to any spectacular knowledge of the medical arts, however there are plenty pf people making lots of money saying, “We can protect you from identity theft for a mere $99″. You protect yourself from identity theft from an ounce of prevention. Most of the paid protection is like UFO insurance, good luck finding the company if you ever need to file a claim.

It could be that they are going to be “doing it anyway.”

Ask your friendly neighborhood contract killer if they wouldn’t mind “doing” your neighbor, for the cost of a meal out at Hortons, since they are likely to be doing other people in the area anyway.

This is a plainly not going to happen. There is a lot of fear, uncertainty and doubt (FUD) surrounding what a computer cracker can actually do, based on a general lack of knowledge among the general public of what is possible for the average script-kiddie who would consider committing a felony for practically nothing. Identity-theft, or harvesting is relatively easy, with the right breaks, in a general way, but specifically targeting an individual is far more difficult. The “right breaks” might be finding an unattended Veterans-Administration Consultant’s laptop with 6 million veterans’ info on it. The money in identity theft is in sale of the information to people who are prepared to engage in various fraudulent activities. There is not a lot of money in it, but it would be very unwise to retain the lists and info in case some other random individual thought it would be a good idea to revenge-crack their neighbor.

Government-sponsored hackers and professional criminals with large budgets can certainly screw up a person’s life. However, they don’t need your stinkin’ $20.

Police sting operations might have fun with offering this opportunity, and adding to the FUD surrounding illegal hacking. Unethical network security companies might like the level of elevated fear that such an article would provoke enough to arrange a leak of the information. In fact, the fear might also help ethical security companies to convince their clients that updating their patches and anti-virus on their Windows computers might be a good idea.

I believe it would be a felony to conspire to destroy somebody’s life by hacking, the same as it would to actually do it. It would probably fall under DHS anti-terrorism laws like many cracker activities.

So back to the title. If you were able to do enough html to send out an ad to a billion people, offering this service, and your ad didn’t get noticed by somebody with half a brain, you would certainly be able to make a few bucks just offering the service with absolutely no intention to Do ANYTHING. However, you leave a server-log trail on thousands of servers and a money trail back to your bank account, or a postal trail, as dozens or hundreds of $20s appear in your mailbox. As a monthly service, what would you do? Set up a subscription in Paypal? You had better keep moving around, because there are several experts who can and will find you.

This appears to be a style of Phishing for the extremely gullible. More on Phishing later. A couple of years ago, I ran a test on one of those “We need you to accept money for us and keep 10% for your trouble” ads like you are probably getting with some regularity in your email inbox.