Example https://en.wikipedia.org/wiki/2014_Sony_Pictures_hack
Maybe I misunderstood what a hacker can do, but why not rob someone’s credit card or bank account if they can do it to Sony?
That does happen, but mainly through automated mass means like phishing and ransomware. Individuals also get targeted by tactics like romance or finance scams. I think you could probably see how a large corporation would be a more lucrative hacking target worth a lot of dedicated time vs. one individual.
Also, one can lead to the other. If you catch the right fish with a scam, they may just unwittingly give you a way in to an institution. Only the latter would make the news, though.
Sometimes the victims even pay the attackers money upfront and install the wiretap themselves. looking at my IPTV box suspiciously, while the robotic vacuum hums in the background
Yeah, there is a whole playbook for it called pig butchering
Most people have little for hackers to gain / exploit by hacking them.
It’s a question of effort. Sony has a shitload of public presence. For social engineering I can learn many mid level manager names from LinkedIn for example and their infrastructure is necessarily public facing to allow people to work there.
And that’s not talking about their public web presence and services.
And now we’ll switch to … You! If I’d try to target you I would have to first find anything from you to actually target.
Once I have your phone number, public IP or anything that gives me a lead I have to find my way in. And that way in will be because you’ve made a mistake, are lax with your passwords or use an out of date service.
But that’s like 2/3 of the work I had for Sony as well. And now I see that you’re a student with a net fortune of 50$ and a car from 1989.
To out it another way: for companies I aim with s rifle as they are a worthy prey. For individual people I use a shotgun and hope something hits something.
Because they don’t need to. As Zuckerberg himself said: people will voluntarily give all kinds of private information to corporates without being asked or by the gentlest of requests.
You have to pay a highly educated individual to spend hours finding any weakness to hack anything.
If you hack a big organization you’ll get more then a few dollars from a bank account. They also have a lot more things that could be vulnerable to hacking.
If I went to all the trouble of hacking you and I emptied your bank account and savings, I’d get $12.
If I emptied Sony’s accounts, not only would I have potentially millions or more, but I could also get industrial secrets that could be worth even more, or possibly could be used to further my own electronics industry.
One of these isn’t worth the effort.