Cybercrime represents an underground economy of $114 billion. It's organized, employs expert hackers and operates like any legitimate economy. MBAs and other business experts can choose big targets for cybercrimes, just as they might plan the strategies a business employs. On the other side of the equation, the cybersecurity industry is in a rut, practically guaranteeing the continuing operation of cybercriminals. Let's take a look at how the underground Internet economy operates.
Low Barriers to Entry
You might expect that the costs of getting into the cybercrime business are high, but it's not nearly as expensive as you might think. Most of the tools and data that a cybercriminal needs can be picked up on the cheap. Hiring a botnet can be a luxury item at $225, but a keystroke logger is about $20 and website hosting for a phishing scam can be as low as $10. Even labor costs can be low: many of these crimes no longer require an expert hacker. Someone with just a little technical knowledge can go shopping online for the tools to commit cybercrimes on an almost automatic basis.
Commonly, a criminal will purchase a set of tools to steal information and then turn around and sell that information to someone else to exploit, just as legal businesses might form supply chains.
Cybercriminals Interact Freely
The cybercrime economy exists somewhat openly: there are web-based forums and other websites where cybercriminals list tools and information for sale and discuss future projects. An outsider could almost think he was visiting any legitimate industry forum. While marketing both the tools of the cybercrime trade and the information gathered through different exploits is not as simple as promoting a legal enterprise, these sites are full of offers.
A few years ago, most efforts to commit crimes online were directed toward breaking into Windows-based computer systems. Now, hackers are targeting smartphones and tablet systems that are commonly run with minimal protection against viruses and malware, at least compared to desktop computers. This targeting is especially concerning because mobile platforms are becoming one of the key areas where many people and organizations handle financial transactions.
Credit Card Information Theft Is King
The most popular type of information for sale through these underground markets is credit card details, since it is much easier to make a purchase online using a credit card than it is to drain a bank account or steal an entire identity. That being said, bank account information is also a popular commodity.
Many of the criminals buying up information that will allow them to access others' financial accounts will proceed with surprising patience. Rather than immediately running up huge charges or completely emptying a bank account, they may create smaller fraudulent transactions, hiding them during busy seasons like the holidays, so that the fraud is much harder to detect. These criminals are taking a longer view with a goal of stealing more money, albeit slowly.
No Recession for Cybercrime
The cybercrime economy is thriving during a time when legitimate enterprises are struggling. The costs of dealing with these crimes are mostly paid by large organizations, such as banks, and both prevention and damage control require larger investments in cybersecurity.
But even with the new initiatives, laws and tools for combating cybercrime, those costs are going to continue to grow.
The Bottom Line
There are numerous organizations and individuals suggesting that cybercrime may get significantly worse in the years to come, especially in light of how easily the techniques and tools of cybercriminals can be turned to cyberwarfare and cyberterrorism. The only solution is for the cybersecurity industry to catch up with its illegal counterpart.