Question: Why Cybercrime?

Tuesday, August 30, 2011

Craig S Wright

8b5e0b54dfecaa052afa016cd32b9837

It is not too uncommon to ask why cybercrime propagates itself so rapidly and extensively. Worse is the profligate damage that it causes.

The simple answer is that it is profitable. Many people fail to see how this can be the case, after all they rarely if ever click on any spam.

That's the thing, it's a volume market. In sending millions of messages it doesn't take too many people still make a profit. What is truly amazing is the other lack of judgment displayed by many individuals.

There many forms of criminal activity on the Internet, in this post I will explore just a couple. In many ways, illicit online commerce is becoming just as rich and contextual as its legitimate counterparts. In some ways, the criminal models in use on the Internet reflect the commercial holy Grail of online commerce.

Illicit Pharma

To take the first example, the online pharmaceutical industry to creates huge profits for those involved. It has been estimated that the average spam-based online pharmaceutical distribution company has revenues of between $1 and $2 million each month.

Clearly somebody has been clicking on those advertisements for Viagra. What should be of greatest concern is that people are willing to put their trust in something as untrustworthy as an online criminal enterprise.

The economics are actually fairly simple. Even though only an incredibly small number of people ever click through these ads, the cost of sending each of these ads is equally small. Where as it is true that some illicit online pharmaceutical companies do actually deliver the goods they tout, many do not.

They managed to increase their profitability through either cutting products, substituting and offering lower quality brands or not approved manufacturers or worse, some of the more unscrupulous vendors simply offer a chemical compound that would be best used to clean toilets.

The nature of the illicit pharmaceutical industry has become one with the least scrupulous individuals do not survive.

Those vendors who offer inferior substitutes often develop followings and repeat business.

The cost of advertising for these firms is of course minimized through the use of stolen resources. In general, between 80% and 90% of the images used in online pharmaceutical spam are hosted on compromised Web servers.

Any profitable industry will flourish even illegal ones.

Child Exploitation

The often buried topic of child exploitation goes to one of the other extremes of online crime. The trade in exploitative and pxxnographic movie files has been growing at a phenomenal rate. The development of P2P networks as well as difficult to trace monetary sources have fueled this industry.

What was once a fringe collection of sick individuals has been steadily growing because of the ease of access to this material. It is often more profitable to create and distribute exploitative videos in recent years than it is to engage in people smuggling.

At first thought this could sound like a good thing. Children are not being sold into slavery or rather being exploited. The unanswered question here is what happens to these children after the video has been completed. None of them volunteer although some of them are sold into it.

The most incredibly astounding aspect of this trade is that individuals in the US, Europe, and other Western nations are willing to provide their financial details to these groups.

Mere possession of child pxxnography is a crime in most Western countries. Consequently, those who ever decide that they do not wish to continue paying for the materials they have received find out that the distributors have been maintaining an up-to-date list of evidence against their clients.

If you try to leave your supplier they may cut access to the files but they make sure you continue to pay. And pay you will.

The Infrastructure

Underneath and supporting all of this are masses of stolen computational power. Botnets are now rented out on a regular basis. In many ways the criminal economy mirrors more rational version of the legitimate economy. Both vertical and horizontal markets exist and over time there is a continuing push towards increased specialization.

Some individuals specialize on the creation of exploits and malware. Some run the ultimate cloud architecture, the Botnets. Some act as sales and marketing channels and others as a type of financial clearinghouse.

Minimizing the Problem

Cybercriminals are actually extremely rational. And not necessarily talking of hacktivists and others without a clear profit motive, but those with a drive to make money act extremely rationally. Consequently, there is a solution, reduce their profit.

Attacking and minimizing criminal activities that exist online requires an economic solution.

Many simple solutions exist that magnify the cost of conducting an illicit business. If ISPs simply stopped transmitting BOGON addresses from DNS and routed packets a small but significant number of attacks would disappear.

This is one example of many but cost practically nothing to implement but which requires integration and widespread acceptance. Hence in many ways why information security can be seen as a game theoretic stag hunt.

Possibly Related Articles:
15533
Network->General
Information Security
SPAM malware Botnets Cyber Crime internet Hacktivist
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.