Kaveh Waddell writes: A man with intense eyes crouches over a laptop in a darkened room, his face and hands hidden by a black ski mask and gloves. The scene is lit only by the computer screen’s eerie glow.

Exaggerated portraits of malicious hackers just like this keep popping up in movies and TV, despite the best efforts of shows like Mr. Robot to depict hackers in a more realistic way. Add a cacophony of news about data breaches that have shaken the U.S. government, taken entire hospital systems hostage, and defrauded the international banking system, and hackers start to sound like omnipotent super-villains.

But the reality is, as usual, less dramatic. While some of the largest cyberattacks have been the work of state-sponsored hackers — the OPM data breach that affected millions of Americans last year, for example, or the Sony hack that revealed Hollywood’s intimate secrets​ — the vast majority of the world’s quotidian digital malice comes from garden-variety hackers.

And for many of those cybercriminals, hacking is as unglamorous as any other business. That’s what a group of security researchers found when they infiltrated a ring of hackers based in Russia earlier this year, and monitored its dealings over the course of five months.

The researchers were with Flashpoint, an American cybersecurity company that investigates threats on the dark and deep web. Their undercover operation began when they came across a post on a Russian hacker forum on the dark web — a part of the internet that’s inaccessible to regular browsers — that read very much like a get-rich-quick ad you might find on Facebook. [Continue reading…]