The Business of Cyber Crime
There are a lot of ideas that people have on what drives cyber crime, ranging from credibility in the internet world to actually wanting to help a company become secure, but they are far from the truth. There’s simply one motivating factor for cyber crime, and that’s financial gain. It doesn’t matter if innocent victims are hurt, their credit and lives destroyed, and it doesn’t matter if their fellow hackers are tossed in jail. If cyber crime is involved, financial gain is the ultimate goal. In the case of Albert Gonzalez, not only did he hurt millions of people by using their credit cards, but he also helped in getting his own cohorts in jail so that he could avoid jailtime.
Like any real business, cyber crime is about making a profit and continuing to make a profit, but the difference is that cyber crime is making a profit through any means necessary. Cyber criminals are organized and have ranking structures and units like any other criminal or business organization, with each rank and unit having a different job function.
There are varying job functions such as:
- Bot Herders
- Middle Men
Like a real business, there is at times some overlap between job functions but the majority of the time the cyber criminals stay in their comfort zone, within their own job. There are more job functions beyond the 6 mentioned above, but I’d like to highlight these 6 as they are the primary functions needed for a cyber crime organization to run. Also note that not all cyber crime organizations are the same. Some may actually be an organization, headed by a ringleader while others may be spur of the moment groups, brought together to hit one target and then disperse.
Who Are These Cyber Criminals?
Movies have warped the image of cyber criminals. They’re portrayed as kids in their parents’ basement hacking into weird 3D objects
on their CRT screen or live lavishly in grand penthouses with expensive tastes, occasionally hacking into systems using the latest and greatest in technology with 9 screens attached. The truth, once again, is very different. A cyber criminal can be anyone with the abilities and motivation to steal. Many cyber criminals are actually not rich or white collar workers in corporate America. It’s often poor individuals living in war torn nations who rise to learn the skill set.
Many of these cyber criminals in poor nations have no work, and nowhere to turn to for financial help. They soon turn to a life of cyber crime. The financial gain is extremely large while the consequences do not match up to the potential gain. Many poor nations cannot afford to hold cyber criminals in their prisons, while some do not even have legislation in place to arrest them. This is the perfect breeding ground for skilled, motivated developers and hackers.
A lot of the older generation criminals are also using their vast resources to fund many of these new cyber crime efforts. Rather than trying to understand the skillset, some older organized criminal organizations pay middle men to gather the information they need. The middle men take a cut of the money, then share it with their contacts in the development, hacking, and bot herding areas to start pulling and stealing information for the older generation criminals. The older generation have found a new world of income and wealth thanks to cyber criminals that they may never see, and in this case, not only have they become funders but also users of cyber crime organizations. This extra wealth can be used in funding their own set of illegal activities, such as drug trafficking, smuggling, prostitution and so on.
Not quite the imagery that’s portrayed in the media.
Read on to see the real targets of cyber criminals in page 2…
Who is the Target?
The target can be anyone from large billion dollar corporations down to the average consumer. It doesn’t matter who’s harmed, cyber criminals will target whoever they feel is necessary to accomplish their task. In most cases, the average computer users are targeted first, to be used as objects by the cyber criminals.
Bot herders use malware that is developed in the cyber crime community and infect as many hosts as they can, effectively making a user’s computer a bot. They perform this by spamming and spoofing, tricking users into downloading the malware. Once the malware is installed, the computer joins a network of other bots and is considered a ‘zombie’ by the bot herder. This botnet, or zombie army, can be used to perform vicious attacks on corporations, bringing servers to a screeching halt or sending so much information that a hacker can manage to squeeze by in all the noise generated. Bot herders usually generate money by leasing out their network of zombies to hackers, thereby removing the liability from any failed attacks.
The hackers will use the leased bot networks on attacks toward large targets and if they are successful in making it into the network, install the software that they bought from cyber crime developers. From here on, all information is fair game to the hacker. From the network traffic that they’re able to listen in on to the stored information that isn’t restricted or encrypted. Once they have the information, they can sell it to the middle man, or use it themselves to perform another cyber crime, identity theft, harming credit ratings of consumers and stealing millions of dollars.
Your name, gender, age, sexual preference, none of this matters to cyber criminals. To cyber criminals you’re just an object, a source of information used for financial gain, or a tool used in larger, more massive attacks for even more financial gain.
Interesting Tidbits on Cyber Crime
In some cases, bot herders even target other botnets! Certain types of malware are designed to enter a system, remove and purge
other malware already in place and replace it.
Some developers have created malware that actually makes a user’s computer run more faster and stable, to help maintain a stronger botnet for bot herders. A lot of commercials advertising that malware may be the reason your computer slowing down could cause users to become complacent or unaware that they’re infected since their system runs smoothly and never crashes!
According to Deloitte’s latest cyber crime study, organized crime is not just funding but creating their own division of ‘business’ in cyberspace.
The recession of 2008-2009 has cost many skilled people their jobs and have given them even more motivation to start their own cyber crime business or join in the cyber crime community. This recession has also caused many current employees to start a little side business of accepting money to give away sensitive information.
Cybercrime in the future may involve Crimeware as a Service, meaning cyber criminals offer their services to criminals for a fee with no requirement to buy any hardware or software for the criminals themselves.
There are some hackers who are on the side of good, called Whitehat hackers, who combat hackers by understanding them. The media image of hackers could possibly be based on Whitehat hackers, but understand that the majority is only in it for one thing, financial gain.
This post is part of the series: Cyber Crime Educational Series
An educational series on cyber crimes. The reasons behind the crime, the damage caused, the laws to try to stop them and what the future possibly holds in the dark, anonymous underworld of cyber crime.