Cybercrime revenues now rival the GDP output of major world economies at a colossal $1.5 trillion annually, according to an independent academic study published today.
Surrey University’s Mike McGuire spent six months researching cybercrime profit distribution for his “Web of Profit” report; speaking with GCHQ, the FBI, Europol, global financial institutions and covert security workers that have infiltrated the dark web.
Data is the Commodity
His research, sponsored by endpoint security company Bromium, points to an emergence of “platform criminality”, mirroring the “platform capitalism” model, in which data is the commodity.
According to the criminology lecturer: “This is creating a kind of ‘monstrous double’ of the legitimate information economy – where data is king. The web of profit is not just feeding off the way wealth is generated there, it is reproducing and, in some cases, outperforming it.”
The report points to the success of modern ‘platforms’ – companies like Facebook, Google and Amazon as inspiration for the criminals.
“The main contribution of platforms is to connect individuals with a service or product. The platforms produce nothing themselves in this process, but the end-user consumers provide platforms with the most precious of all commodities within an information-based economy – their data. We are now seeing the same thing in the cybercriminal underworld,” he said.
Who Profits?
The report shows that cybercriminal platform owners are likely to receive the biggest benefit from this new wave of cybercrime, and that the owners will distance themselves from the actual commission of crime. Managers can earn up to $2 million per job – often with just 50 stolen card details at their disposal.
The criminology lecturer refers to this as a shift to “post-crime” reality, where cybercriminals are taking a “platform capitalism” approach to selling, rather than committing crime. He found criminal sites offering ratings, descriptions, reviews, services, and even technical and customer support.
These platforms are improving the criminal “customer experience” and allowing easy access to services and products that support the commission of crime on a global scale.
Exploiting Exploits
Some examples of services and products include:
- Zero-day Adobe exploits, up to $30,000
- Zero-day iOS exploit, $250,000
- Malware exploit kit, $200-$600 per exploit
- Blackhole exploit kit, $700 for a month’s leasing, or $1,500 for a year
- Custom spyware, $200
- SMS spoofing service, $20 per month
- Hacker for hire, around $200 for a “small” hack
These platforms fuel industrial scale revenue generation, with their own sets of digital currencies and exchanges, production zones, tools supply, technical support, global distribution mechanism and marketplaces, the report claims.
Even advertising is a core revenue generator too: before being taken down in 2016, the ‘Kickass Torrents’ platform was worth over $54 million, with estimated $12.5-$22.3 million annually in ad revenue alone, he notes.
$3.5 Million for Terrorists
Connections between cybercrime and terrorism also proliferate, he found.
The report highlights one case where cybercrimes were committed specifically to generate revenues for terrorist activities. “One British-born follower of Al Qaeda, who provided technical assistance to the terror group in relation to uploading videos, quickly realized that his technical skills could also be used to commit cybercrimes,” McGuire explains. “He began to acquire stolen credit card numbers through transactions on online forums, such as Cardplanet, gathering over 37,000 separate card data files and generating more than $3.5 million in revenues.”
Gregory Webb, CEO of Bromium. “The walls between the criminal and legitimate worlds are blurring, and we are no longer simply dealing with ‘hackers in hoodies.’ We have to understand and tackle the underlying economic ecosystem that enables, funds and supports criminal activity on a global scale to stem the tide and better protect ourselves. By better understanding the systems that support cybercrime, the security community can better understand how to disrupt and stop them. New approaches to cybersecurity will be required.”
