We rely on security walls to keep intruders out, while leaving gates so that we can get in and out ourselves. Most hacking involves trying to break down or otherwise sneak past these gates, but the easiest way to get in is to convince the gatekeeper to open the door. In networking security circles, this is known as Social Engineering, and it's something you need to understand.
It amazes me how valuable information is so easily accessible over the internet. A mortgage company legitimately purchases leads containing your name, address, social security number and FICO score. The next day, a novice hacker exploits a poorly configured LinkSys router, gains access to the system, and thousands of people have just lost thier identity.
A man goes into an interview. He fills out his paperwork, social security number and all (no one wants to omit it: they are looking for a job after all). The interviewer files the application in a desk and leaves the room to usher in the second interviewer. The interviewee opens the desk and removes all applications from the drawer and places them in his personal briefcase. A few dozen people have just lost thier identity.
A man pretends to be a mailman. He steals the mail from hundreds of local homes. For security reasons, all bills only display the last 4 digits of the social security number. This is coincidentally the same information they use to authenticate you when you call. It's a steady stream of income.
So what's the problem? What's the solution? Legislature. Especially in small companies, it's hard to justify a cisco firewall, and no one thinks to secure job applications in lockable location. The government HAS to force these companies to use proper precautions when handling personal information.
Of course, our government has laready demonstrated thier technical prowess with the Anti-Spam bill. What a joke...
You don't have to be a genius to make a fortune being a cyber-criminal.