Cyber Crime Industry Runs Its Own Marketing, Recruitment And Customer Service

Hackers are able to earn more money than drug dealers, claims new research into cyber criminal habits sponsored by Juniper Networks

Researchers have warned that cyber crime is growing into a financially driven industry with close ties to the offline criminal underworld.

A study conducted by the US non-profit think tank RAND on behalf of Juniper Networks suggests that today’s professional cyber criminals are much more organised and better equipped than the idealistic hackers who were breaking into corporate databases a decade ago. They run their own communication networks, online black markets, recruitment campaigns and even offer customer support.

In other words, the cyber crime world is mirroring the innovation and growth seen in the free markets.

Mark Quartermaine, area VP for the UK and Ireland at Juniper Networks, told TechWeek Europe that in order to remain safe, businesses need to shift their protection from ‘passive’ to ‘active’, using tools that can identify not just the type of malware or service the attackers use, but also the attackers themselves.

He also suggested that, as large corporations invest millions in their network security over the coming years, small and medium businesses will present a more tempting target for cyber crime.

Major profits

Brian A JacksonAccording to the report, entitled “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar”, the black markets for malware and illegal online services have reached unprecedented levels of maturity and growth, to the point where they become more profitable than the trade in illegal drugs.

Today, credit card information and exploit kits can be bought freely online through professional-looking storefronts that accept a wide variety of virtual currencies and earn their owners millions. But it doesn’t stop with goods – criminal services are also available for purchase, with Distributed Denial of Service (DDoS) attacks costing as little as $50 for a 24-hour assault on a target website.

The cyber criminals are not afraid to advertise their wares out in the open, something TechWeek Europe has learned first-hand. In the last 12 months, we have been repeatedly approached by the owners of buyddos.com – a website which claims to offer “professional DDoS services” and runs offers like “buy three months of DDoS, and get one month free”.

According to the study, some cyber crime organisations can ‘employ’ as many as 80,000 people, and it takes time and personal connections to move up the command chain. RAND found that many parts of the cyber black market are well structured, governed and have a set of rules similar to a constitution. People who scam their colleagues, otherwise known as ‘rippers’, are dealt with internally.

The report highlights that information for aspiring hackers is widely available online, including instructions for exploit kits and where to buy credit cards. It goes on to suggest that free access to training has accelerated sophistication and helped facilitate an evolutionary leap in the hacker economy.

In terms of regional differences, RAND found that malware developers from Russia are known for high quality of their work, while cyber criminals from China specialise in hunting for valuable intellectual property. Most Vietnamese criminal groups focus on e-commerce, and attacking banks has emerged as a popular pastime in Eastern Europe.

“We must address the root cause behind the accelerated maturation of the cyber-crime market – the very economics that drive its success,” commented Nawaf Bitar, SVP and general manager for the security business at Juniper Networks.

“By disrupting the economics of hacking we can break the value chains that drive successful attacks. We must never lose the moral high ground, however, so we cannot go on the offensive and hack back, but we can no longer remain passive. By using forms of active defence such as intrusion deception we can identify, thwart and frustrate attackers. Active defence is a promising and exciting approach for addressing the rapidly evolving threat landscape.”

How well do you know Internet security? Try our quiz and find out!