> making it tough to actually monetize a hacked account without leading the law straight to your door.
Nope, monetizing a hacked account without doing that is trivial (at least here in Europe where money transfers are an everyday occurrence for everyone and few people remember what a "check" is):
Send out spam promising a way to make $$$ from home without qualifications as a "financial agent". Transfer money from hacked accounts to the gullible, desperate schmucks who respond, tell them they can keep 10% as commission and have to transfer the rest via Western Union to someone in Russia.
> Maybe there's a lesson here - a broader approach to security
Defense in depth, should be a widely-known concept by now.
Nope, monetizing a hacked account without doing that is trivial (at least here in Europe where money transfers are an everyday occurrence for everyone and few people remember what a "check" is):
Send out spam promising a way to make $$$ from home without qualifications as a "financial agent". Transfer money from hacked accounts to the gullible, desperate schmucks who respond, tell them they can keep 10% as commission and have to transfer the rest via Western Union to someone in Russia.
> Maybe there's a lesson here - a broader approach to security
Defense in depth, should be a widely-known concept by now.