Disruption-as-a-Service, hackers get hot on customer experience

Written by on April 11, 2016 in Opinion with 0 Comments

Femme pirate avec son téléphoneAs Tony Poulos rightly pointed out the other day, data – once heralded as the new oil – is so pervasive that its value is disappearing. This is certainly true of our travels online, as advertisers try (largely in vain) to shove relevant adverts in our way. It is also true of the hackers on the ‘dark side.’ The value of data is dropping for them, too. And they are reacting by becoming more open, more focused on the customer.

We were fascinated, and not a little disturbed not so long ago when we interviewed Ryan Wilk from NuData, who said that ransomware is probably a passing fad and that you can buy a PayPal account for $6. Credit card fraud, once the darling of the underworld is, frankly, old school, and a credit card is only worth about 22 cents on the dark web, according to Wilk. This is a far cry from boxes of credit cards being sent special delivery to Africa and Russia, so that press ganged students could sit and open up thousands of new AOL accounts and sell them on to eager, isolated people.

The price of an account or service that you can take over is shockingly small. A Facebook account is $3; a French driver’s licence is expensive at $238 and banking credentials are available for between 1 and 3 percent of the balance.

And, one that will almost certainly tempt our own, well travelled, industry to that terrible ‘I am your father, Luke, join me’ choice is that for $90 you can buy 300,000 air miles.

Meanwhile, if you are feeling a little irritated by the competition and feel a little disruption coming on, no problem, you can bring down their website with a Denial of Service (DDoS) attack, for $5 an hour. And if you don’t know how to do it, there is a tutorial for $20. Fraudsters are now so bold that they post ‘how to’ videos on YouTube if you want to set a SIM Box fraud operation.

Not only that, but this new breed of hackers is now offering superior customer service. They have long opening hours, guarantees and promises. And, in the majority of cases the person being hacked will not even know they have been compromised. Account creation and financial identity fraud is the new credit card heist. And most of it is coming out of Russia, the home to the best on earth. Their real skill, their calling card is making their hacks look as if they came from somewhere else. China, for instance.

Scary stuff. And even ransomware, the latest scary story, Wilk says, is a passing fad. Why demand ‘money for data, when the clicks are free’, and you can take over an identity, or sell access to it so easily and so cheaply?

The hacking arena, it seems, has got competitive. With over 700 million customer accounts exposed last year, there is an over-supply. Hackers, too, need to differentiate themselves. Who would have thought that help desks, 24/7 support and guaranteed delivery would be the route they chose – to steal our identities.

While statistics like this are strangely fascinating and make great cocktail hour chat, the real question is ‘is there a defence against these dark arts?’

One herd-like response is to seek safety in numbers. There are so many hacks and your information is almost certainly among the hundreds of millions of identities that are being touted, maybe yours will be overlooked, somehow.

Another, and a recommended one, is to do all you can to protect yourself online – encrypt and change your passwords, use two-step authentication and don’t click something that you are not sure about. Now, you must even question emails from senior execs asking you to update your details in some company database.

The real solution lies in imitating real life, online.

When you visit your bank, your bank manager knows it is you. He knows your face, he is in no doubt that it is you. He evens laughs in an embarrassed way when he hands you the forms and list of documents he now needs so that he knows who you are.

Passive biometrics might be one answer. Combining a whole set of behavioural data and coming up with a much more holistic view of whether the person entering their name and password is actually the person they purport to be makes sense, and it passes our ‘common sense’ test. Adding techniques and technologies such as the blockchain for identity may be another, or together may create an even better solution.

One thing is for sure, though. The hackers are ahead of the game and we will always be reacting to their next move. Our only hope is that with a whole new set of tools, we can react fast enough.

Tags: , , , ,

Alex Leslie

About the Author

About the Author: Alex was Founder and CEO of the Global Billing Association (GBA), a trade body focused on the communications sector. He is a sought after speaker and chairman at leading industry conferences, and is widely published in communications magazines around the world. Until it closed, he was Contributing Editor, OSS/BSS for Connected Planet. He is publisher of DisruptiveViews and previously BillingViews. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: