Stealing Passwords is a Lucrative Hobby, Reporter Says


Brian Krebs, formally of the Washington Post, did some digging and discovered that hackers have now got a new motivation to imitate the activities of Anonymous – money.

In the days of yore when individuals did not think twice before sharing private information on social networks, hackers with fleets of zombie computers at their disposal stuck to distributing spam and launching the occasional denial-of-service attack. But today, in an era when Cybersecurity is finally starting to seep into the public consciousness, black hat security gurus are less interested in computer resources and choose to focus their efforts on obtaining victims’ personal data. The reason is a simple one: there’s demand for it.

Krebs published his findings in a recent blog post:

“Logins for everything from to often are resold — either in bulk, or separately by retailer name — on underground crime forums. A miscreant who operates a Citadel botnet of respectable size (a few thousand bots, e.g.) can expect to quickly accumulate huge volumes of “logs,” records of user credentials and browsing history from victim PCs. Without even looking that hard, I found several individuals on Underweb forums selling bulk access to their botnet logs; for example.”

Krebs cites a forum ad by a botnet user who demanded $150 for 6 gigabytes worth of logs.

These hackers’ interests don’t always overlap with the motives of their better known peers, such as LulzSec, but they are very much connected. Throughout its existence the now-defunct hackactivist group compromised tens of thousands of users, but opted to publish all of the stolen data instead of turning a profit. This earned it attention that served as a wake-up call for not only the end-users who have neglected their digital security, but also the shady figures who sought new ways to monetize online vulnerabilities.