What attackers want when they hack email accounts

Mark Risher, Google's director of product management for identity and account security, explains what hackers are looking for and how Google is ramping up account security.

What attackers want when they hack email accounts

CNET's Dan Patterson interviewed Mark Risher, director of product management for identity and account security at Google, about what hackers are looking for and how Google is ramping up account security. The following is an edited transcript of the interview.

Campaign 2018: Election Hacking is a weekly series from TechRepublic sibling sites, CBS News & CNET, about the cyber-threats and vulnerabilities of the 2018 midterm election.

Dan Patterson: Mark, can you help us understand, when bad actors, when hackers, when people who want to sniff out data from accounts at Google, who are some of these actors and what specifically are they looking for?

Mark Risher: There's a wide variety of what people are looking for and trying to break into accounts. In the past, and by volume, it has historically been about commercial motivations. They were looking to initially send spam. We've all seen this on email. And then to find specific information that might be in your account that could be turned into a profit.

More recently though, we've seen some new and troubling attack vectors. One is going after the information value of what they find there. This could be used for blackmail or for extortion purposes, as well as being able to link to other accounts that might be connected together, for example, going after financial assets that are connected to another account.

SEE: Network security policy (Tech Pro Research)

Dan Patterson: When we hear stories about, oh, so and so company was hacked, whether it's a data broker, or a social media company, or even an email provider, those seem like massive scary hacks and data breaches, but often we don't correlate that with a secondary hack, or post action bad things. What can happen? What's the fallout of a data breach?

Mark Risher: There's a bunch of problems that happen with data breaches. One is that people tend to reuse their passwords on multiple different sites. Some small company gets broken into, exposes your password, but that means that you would still fall in another place you've used the same site. That's why we recommend that people use a unique and different password on every site and store that in a password manager.

But there are other things that are happening too. A recent trend we've seen that's really disturbing is that attackers use some of this breached information to add credibility to a secondary one. For example, you might receive an email message that says, "Dan, I've been watching you, I've actually hacked into your computer and have access to all of your secret information. As proof, here's the last four digits of your credit card number." And then you read this and you say, "Oh my God, that is the last four digits of my credit card number. This person must be telling the truth. I better pay the ransom that he's charging."

Now, in reality, that often is not the case, but that last four digits, by being in one breach, can now be used to create a secondary channel for a profit.

Also see