Love letters from a Black Hat to all the fools on the Internet

black hat love lettersAs an underground, “black hat” hacker, I don’t have time for significant others. I’m too busy earning stacks of cash to improve my Bitcoin mining rigs and working to pay off college loans.

This Valentine’s Day I want to show my appreciation by sending love letters to all those ignorant and over-trusting fools on the Internet that pay my bills by making the same mistakes over and over.

To Bob from the law firm

Roses are Red,
Violets are blue,
You use the same password everywhere,
So, I really love you!

Bob was a big deal back in the Myspace days. Too bad hundreds of millions of Myspace passwords leaked from a hack a few years ago, as well as credentials from countless other breaches. Bob’s Myspace password was part of that data, which I can now get free on the underground.

You’d think a decade-old password would be useless, but most people insist on using the same passwords everywhere they go. That’s why Bob still combines his dog’s name with his birth year and uses it as his work password at the law firm. Now I have access to all his client files there too. I love you Bob!

To Sue the restaurant franchise manager

Be mine – Now and forever;
Be mine – Your missing patches; my treasure;
Be mine – Still on Windows XP, it’s true;
You ARE mine – Old software, I love you.

To think… If Sue had only turned on Windows’ automatic updates, our star-crossed paths would never have intersected. The outdated software on her restaurant POS system makes it a breeze for me to skim her customer’s credit card data. As long as Sue continues to use decades old software and never patch, I will continue to profit. It’s a win-win relationship!

To Andrew, the click-happy bank teller

One click, two click, three click, four;
All the free sales and click some more;
Five click, six click, seven click, eight;
Open my fake tracking doc, I know you can’t wait!

Some people just like clicking any link in their inbox, even if they don’t know what it is. I love these inquisitive, yet short-sighted fools. They seem to believe anything and will even open unsolicited email attachments from email addresses they don’t recognize. One “50% discount” message and my drive-by download is complete. Now I have access to hundreds of bank records. Keep clicking my loves, and I’ll keep supplying the booby-trapped bait!

To Joanne, the IT administrator for a walk-in health clinic

My Valentine, your data is all I want;
In its digital glory, I find endless profit and delight;
My ransomware gives me the data encryption I need;
But the best part, my love, is your backups are out of sight.

Who knew you need to back up your company’s important data? Man! It’s crazy how quickly you can bring a hospital to its knees by locking patient records. And if the IT department didn’t back up those records correctly, my ransom demand gets paid quickly. Joanne, thanks for never testing your backup systems. Just one simple trial of your existing backups would have revealed the issue, and you would have been able to restore all your patient data without paying me for it. I love your lack of preparation, and so does my wallet.

That’s it for the Valentine’s letters this year. There are so many people making the same basic security mistakes over and over again that I’d never be able to write letters to them all. Whatever you do, don’t do anything differently next year. See you then my loves, and your money and data too!