Willie Sutton is reported (probably falsely) to have said he robbed banks because "that's where the money is." Today, the global IT infrastructure is where the money is. Companies, in an effort to get closer to their customer have entered the "food chain"- and they are not the top predator.
In Willie's day, the only place to buy a Trojan was in a pharmacy. No longer. Want a botnet? No problem, you can rent one. Want a Trojan to use as a payload? No problem. Not only has the bar been lowered for entry to the world of hacking, the potential for damage at the hands of a noob has been raised to that on par of seasoned crackers (as long as the script kiddie can pay for it). And to pay for it, he or she can buy a few stolen credit card numbers.
Willie (when explaining his preference for using a Tommy-gun) observed "you can't rob a bank on charm and personality." You can rob the Web that way. Barriers to entry are low. Attribution remains problematic (whether that is good or bad is perspective-based). Software quality remains shoddy. And it all runs on a fatally flawed architecture (which is unlikely to change for the foreseeable future.) In short, economy and technology favor the attacker.
As for Willie- while he may not have said "Why do I rob banks? Because that's where the money is," he did say:
"Why did I rob banks? Because I enjoyed it. I loved it. I was more alive when I was inside a bank, robbing it, than at any other time in my life. I enjoyed everything about it so much that one or two weeks later I'd be out looking for the next job. But to me the money was the chips, that's all."
Sound like anyone you know?
~CPwnk
Learn more about Willie Sutton
skip to main |
skip to sidebar
Exploring the Boundaries of Information (in)Security.
Posts
