Page - 249 - in The Future of Software Quality Assurance

Security: It’s Everyone’s Business! 249 stating there’s a problem which will require a small fee to clear up. Or the real estate receives a mail from a “buyer” to list a property.Were I to turn to the “Dark Side”, I would get a greater return attacking the local florist than I would attacking Amazon. The reason? Amazon spend a large amount of money hiring some of the world’s experts in security, implementing top-line technologyand robustprocesses to reducevulnerabilities.The localflorist/solicitor/realestate/surveyorcannot. 3 Reasons for (Cyber) Attacks Why would people conduct these attacks? As mentioned previously, these attacks can obtain a large amount of money quite quickly. Years ago, motivation for the attackerswascoveredwithMICE: • Money—this is very much the motivation in the case of BEC. Money can be a multi-faceted motivator. I once was “called by Microsoft” to have the person on the call tell me about the “viruses” on my machine. After showing a little empathy (“You’re job must be very difficult . . .”) and expressing how this call wasawasteof time, theyopeneduptome, tellingmetheyknewtheyweredoing wrong,but it’sa job tofeedtheir family(or,were theytryingtosociallyengineer me?). But they also felt safe, in that the chances of being caught were much less than getting fired for not “making enough successful calls”. Some people can make a lot of moneyfrom malicious attacks,3 while others do it to “pay the bills”. • Ideology—asbefore, ideologycanencompassavastarrayofviews.Thismotiva- tion could be a lone person who lost their business “to the bank”, a small group supporting animal rights, or a large group with a particular secular belief. And, based on this motivation, the targets will be different. Then, there’s the morally ambiguousgroupsofhackers,whoseideologycanshift.Andsometimeseventhis can be muddied—I enjoy when occasionally people attending demonstrations against capitalism/globalcorporatedomination ,etc.wear the whiteGuyFawkes mask from the movie V for Vendetta. You know, that trade-marked thing owned byWarnerBrothers4 . . . • Compromise—you may have received the latest phishing mail floating around the world,a versionofwhich I received isbelow: Hello! I’m a member of an international hacker group. As you could probably have guessed, your ac- 3“Black-hat sextortionists required: Competitive salary and dental plan”—listed on https://www. theregister.co.uk/2019/02/21/black_hats_sextortion_275k_salaries_helpers/ 4“The irony of the Anonymous mask” listed on https://www.theguardian.com/technology/2011/ aug/30/irony-of-anonymous-mask