Thus spake hacker
»A hacker, Throwaway236236 (TW), recently went online on community site Reddit and started taking questions from readers. The surprising surfacing of a member of an underground community, gave an interesting insight into the shady world of cyber criminals.
TW is an engineering student, just 2 years into serious programming, but is obviously very talented. He started with Zeus trojan, an easily available malware, which steals banking information. He modified it and infected machines, turning them into bots. Bots are personal computers controlled remotely by hackers like him, who use them to launch attacks, steal information such as passwords and credit card information or mine bitcoin, a kind of virtual currency that can be converted to real cash.
TW commands about 10,000 bots and expands at a rate of 500 to 1,000 a day. You could say he is a hacker with a bit of conscience as he does not 'cash out' the information he steals. He only sells them and leaves the dirty work to others. People, who buy this data, try to carry out illegal transactions with banks or credit card companies to recoup their investment. They seem to avoid using computers to the extent possible while cashing out and may rely on phones or emails to carry out fraudulent transactions.
If you thought all cyber criminals are wayward geniuses you are wrong; many of them may not even know how to code. They just buy stolen data to cash out. The entry of the average Joes into this damning trade is alarming. But without any technical prowess it is a struggle for them to sustain in this rapidly mutating business. TW blames credit card companies for not doing enough to stop them.
Even TW does not see a long-term future in what he does. He makes $40 a day from bitcoin mining alone, which can touch $400 on good days. He is planning to get out of business of infecting computers to steal information. Instead, he wants to rent bots and use them for bitcoin mining. Infected Asian computers come cheap, at $15 for 1000 bots, he says.
He has a low opinion of antivirus (AV) companies. Even if your AV says a file is clean, it may not be so, he says. AV companies have a 'fundamental flaw' in their approach and many leave known loopholes untouched to ensure customers are forced to upgrade regularly, he alleges. He also has a few tips to keep your machine clean. If you get an attachment with a .exe extension be on you guard. If in doubt delete. Make sure the Adobe reader has the latest patches, though the updates process is now automated. Else, pdf files can also carry infections.
Don't buy pirated Windows and ensure you install all updates. If you don't want to spend money on a genuine copy, go for Linux. Online banking is not safe unless you use HBCI (Wikipedia, to know more) or similar. Banking on mobile phone is stupidity and don't trust your AV company, says TW. If someone you don't know tries to share a funny cat picture on Facebook, don't fall for it.