【Observation】Can tech novices commit cybercrimes too? Bloomberg's experiment shows the severity of cybersecurity issues

The general public and even government officials still do not pay enough attention to cybersecurity issues. In order to understand whether an ordinary non-technical person is capable of using ransomware and launching attacks on others, a journalist from Bloomberg delved into the dark web to purchase a set of malicious software and attempted to launch an attack on his colleagues.

The results showed that in the dark web market, malicious software has evolved into "Ransomware as a Service (RaaS)," allowing even tech novices to launch cyber attacks on others.

In this era of technological advancement and widespread internet use, cybercrime and cybersecurity issues continue to play out in our daily lives. In 2019, the government computers of Baltimore, Maryland in the United States were hijacked by hackers, causing citizens to be unable to access services such as email, water bill payments, real estate transactions, and health alerts for nearly 3 weeks.

On May 4th of this year, Taiwan's CPC Corporation was also hit by a ransomware attack, leading to the complete shutdown of the JieLi card and CPC PAY payment systems at all gas stations in Taiwan. In addition, production lines of companies like Formosa Plastics Group and Cheng Uei Precision Technology have also been targeted by ransomware attacks. Information security has become an important issue that we must be vigilant about in our daily lives.

Potential of Muggle Attack: RaaS

To understand if an ordinary non-technical person is capable of using ransomware, Bloomberg reporter Drake Bennett conducted an experiment. He delved into the dark web and purchased a set of malicious software, attempting to launch an attack on his colleague Max Chafkin.

Drake Bennett was surprised to find that ransomware's prevalence and ease of use on the dark web is almost no different from Software as a Service (SaaS) in daily life. Attackers do not need to create their own ransomware or have professional backgrounds; they simply need to purchase services on the dark web. Drake Bennett stated:

"The chat rooms in the malware forums are like a market where you see many people selling different types of malware and attack methods. This market has evolved into a service they call 'Ransomware as a Service,' akin to 'Software as a Service.'"

Drake Bennett found a vendor in the chat room and obtained the rights to use the malicious software service for just $150. Ultimately, Drake Bennett sent a file containing ransomware to Max Chafkin and completed the attack.

Although this was just an experiment and Max Chafkin's attacked computer did not contain important files, Max Chafkin expressed that seeing the message on the attacked computer still evoked fear:

"When you see the message on your computer, it really scares you. They (hackers) tell you that they have control over you, they have your files, and they can do whatever they want. In that moment, you realize how easy it is to become a victim."

Attacks Will Not Stop! They Will Only Evolve

Similar attacks will never cease. Large-scale hacker attacks were reported this week in European countries such as the UK, Germany, Switzerland, and Spain. It is alleged that attackers used leaked SSH (Secure Shell, encrypted network transmission protocol) credentials to compromise supercomputers for mining Monero (XMR) coins. Units were forced to suspend operations or external connections to prevent further attacks.

In the end, Drake Bennett confessed to the anonymous person who provided him with the malicious software that he was a journalist and conducted a brief interview with him. The anonymous person, who goes by the name Johnny Blaze (from the movie Ghost Rider), revealed that he is not the only one providing such services on the dark web, but rather a team of individuals aged between 18 and 26.

Johnny Blaze further disclosed to the reporter that the RaaS he used is an old product, and the team has introduced updated services to the market, promising to do "better" than before.