Cybercrime and Secret Sauce

Category: Security

A new report that looks at the big picture pegs the worldwide haul from cybercrime at 1.5 trillion dollars. That’s not just criminal business, it’s an entire criminal economy, say the authors of the report, “Into The Web Of Profit.” So what's this about secret sauce? Well, you'll have to read on for that...

What do you know? Crime DOES Pay!

The cybercrime report was researched at the University of Surrey (UK) and commissioned (paid for) by Bromium, a startup security software firm that must have a lot of venture capital behind it.

The security software market has dozens of entrenched players, many of which are household names at least among computer-housing households. Think Symantec, McAfee, Avast, AVG, Kaspersky, Bitdefender, and all of the others I have tested over the years. To gain a profitable market share, Bromium will need some “secret sauce” that nobody else has and which sounds terribly sexy to its prospective users.

Sure enough, Bromium has it: “virtualization-based security” is what they’re selling, and it doesn’t come cheap; I know because no price is to be found anywhere, just “contact us for a demo” buttons on every page of Bromium’s site. Here is the company’s own explanation of its secret sauce:

“The Bromium Secure Platform protects you from threats by isolating user tasks, such as email attachments, links, and downloads, inside protected micro-virtual machines — a separate VM for each task. If malware is delivered, it can’t escape. Users can click with confidence.” (Sounds more like "reckless abandon" to me.)

Bromium's Secret Sauce and the Cybercrime Report

Bromium's tech was tested by NSS Labs and got a perfect score in defeating all malware and even expert human attempts at penetration. So you might be wondering if there's a free version of Bromium for personal use. Fuggedaboutit... Bromium’s solution requires a specially equipped computer connected to a corporate network. Their product is aimed at companies, not consumers. But the cybercrime report that Bromium bought is useful and free.

Dr. Michael McGuire is a Senior Lecturer in Criminology at Surrey University, England. He spent nearly a year figuring out where the money goes after a ransom is paid or intellectual property is stolen. Let’s look at some the highlights of his report.

First, the cybercrime economy moves very fast! There are no hours-long lunches at Luigi’s where plots are discussed obliquely; these criminals use encrypted, short-lived channels to make deals, swap data, commit crimes, and move on before Don Corleone puts a spoon to his spumoni.

Second, the real world of crime is blending into the cybercrime world. According to the report, “Companies and nation states now make money from it (the cybercrime world), acquire data and competitive advantages from it, and use it as a tool for strategy, global advancement and social control.”

Today's Cybercrime is Carefully Planned and Executed

Gone are the days when “hacking” was just a prank, or a way to show off your skills to your circle of hacker pals. Today’s cybercriminal is in it for the money, sonny, and not for the laughs. There are no more “random attacks,” it’s all very carefully planned and executed.

The report contends that cybercrime “has now become a kind of mirror image of contemporary capitalism – reproducing disruptive business models popularised by the likes of Amazon and Uber.” The report lists a number of ways in which the cybercrime economy has copied the wealth-generating techniques developed by the legitimate information economy; here are just a few of them:

  • A dizzying range of methods and mechanisms for generating revenues, often at industrial scales.
  • Digitally specific currencies and currency exchange tools. (Somebody must be using those hundreds of Bitcoin imitators.)
  • A range of specialised economic agents, such as producers, suppliers, service providers and consumers.
  • The extraction and exchange of data as the key raw material and object of value for illicit trading (this trade now occurs across many dimensions and no longer simply involves buying or selling data from stolen credit or debit cards, but newer data forms that possess value – such as hotel loyalty points, ‘likes’ on Facebook, account login details and even soft drink formulas or government-developed hacking tools).
  • Dedicated production zones and centres of income generation – whether these be troll factories in Russia, the Hackerville fraud villages in Romania, or mass marketing scam centres in West Africa.
  • Specialised tool supply, technical support and provision of skills and expertise.
  • Professionalisation and the development of career structures – this includes training, CVs, personal recommendations and references.

Okay, let’s stop at the thought of hackers with resumes and references, marching (or video-calling, more likely) into the HQ of a Russian troll factory to apply for a job. That’s enough to freeze my brain.

Following the Money

The scariest headline-grabbing cybercrimes are barely registering on the global economy’s meter. Ransomware and “cyber-crime-as-a-service” each contributes less than 1 percent to the cybercrime economy. None the less, the FBI estimates worldwide revenues from ransomware were about $1 billion in 2017.

Also, cryptocurrencies such as Bitcoin may not play as large a role in cybercrime as the popular press has suggested. Only about 4 percent of laundered money - proceeds of crime that have been processed through enough legitimate online payment systems to appear “clean” or at least “not guilty” - is held in cryptocurrencies. The rest has found its way into more legitimate currencies and bank accounts, or is even used to buy tangible, untraceable commodities like gold or oil directly with cryptocurrencies.

And surprisingly, trade in stolen identities is not one of the biggest contributors to the cybercrime economy. In fact, such trade accounts for “only” $160 billion of the $15,000 billion cybercrime economy.

Trade in illegal drugs and other physical contraband accounts for $860 billion. Thefts and sales of “trade secrets,” such as soft drink recipes, and other intellectual property score $500 billion, and “data trading” brings in another $160 billion. “Data trading” is what happens after you lose your wallet, but on a much larger (digital) scale.

I have to wonder, given the labyrinthine world of cybercrime, how much of the digital iceberg Dr. McGuire was able to discover. The fact that he lives to tell may indicate that he's only scratched the surface. Still, the report makes fascinating reading if you are interested in either crime or how cybercrime economies form, grow more complex, and eventually become dark shadows of the economies upon which they prey.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 30 Apr 2018

For Fun: Buy Bob a Snickers.

Prev Article:
Will Passwords Ever Go Away? Maybe.

The Top Twenty
Next Article:
What Price For Privacy?

Most recent comments on "Cybercrime and Secret Sauce"

Posted by:

30 Apr 2018

Excellent article! It makes one wonder what the future will bring.Seems to me that a consorted effort needs to be taken to prevent this from proliferating throughout the internet.

Posted by:

Michael L.
30 Apr 2018

The space and time compression provided by the virtual world of cyberspace has greatly increased the availability of victims for the cybercriminal. In much the same way that film and television expanded the actors access to viewers, and thereby potential income. Crime, like any other "business" will generate a greater and more sustainable income as it becomes more organized. Although, the concept of presenting a CV, and interviewing for a position intended to fleece the public is mind bending. Do the workers get health insurance, sick leave, paid vacations?
How does law enforcement protect individuals when the crime is on a global scale?

Posted by:

Cynthia Garner
30 Apr 2018

This is frightening. It reminds me of sepsis in the bloodstream: up to a certain point, you can fight it. Beyond a length of time, it's all over with. The sepsis has shut down all organs.

Posted by:

02 May 2018

After reading this, anyone who says, "I am sure I am quite safe on the internet" is going to get a roll of the eyes from me! Hmm...shall I get rid of all things cyber? Just wondering.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Cybercrime and Secret Sauce (Posted: 30 Apr 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved