Most people have little for hackers to gain / exploit by hacking them.
this post was submitted on 28 Jun 2025
87 points (93.9% liked)
No Stupid Questions
41863 readers
872 users here now
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
founded 2 years ago
MODERATORS
As everyone knows, hackers must wear a ski mask while hacking
It prevents that the bugs flying in their faces. It's an OSHA requirement.
If I went to all the trouble of hacking you and I emptied your bank account and savings, I'd get $12.
If I emptied Sony's accounts, not only would I have potentially millions or more, but I could also get industrial secrets that could be worth even more, or possibly could be used to further my own electronics industry.
One of these isn't worth the effort.
That does happen, but mainly through automated mass means like phishing and ransomware. Individuals also get targeted by tactics like romance or finance scams. I think you could probably see how a large corporation would be a more lucrative hacking target worth a lot of dedicated time vs. one individual.
Sometimes the victims even pay the attackers money upfront and install the wiretap themselves. looking at my IPTV box suspiciously, while the robotic vacuum hums in the background
Also, one can lead to the other. If you catch the right fish with a scam, they may just unwittingly give you a way in to an institution. Only the latter would make the news, though.
Why would anyone hack me? I’m poor, I’m boring, I have basically nothing to offer
The best thieves steal from the poor.
You have to pay a highly educated individual to spend hours finding any weakness to hack anything.
If you hack a big organization you'll get more then a few dollars from a bank account. They also have a lot more things that could be vulnerable to hacking.
It's a question of effort. Sony has a shitload of public presence. For social engineering I can learn many mid level manager names from LinkedIn for example and their infrastructure is necessarily public facing to allow people to work there.
And that's not talking about their public web presence and services.
And now we'll switch to ... You! If I'd try to target you I would have to first find anything from you to actually target.
Once I have your phone number, public IP or anything that gives me a lead I have to find my way in. And that way in will be because you've made a mistake, are lax with your passwords or use an out of date service.
But that's like 2/3 of the work I had for Sony as well. And now I see that you're a student with a net fortune of 50$ and a car from 1989.
To out it another way: for companies I aim with s rifle as they are a worthy prey. For individual people I use a shotgun and hope something hits something.
Because they don't need to. As Zuckerberg himself said: people will voluntarily give all kinds of private information to corporates without being asked or by the gentlest of requests.
The amount of effort necessary doesn't make it worth it usually
Yeah this is like asking "Why rob a bank when you could just rob a random person on the street"
Sure you can do that, but the comparably tiny amount of money you get is not really worth the effort and risk.
Effort vs Reward vs Ability vs Inital investment
In most cases, think of this kind of thing like a legitimate business. Same concepts. I'll grade a few scenarios based on what I have seen over the last 20 or so years. (The ratings are arbitrary and just trying to explain my point.)
Do you have the means to rent a botnet and phish a few million people for lots of credit card numbers? Can you manage that kind of data, test all those numbers and maybe end up just selling that data? Low Risk/Moderate Reward ("Selling shovels" analogy is probably a better scheme than actually renting the botnet, IMHO)
Could you setup a "call center" in India and run a scam ring like an 8-5 business? Are there enough people you can hire to do this work? That requires training, infrastructure and time. You also may need to "work with" law enforcement to ensure your scam isn't busted by legitimate cops. Moderate Risk/Moderate Reward.
Are you part of a small group with an insane amount of skill that has the time to pull off an extortion scheme against a Fortune 500 company for a few million bucks? High risk/High reward
Those are all normal scenarios above and it's based on profitability and initial investment. Risk/Reward is always a balance.
(Sorry. I pulled a "wHellll aKshUallY" when you said it's not worth the time for the small targets.)
Keep in mind, in some cases it's harder to hack an individual, especially if they are the slightest bit security conscious. Big corporations often use outdated software, sometimes painfully so. It's not really uncommon to hear about corporations using software that has been abandoned for decades. Meanwhile, your laptop and cell phone automatically update. Meaning, there's a chance you are a little more secure than your average corporation.
Also your data is meant to be private and accessed by a single person. Basically a big wall around your stuff with a single door.
Corporate data, by design, needs to be accessed by many people inside and outside the company. So they are adding another door for each person, department, or API that needs access. Even if the wall is higher and stronger, it's still full of doors to try.
Not everyone has access to a Gibson.
I think the Sony hack is not a great example because there is a very good chance it was more politically motivated than financially. It's one of those cases where we might never know but there is a good chance it was orchestrated by North Korea in response to a Sony movie that made Kim III not look very divine. NK is most likely connected to other hacks as well that were really just a way to get hard currency/to evade sanctions.
Effort and reward are like supply and demand. If I want to steal your credit card number to go shopping, it might take me a long time to get to it. And then it turns out there is only $500 left on it. Too much effort for not enough reward. That's why phishing, Nigerian princes, texted IRS/DMV fines, missed FedEx deliveries, and all that jazz happens. Low effort to throw a net out and then catch the dumbest of the fish. If you are a person of interest to me though the math if different. Maybe I'm a stalker (look behind you, I'm there right now). Or maybe horny me is looking for your (perfectly legal) sexting thread. Or you're a pedo, a socialist, a cult leader, or all of the above. Private people get hacked. But it rarely makes a splash in the news like the Sony hack.
Also, hacker ≠ hacker. There are good guys who hack stuff to show what needs fixing or to hold people to account. There are bad guys who do it for money or because they like it. There are those with one foot on either side of that fence. Motivations differ wildly.
Sounds like someone hasn’t been a target of fraud or a scam.
I’m Canadian, and when my phone rings with a unfamiliar number, I assume it’s someone trying to trick me to get my money, usually by pretending to be Chinese and having a package for me.