When we think of hacking passwords, the image that comes to mind is that of technically savvy geniuses who use super high-tech tools, fancy computers, and whiz-bang software to crack the password. Like Tim and Abby from the popular CBS television show NCIS:
How do real hackers crack passwords? In “Hackers for Hire Are Easy to Find“, The Wall Street Journal reports:
[T]he IHG [hacking] service worked like this: It requested the target person’s email address, the names of friends or colleagues, and examples of topics that interest them. The hackers would then send an email to the target that sounded as if it came from an acquaintance, but which actually installed malicious software on the target’s computer. The software would let the hackers capture the target’s email password.
Real hackers don’t use super smart technology to crack the code. They use social engineering to create highly relevant emails from apparently trusted sources — spearphishing. Attacking systems is hard. Attacking people is easy. That is why bad guys Target the Human.
How long does it take to hack passwords using this method? How much does it cost? Who does this work? The Wall Street Journal reports:
One such site, hiretohack.net, advertises online services including being able to “crack” passwords for major email services in less than 48 hours. It says it charges a minimum of $150, depending on the email provider, the password’s complexity and the urgency of the job. The site describes itself as a group of technology students based in Europe, U.S. and Asia.
Apparently there is a lot of demand for hacking-for-hire services. New York magazine reports that the IHG hackers cited by The Wall Street Journal made more than $200,000 in thirteen months.