Slashdot Mirror

← Back to Stories (view on slashdot.org)

Survey: Average Successful Hack Nets Less Than $15,000 (csoonline.com)

Posted by timothy on from the short-attention-span dept.

itwbennett writes: According to a Ponemon Institute survey, hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours. A delay of 10 hours causes 24 percent to quit, a delay of 20 hours causes 36 to quit, and a majority of 60 percent will give up if an attack takes 40 additional hours. 'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.

17 of 84 comments (clear)

  1. Pokemon Institute?? by Narcocide · · Score: 3, Funny

    Oh wait, never mind.

    1. Re:Pokemon Institute?? by Zaowulf · · Score: 2

      Glad I wasn't the only one who had to read it twice

  2. Oh those poor hackers! by jellomizer · · Score: 2

    They are making low wages... Boo Hoo.
    Well stop hacking and get a real job.

    Except for most of these hackers are outside the US where the $15,000 USD is a lot of money.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Oh those poor hackers! by ShanghaiBill · · Score: 2

      For many of these people, hacking is not their day job. Much hacking involves setting up automated scripts, which then run for hours or days, trying passwords or probing for open ports. In the meantime, the hackers can go about their lives, including going to their day jobs. If you look at the risk/benefit analysis, hacking makes a lot of sense, especially if you live in a jurisdiction that doesn't prosecute online crime.

    2. Re:Oh those poor hackers! by bluefoxlucid · · Score: 3, Informative

      On one hand, it's not a lot of money. A decent job pays more.

      On the other, apparently it's $29,000 for like two days of work.

      I quit playing the stock market because it was hard. I averaged 1% per day on 3-5 day holdings (swing trading; day trading would be attractive if I had a large portfolio), but that was with 18 hours per day of research, waking at 4am to examine news and foreign markets, with loads of analysis of technicals and some fundamentals. It was technically sustainable, if I didn't go insane first.

      Those two days of work for a hacker are followed by months or years of worrying which of the 40 odd jobs the FBI is investigating. I'd imagine an honest job provides a more enjoyable income than one in which you spend the following 7 years hoping the SWAT team doesn't boot your door in.

      --
      Support my political activism on Patreon.
    3. Re:Oh those poor hackers! by Anonymous Coward · · Score: 2, Insightful

      I bet they're not even paying income taxes on that.

    4. Re:Oh those poor hackers! by TWX · · Score: 3, Informative

      They probably converted currencies and didn't bother with significant digits across the conversion. That creates oddly specific numbers even when the source number is rough.

      --
      Do not look into laser with remaining eye.
  3. Criminals like easy targets: News at 11 by CajunArson · · Score: 5, Insightful

    " Hackers prefer easy targets and will call off an attack if it is taking too long. "

    I'm shocked to hear that criminals using computers are exactly like criminals who have been practicing their trade since probably long before recorded history began.

    --
    AntiFA: An abbreviation for Anti First Amendment.
  4. $51 per hour, working from home by penguinoid · · Score: 2

    So, if they conduct 8 attacks per year, spending 70 hours per attack against a "typical" network, and earn 29,000 per year... that works out to $51 an hour, working from home. That would be rather lucrative for some countries.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  5. Hackers are Committed - I'm Hiring by Anonymous Coward · · Score: 3, Funny

    'If you can delay them by two days, you can deter 60 percent of attacks,' said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study.

    So 40% of hackers are committed enough to still be working on a problem two days later.

    I will hire all of them right now to replace my current Help Desk. Those kids give up within 10 minutes. I pay better than $29,000/year too.

  6. Less than... less than... less than... by wonkey_monkey · · Score: 4, Insightful

    hackers make less than $15,000 per successful attack and net, on average, less than $29,000 a year. The average attacker conducts eight attacks per year, of which less than half are successful.

    Unless the first two numbers are way off, they suggest the average hacker has (less than) two successful attacks which would be (less than) a quarter of the average eight per year.

    A quick rewrite:

    hackers make more than $14,000 per successful attack and net, on average, more than $28,000 a year. The average attacker conducts eight attacks per year, of which more than a quarter are successful.

    There, that's a much more positive spin on things!

    If I was amoral and had the skills, I'd take up hacking at those prices. A 25% chance of $14,000 for a week's work? Where do I sign up?

    --
    systemd is Roko's Basilisk.
  7. what are they doing the rest of the year? by mrvan · · Score: 4, Interesting

    From TFA:

    The average attacker conducts eight attacks per year, of which less than half are successful. Among the findings that will be of particular interest to defenders: Hackers prefer easy targets and will call off an attack if it is taking too long. According to the survey, 13 percent quit after a delay of five hours

    So, you do 8 attacks, and give up if you don't succeed in five hours. Since unsuccessful attacks are part of the 8, I assume that the ones they give up on are also part of that. That means that they work 40 hours a year, for an average salary of 29k$, or around 800$/hr. Not bad al all :)

    1. Re:what are they doing the rest of the year? by 14erCleaner · · Score: 2

      It's self-reported, so you can expect exaggeration. Most stock market day-traders claim they make money, too.

      --
      Have you read my blog lately?
    2. Re:what are they doing the rest of the year? by hawk · · Score: 2

      I think that most day traders *do* make a little bit.

      The catch is that the wins are small, and the losses catastrophic (like any other gambling "system")

      hawk

  8. They are almost 1%ers. by raymorris · · Score: 2

    Indeed, they are almost in the top 1% highest earners in the world. To be the 1%, one must earn about $33K. (Different sources range between $32-$34K).
    http://www.investopedia.com/ar...

    It's funny, it was understanding that which made me realize the "your mom's basement" meme must actually be true for the majority of Slashdot commenters. I had thought we were mostly IT professionals and the like, but if so we'd all be earning twice as much as the 1%. In which case we wouldn't see all this hostility toward college grads (the 1%) that exists on Slashdot. So I guess most Slashdotters are indeed eating cheese puffs in their mom's basement, and resent those of us who aren't.

  9. Rent an ass by tepples · · Score: 2

    You could just bypass the middleman and rent your ass out for XXX a week.

    I'm not sure there's much of a market for renting donkeys in the industrialized world now that bikes, cars, and trucks exist, apart from some fairly small niches. And in the less-industrialized world, where pack animals are still regularly used to move goods over rugged terrain, wages are lower anyway so you might not make much money that way either.

  10. Re:15000 is low? by TWX · · Score: 2

    I think that the article's point, from an American perspective, is that one probably isn't going to get rich hacking, in the same way that one isn't going to get rich robbing banks. Like robbing banks, the more one hacks, the greater the chances one is caught, so trying to get rich is the fastest way to get caught.

    It's also kind of interesting to note that both crimes are investigated by the FBI, rather than solely by local authorities. The FBI has a better track record of not forgetting cold cases too, so depending on the statute of limitations one may never be in-the-clear.

    --
    Do not look into laser with remaining eye.