Hackers can be anywhere — down the street from their victims, or on another continent — but they all have a home base: the Dark Web.
It's a corner of the Internet where hackers can sell illegal substances and stolen information, or facilitate massive hacks, like the 2014 attack on Yahoo, now blamed on Russian agents.
Despite law enforcement's best efforts, the Dark Web makes it "very easy for the cyber criminals to keep moving," said James Lyne, Global Head of Research for Sophos Security.
Even more worrying is that hackers can go there to buy pre-packaged programs from each other, essentially do-it-yourself crime tool kits, making attacks that much easier.
Lyne's company Sophos is now warning of another imminent threat: It believes that 13,000 utilities companies around the United States have been lax with cyber security.
"Hackers could walk right in," Lyne explained. "It wouldn't even require very high-tech tools."
There's also been an increase in ransomware attacks, in which hackers gain control of a computer and then hold the network hostage until they're paid off. It has happened to hospitals, community colleges and police departments.
At the St. Louis Public Library, hackers locked 1,400 computers and demanded $35,000.
"We have thousands of people every day who come to the library to use computers for their own purposes, many of them quite important," said Walter McGuire, executive director of the St. Louis Public Library. "Taxes, medical research, job applications, all that was completely impossible."
But in a lesson to all of us, the library refused to pay because it had backed up its system.
What's the key to prevention? Cyber security professionals like Lyne believe it all comes back to the Dark Web, and understanding how it works, because hackers are really good at what they do.
"If there's one thing we know about cyber criminals, it's they're experts at finding ways to make money from your data," Lyne said.