Apparently, hackers wanting to control PCs are wasting their time with elaborate botnets and vulnerability exploits -- all they may really need is some pocket change. A study
found that between 22 to 43 percent of people were willing to install
unknown software on their PCs in return for payments ranging from a
penny to a dollar, even when their OS flagged the app as a potential
threat that required permission to run.
While you might think that
respondents would naturally be a bit suspicious, that wasn't usually the
case. As researcher Nicolas Christin notes,
just 17 people out of 965 were running virtual machines that limited
the possible damage; only one person went in fully expecting trouble,
according to exit surveys.
It's no surprise that you can get someone to compromise security if you say the right things. Just ask Kevin Mitnick,
who breached networks by getting logins from overly trusting workers.
However, the study also suggests that it would make more financial sense
for hackers to pay targets directly rather than to pay for a botnet.
Since people don't seem to attach much monetary value to their security,
criminals could pay roughly what they do now to steal data while
avoiding the use of unreliable bots and equally sketchy bot sellers.
The study isn't a big one, so it's difficult to know if the results
would be consistent on a larger scale. Also, people looking at tasks in
Mechanical Turk are already eager for money; it may be tougher to pay
for control of a PC when the offer comes out of the blue. Even if the
voluntary infections would be lower in practice, though, the finding is a
friendly reminder to always treat unfamiliar code with caution, no
matter how much profit you'll make by installing it.
Monday, June 16, 2014
Want to hijack people's PCs? Pay them a few cents
7:39 AM
Unknown